return (result == ISC_R_SUCCESS ? 1 : -1);
}
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
static void
entropy_add(const void *buf, int num, double entropy) {
/*
UNUSED(num);
UNUSED(entropy);
}
+#else
+static int
+entropy_add(const void *buf, int num, double entropy) {
+ /*
+ * Do nothing. The only call to this provides no useful data anyway.
+ */
+ UNUSED(buf);
+ UNUSED(num);
+ UNUSED(entropy);
+ return (1);
+}
+#endif
static void
lock_callback(int mode, int type, const char *file, int line) {
UNLOCK(&locks[type]);
}
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
static unsigned long
id_callback(void) {
return ((unsigned long)isc_thread_self());
}
+#endif
static void *
mem_alloc(size_t size) {
if (result != ISC_R_SUCCESS)
goto cleanup_mutexalloc;
CRYPTO_set_locking_callback(lock_callback);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
CRYPTO_set_id_callback(id_callback);
+#endif
ERR_load_crypto_strings();
CRYPTO_cleanup_all_ex_data();
#endif
ERR_clear_error();
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
ERR_remove_state(0);
+#endif
ERR_free_strings();
#ifdef DNS_CRYPTO_LEAKS
static isc_result_t openssldh_todns(const dst_key_t *key, isc_buffer_t *data);
-static BIGNUM bn2, bn768, bn1024, bn1536;
+static BIGNUM *bn2, *bn768, *bn1024, *bn1536;
static isc_result_t
openssldh_computesecret(const dst_key_t *pub, const dst_key_t *priv,
UNUSED(n);
- u.dptr = cb->arg;
+ u.dptr = BN_GENCB_get_arg(cb);
if (u.fptr != NULL)
u.fptr(p);
return (1);
openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
DH *dh = NULL;
#if OPENSSL_VERSION_NUMBER > 0x00908000L
- BN_GENCB cb;
+ BN_GENCB *cb;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ BN_GENCB _cb;
+#endif
union {
void *dptr;
void (*fptr)(int);
if (dh == NULL)
return (dst__openssl_toresult(ISC_R_NOMEMORY));
if (key->key_size == 768)
- dh->p = &bn768;
+ dh->p = bn768;
else if (key->key_size == 1024)
- dh->p = &bn1024;
+ dh->p = bn1024;
else
- dh->p = &bn1536;
- dh->g = &bn2;
+ dh->p = bn1536;
+ dh->g = bn2;
} else
generator = 2;
}
dh = DH_new();
if (dh == NULL)
return (dst__openssl_toresult(ISC_R_NOMEMORY));
+ cb = BN_GENCB_new();
+ if (cb == NULL) {
+ DH_free(dh);
+ return (dst__openssl_toresult(ISC_R_NOMEMORY));
+ }
if (callback == NULL) {
- BN_GENCB_set_old(&cb, NULL, NULL);
+ BN_GENCB_set_old(cb, NULL, NULL);
} else {
u.fptr = callback;
- BN_GENCB_set(&cb, &progress_cb, u.dptr);
+ BN_GENCB_set(cb, &progress_cb, u.dptr);
}
if (!DH_generate_parameters_ex(dh, key->key_size, generator,
- &cb)) {
+ cb)) {
DH_free(dh);
+ BN_GENCB_free(cb);
return (dst__openssl_toresult2(
"DH_generate_parameters_ex",
DST_R_OPENSSLFAILURE));
}
+ BN_GENCB_free(cb);
#else
dh = DH_generate_parameters(key->key_size, generator,
NULL, NULL);
