mirror of
https://github.com/isc-projects/bind9.git
synced 2026-06-09 13:42:06 -04:00
Merge branch '191-misc-improvements' into 'master'
Miscelaneous improvements found when working on #191 See merge request isc-projects/bind9!236
This commit is contained in:
Ondřej Surý
commit
16e352248d
6 changed files with 31 additions and 61 deletions
2
configure
vendored
2
configure
vendored
|
|
@ -16817,7 +16817,7 @@ fi
|
|||
yes)
|
||||
|
||||
$as_echo "#define HAVE_OPENSSL_ED448 1" >>confdefs.h
|
||||
],
|
||||
|
||||
;;
|
||||
*)
|
||||
;;
|
||||
|
|
|
|||
|
|
@ -1901,7 +1901,7 @@ int main() {
|
|||
case $have_ed448 in
|
||||
yes)
|
||||
AC_DEFINE(HAVE_OPENSSL_ED448, 1,
|
||||
[Define if your OpenSSL version supports Ed448.])],
|
||||
[Define if your OpenSSL version supports Ed448.])
|
||||
;;
|
||||
*)
|
||||
;;
|
||||
|
|
|
|||
|
|
@ -23,13 +23,6 @@
|
|||
#include <openssl/crypto.h>
|
||||
#include <openssl/bn.h>
|
||||
|
||||
#if !defined(OPENSSL_NO_ENGINE) && \
|
||||
((defined(CRYPTO_LOCK_ENGINE) && \
|
||||
(OPENSSL_VERSION_NUMBER >= 0x0090707f)) || \
|
||||
(OPENSSL_VERSION_NUMBER >= 0x10100000L))
|
||||
#define USE_ENGINE 1
|
||||
#endif
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
/*
|
||||
* These are new in OpenSSL 1.1.0. BN_GENCB _cb needs to be declared in
|
||||
|
|
@ -65,7 +58,7 @@ isc_result_t
|
|||
dst__openssl_toresult3(isc_logcategory_t *category,
|
||||
const char *funcname, isc_result_t fallback);
|
||||
|
||||
#ifdef USE_ENGINE
|
||||
#if !defined(OPENSSL_NO_ENGINE)
|
||||
ENGINE *
|
||||
dst__openssl_getengine(const char *engine);
|
||||
#else
|
||||
|
|
|
|||
|
|
@ -46,7 +46,7 @@
|
|||
#include "dst_internal.h"
|
||||
#include "dst_openssl.h"
|
||||
|
||||
#ifdef USE_ENGINE
|
||||
#if !defined(OPENSSL_NO_ENGINE)
|
||||
#include <openssl/engine.h>
|
||||
#endif
|
||||
|
||||
|
|
@ -55,7 +55,7 @@ static isc_mutex_t *locks = NULL;
|
|||
static int nlocks;
|
||||
#endif
|
||||
|
||||
#ifdef USE_ENGINE
|
||||
#if !defined(OPENSSL_NO_ENGINE)
|
||||
static ENGINE *e = NULL;
|
||||
#endif
|
||||
|
||||
|
|
@ -147,7 +147,7 @@ isc_result_t
|
|||
dst__openssl_init(const char *engine) {
|
||||
isc_result_t result;
|
||||
|
||||
#if !defined(USE_ENGINE)
|
||||
#if defined(OPENSSL_NO_ENGINE)
|
||||
UNUSED(engine);
|
||||
#endif
|
||||
|
||||
|
|
@ -175,7 +175,7 @@ dst__openssl_init(const char *engine) {
|
|||
ERR_load_crypto_strings();
|
||||
#endif
|
||||
|
||||
#ifdef USE_ENGINE
|
||||
#if !defined(OPENSSL_NO_ENGINE)
|
||||
#if !defined(CONF_MFLAGS_DEFAULT_SECTION)
|
||||
OPENSSL_config(NULL);
|
||||
#else
|
||||
|
|
@ -207,7 +207,7 @@ dst__openssl_init(const char *engine) {
|
|||
}
|
||||
}
|
||||
|
||||
#endif /* USE_ENGINE */
|
||||
#endif /* !defined(OPENSSL_NO_ENGINE) */
|
||||
|
||||
/* Protect ourselves against unseeded PRNG */
|
||||
if (RAND_status() != 1) {
|
||||
|
|
@ -219,7 +219,7 @@ dst__openssl_init(const char *engine) {
|
|||
|
||||
return (ISC_R_SUCCESS);
|
||||
|
||||
#ifdef USE_ENGINE
|
||||
#if !defined(OPENSSL_NO_ENGINE)
|
||||
cleanup_rm:
|
||||
if (e != NULL)
|
||||
ENGINE_free(e);
|
||||
|
|
@ -248,11 +248,11 @@ dst__openssl_destroy(void) {
|
|||
#endif
|
||||
OBJ_cleanup();
|
||||
EVP_cleanup();
|
||||
#if defined(USE_ENGINE)
|
||||
#if !defined(OPENSSL_NO_ENGINE)
|
||||
if (e != NULL)
|
||||
ENGINE_free(e);
|
||||
e = NULL;
|
||||
#if defined(USE_ENGINE) && OPENSSL_VERSION_NUMBER >= 0x00907000L
|
||||
#if !defined(OPENSSL_NO_ENGINE) && OPENSSL_VERSION_NUMBER >= 0x00907000L
|
||||
ENGINE_cleanup();
|
||||
#endif
|
||||
#endif
|
||||
|
|
@ -364,7 +364,7 @@ dst__openssl_toresult3(isc_logcategory_t *category,
|
|||
return (result);
|
||||
}
|
||||
|
||||
#if defined(USE_ENGINE)
|
||||
#if !defined(OPENSSL_NO_ENGINE)
|
||||
ENGINE *
|
||||
dst__openssl_getengine(const char *engine) {
|
||||
|
||||
|
|
|
|||
|
|
@ -50,6 +50,8 @@
|
|||
#include "dst_openssl.h"
|
||||
#include "dst_parse.h"
|
||||
|
||||
#define PRIME2 "02"
|
||||
|
||||
#define PRIME768 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088" \
|
||||
"A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25" \
|
||||
"F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A63A3620FFFFFFFFFFFFFFFF"
|
||||
|
|
@ -71,7 +73,7 @@
|
|||
|
||||
static isc_result_t openssldh_todns(const dst_key_t *key, isc_buffer_t *data);
|
||||
|
||||
static BIGNUM *bn2, *bn768, *bn1024, *bn1536;
|
||||
static BIGNUM *bn2 = NULL, *bn768 = NULL, *bn1024 = NULL, *bn1536 = NULL;
|
||||
|
||||
#if !defined(HAVE_DH_GET0_KEY)
|
||||
/*
|
||||
|
|
@ -722,32 +724,6 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
|
|||
return (ret);
|
||||
}
|
||||
|
||||
static void
|
||||
BN_fromhex(BIGNUM *b, const char *str) {
|
||||
static const char hexdigits[] = "0123456789abcdef";
|
||||
unsigned char data[512];
|
||||
unsigned int i;
|
||||
BIGNUM *out;
|
||||
|
||||
RUNTIME_CHECK(strlen(str) < 1024U && strlen(str) % 2 == 0U);
|
||||
for (i = 0; i < strlen(str); i += 2) {
|
||||
const char *s;
|
||||
unsigned int high, low;
|
||||
|
||||
s = strchr(hexdigits, tolower((unsigned char)str[i]));
|
||||
RUNTIME_CHECK(s != NULL);
|
||||
high = (unsigned int)(s - hexdigits);
|
||||
|
||||
s = strchr(hexdigits, tolower((unsigned char)str[i + 1]));
|
||||
RUNTIME_CHECK(s != NULL);
|
||||
low = (unsigned int)(s - hexdigits);
|
||||
|
||||