if (dh == NULL)
return;
- if (dh->p == &bn768 || dh->p == &bn1024 || dh->p == &bn1536)
+ if (dh->p == bn768 || dh->p == bn1024 || dh->p == bn1536)
dh->p = NULL;
- if (dh->g == &bn2)
+ if (dh->g == bn2)
dh->g = NULL;
DH_free(dh);
key->keydata.dh = NULL;
isc_buffer_availableregion(data, &r);
- if (dh->g == &bn2 &&
- (dh->p == &bn768 || dh->p == &bn1024 || dh->p == &bn1536)) {
+ if (dh->g == bn2 &&
+ (dh->p == bn768 || dh->p == bn1024 || dh->p == bn1536)) {
plen = 1;
glen = 0;
}
uint16_toregion(plen, &r);
if (plen == 1) {
- if (dh->p == &bn768)
+ if (dh->p == bn768)
*r.base = 1;
- else if (dh->p == &bn1024)
+ else if (dh->p == bn1024)
*r.base = 2;
else
*r.base = 3;
special = uint16_fromregion(&r);
switch (special) {
case 1:
- dh->p = &bn768;
+ dh->p = bn768;
break;
case 2:
- dh->p = &bn1024;
+ dh->p = bn1024;
break;
case 3:
- dh->p = &bn1536;
+ dh->p = bn1536;
break;
default:
DH_free(dh);
}
if (special != 0) {
if (glen == 0)
- dh->g = &bn2;
+ dh->g = bn2;
else {
dh->g = BN_bin2bn(r.base, glen, NULL);
- if (BN_cmp(dh->g, &bn2) == 0) {
+ if (BN_cmp(dh->g, bn2) == 0) {
BN_free(dh->g);
- dh->g = &bn2;
+ dh->g = bn2;
}
else {
DH_free(dh);
if ((key->key_size == 768 ||
key->key_size == 1024 ||
key->key_size == 1536) &&
- BN_cmp(dh->g, &bn2) == 0)
+ BN_cmp(dh->g, bn2) == 0)
{
- if (key->key_size == 768 && BN_cmp(dh->p, &bn768) == 0) {
+ if (key->key_size == 768 && BN_cmp(dh->p, bn768) == 0) {
BN_free(dh->p);
BN_free(dh->g);
- dh->p = &bn768;
- dh->g = &bn2;
+ dh->p = bn768;
+ dh->g = bn2;
} else if (key->key_size == 1024 &&
- BN_cmp(dh->p, &bn1024) == 0) {
+ BN_cmp(dh->p, bn1024) == 0) {
BN_free(dh->p);
BN_free(dh->g);
- dh->p = &bn1024;
- dh->g = &bn2;
+ dh->p = bn1024;
+ dh->g = bn2;
} else if (key->key_size == 1536 &&
- BN_cmp(dh->p, &bn1536) == 0) {
+ BN_cmp(dh->p, bn1536) == 0) {
BN_free(dh->p);
BN_free(dh->g);
- dh->p = &bn1536;
- dh->g = &bn2;
+ dh->p = bn1536;
+ dh->g = bn2;
}
}
static void
openssldh_cleanup(void) {
- BN_free(&bn2);
- BN_free(&bn768);
- BN_free(&bn1024);
- BN_free(&bn1536);
+ BN_free(bn2);
+ BN_free(bn768);
+ BN_free(bn1024);
+ BN_free(bn1536);
}
static dst_func_t openssldh_functions = {
dst__openssldh_init(dst_func_t **funcp) {
REQUIRE(funcp != NULL);
if (*funcp == NULL) {
- BN_init(&bn2);
- BN_init(&bn768);
- BN_init(&bn1024);
- BN_init(&bn1536);
- BN_set_word(&bn2, 2);
- BN_fromhex(&bn768, PRIME768);
- BN_fromhex(&bn1024, PRIME1024);
- BN_fromhex(&bn1536, PRIME1536);
+ bn2 = BN_new();
+ bn768 = BN_new();
+ bn1024 = BN_new();
+ bn1536 = BN_new();
+ if (bn2 == NULL || bn768 == NULL ||
+ bn1024 == NULL || bn1536 == NULL)
+ goto cleanup;
+ BN_set_word(bn2, 2);
+ BN_fromhex(bn768, PRIME768);
+ BN_fromhex(bn1024, PRIME1024);
+ BN_fromhex(bn1536, PRIME1536);
*funcp = &openssldh_functions;
}
return (ISC_R_SUCCESS);
+
+ cleanup:
+ if (bn2 != NULL) BN_free(bn2);
+ if (bn768 != NULL) BN_free(bn768);
+ if (bn1024 != NULL) BN_free(bn1024);
+ if (bn1536 != NULL) BN_free(bn1536);
+ return (ISC_R_NOMEMORY);
}
#else /* OPENSSL */
UNUSED(n);
- u.dptr = cb->arg;
+ u.dptr = BN_GENCB_get_arg(cb);
if (u.fptr != NULL)
u.fptr(p);
return (1);
unsigned char rand_array[ISC_SHA1_DIGESTLENGTH];
isc_result_t result;
#if OPENSSL_VERSION_NUMBER > 0x00908000L
- BN_GENCB cb;
+ BN_GENCB *cb;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ BN_GENCB _cb;
+#endif
union {
void *dptr;
void (*fptr)(int);
dsa = DSA_new();
if (dsa == NULL)
return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
+ cb = BN_GENCB_new();
+ if (cb == NULL) {
+ DSA_free(dsa);
+ return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
+ }
+
if (callback == NULL) {
- BN_GENCB_set_old(&cb, NULL, NULL);
+ BN_GENCB_set_old(cb, NULL, NULL);
} else {
u.fptr = callback;
- BN_GENCB_set(&cb, &progress_cb, u.dptr);
+ BN_GENCB_set(cb, &progress_cb, u.dptr);
}
if (!DSA_generate_parameters_ex(dsa, key->key_size, rand_array,
ISC_SHA1_DIGESTLENGTH, NULL, NULL,
- &cb))
+ cb))
{
DSA_free(dsa);
+ BN_GENCB_free(cb);
return (dst__openssl_toresult2("DSA_generate_parameters_ex",
DST_R_OPENSSLFAILURE));
}
+ BN_GENCB_free(cb);
#else
dsa = DSA_generate_parameters(key->key_size, rand_array,
ISC_SHA1_DIGESTLENGTH, NULL, NULL,
UNUSED(n);
- u.dptr = cb->arg;
+ u.dptr = BN_GENCB_get_arg(cb);
if (u.fptr != NULL)
u.fptr(p);
return (1);
opensslrsa_generate(dst_key_t *key, int exp, void (*callback)(int)) {
#if OPENSSL_VERSION_NUMBER > 0x00908000L
isc_result_t ret = DST_R_OPENSSLFAILURE;
- BN_GENCB cb;
union {
void *dptr;
void (*fptr)(int);
} u;
RSA *rsa = RSA_new();
BIGNUM *e = BN_new();
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ BN_GENCB _cb;
+#endif
+ BN_GENCB *cb = BN_GENCB_new();
#if USE_EVP
EVP_PKEY *pkey = EVP_PKEY_new();
#endif
- if (rsa == NULL || e == NULL)
+ if (rsa == NULL || e == NULL || cb == NULL)
goto err;
#if USE_EVP
if (pkey == NULL)
}
if (callback == NULL) {
- BN_GENCB_set_old(&cb, NULL, NULL);
+ BN_GENCB_set_old(cb, NULL, NULL);
} else {
u.fptr = callback;
- BN_GENCB_set(&cb, &progress_cb, u.dptr);
+ BN_GENCB_set(cb, &progress_cb, u.dptr);
}
- if (RSA_generate_key_ex(rsa, key->key_size, e, &cb)) {
+ if (RSA_generate_key_ex(rsa, key->key_size, e, cb)) {
BN_free(e);
+ BN_GENCB_free(cb);
SET_FLAGS(rsa);
#if USE_EVP
key->keydata.pkey = pkey;
#endif
return (ISC_R_SUCCESS);
}
+ BN_GENCB_free(cb);
ret = dst__openssl_toresult2("RSA_generate_key_ex",
DST_R_OPENSSLFAILURE);
BN_free(e);
if (rsa != NULL)
RSA_free(rsa);
+ if (cb != NULL)
+ BN_GENCB_free(cb);
return (dst__openssl_toresult(ret));
#else
RSA *rsa;