data[i/2] = (unsigned char)((high << 4) + low);
|
||||
}
|
||||
out = BN_bin2bn(data, strlen(str)/2, b);
|
||||
RUNTIME_CHECK(out != NULL);
|
||||
}
|
||||
|
||||
static void
|
||||
openssldh_cleanup(void) {
|
||||
BN_free(bn2);
|
||||
|
|
@ -784,17 +760,18 @@ isc_result_t
|
|||
dst__openssldh_init(dst_func_t **funcp) {
|
||||
REQUIRE(funcp != NULL);
|
||||
if (*funcp == NULL) {
|
||||
bn2 = BN_new();
|
||||
bn768 = BN_new();
|
||||
bn1024 = BN_new();
|
||||
bn1536 = BN_new();
|
||||
if (bn2 == NULL || bn768 == NULL ||
|
||||
bn1024 == NULL || bn1536 == NULL)
|
||||
if (BN_hex2bn(&bn2, PRIME2) == 0 || bn2 == NULL) {
|
||||
goto cleanup;
|
||||
BN_set_word(bn2, 2);
|
||||
BN_fromhex(bn768, PRIME768);
|
||||
BN_fromhex(bn1024, PRIME1024);
|
||||
BN_fromhex(bn1536, PRIME1536);
|
||||
}
|
||||
if (BN_hex2bn(&bn768, PRIME768) == 0 || bn768 == NULL) {
|
||||
goto cleanup;
|
||||
}
|
||||
if (BN_hex2bn(&bn1024, PRIME1024) == 0 || bn1024 == NULL) {
|
||||
goto cleanup;
|
||||
}
|
||||
if (BN_hex2bn(&bn1536, PRIME1536) == 0 || bn1536 == NULL) {
|
||||
goto cleanup;
|
||||
}
|
||||
*funcp = &openssldh_functions;
|
||||
}
|
||||
return (ISC_R_SUCCESS);
|
||||
|
|
|
|||
|
|
@ -47,7 +47,7 @@
|
|||
#if OPENSSL_VERSION_NUMBER > 0x00908000L
|
||||
#include <openssl/bn.h>
|
||||
#endif
|
||||
#ifdef USE_ENGINE
|
||||
#if !defined(OPENSSL_NO_ENGINE)
|
||||
#include <openssl/engine.h>
|
||||
#endif
|
||||
|
||||
|
|
@ -1482,13 +1482,13 @@ opensslrsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
|
|||
isc_result_t ret;
|
||||
int i;
|
||||
RSA *rsa = NULL, *pubrsa = NULL;
|
||||
#ifdef USE_ENGINE
|
||||
#if !defined(OPENSSL_NO_ENGINE)
|
||||
ENGINE *ep = NULL;
|
||||
const BIGNUM *ex = NULL;
|
||||
#endif
|
||||
isc_mem_t *mctx = key->mctx;
|
||||
const char *engine = NULL, *label = NULL;
|
||||
#if defined(USE_ENGINE) || USE_EVP
|
||||
#if !defined(OPENSSL_NO_ENGINE) || USE_EVP
|
||||
EVP_PKEY *pkey = NULL;
|
||||
#endif
|
||||
BIGNUM *n = NULL, *e = NULL, *d = NULL;
|
||||
|
|
@ -1541,7 +1541,7 @@ opensslrsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
|
|||
* See if we can fetch it.
|
||||
*/
|
||||
if (label != NULL) {
|
||||
#ifdef USE_ENGINE
|
||||
#if !defined(OPENSSL_NO_ENGINE)
|
||||
if (engine == NULL)
|
||||
DST_RET(DST_R_NOENGINE);
|
||||
ep = dst__openssl_getengine(engine);
|
||||
|
|
@ -1690,7 +1690,7 @@ static isc_result_t
|
|||
opensslrsa_fromlabel(dst_key_t *key, const char *engine, const char *label,
|
||||
const char *pin)
|
||||
{
|
||||
#ifdef USE_ENGINE
|
||||
#if !defined(OPENSSL_NO_ENGINE)
|
||||
ENGINE *e = NULL;
|
||||
isc_result_t ret;
|
||||
EVP_PKEY *pkey = NULL;
|
||||
|
|
|
|||
Loading…
Reference in a new issue