mirror of
https://github.com/isc-projects/bind9.git
synced 2026-06-10 20:19:59 -04:00
591. [bug] Work around non-reentrancy in openssl by disabling
precomputation in keys.
This commit is contained in:
Brian Wellington
parent
dcfa06e99d
commit
704d6eeab1
4 changed files with 41 additions and 3 deletions
3
CHANGES
3
CHANGES
|
|
@ -1,6 +1,9 @@
|
|||
|
||||
--- 9.1.0b1 released ---
|
||||
|
||||
591. [bug] Work around non-reentrancy in openssl by disabling
|
||||
precomputation in keys.
|
||||
|
||||
590. [doc] There are now man pages for the lwres library in
|
||||
doc/man/lwres.
|
||||
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@
|
|||
|
||||
/*
|
||||
* Principal Author: Brian Wellington
|
||||
* $Id: openssl_link.c,v 1.37 2000/09/08 14:23:46 bwelling Exp $
|
||||
* $Id: openssl_link.c,v 1.38 2000/12/04 23:06:35 bwelling Exp $
|
||||
*/
|
||||
#if defined(OPENSSL)
|
||||
|
||||
|
|
@ -27,8 +27,11 @@
|
|||
|
||||
#include <isc/entropy.h>
|
||||
#include <isc/mem.h>
|
||||
#include <isc/mutex.h>
|
||||
#include <isc/mutexblock.h>
|
||||
#include <isc/sha1.h>
|
||||
#include <isc/string.h>
|
||||
#include <isc/thread.h>
|
||||
#include <isc/util.h>
|
||||
|
||||
#include <dst/result.h>
|
||||
|
|
@ -40,6 +43,7 @@
|
|||
#include <openssl/rand.h>
|
||||
|
||||
static RAND_METHOD *rm = NULL;
|
||||
static isc_mutex_t locks[CRYPTO_NUM_LOCKS];
|
||||
|
||||
static isc_result_t openssldsa_todns(const dst_key_t *key, isc_buffer_t *data);
|
||||
|
||||
|
|
@ -200,6 +204,7 @@ openssldsa_generate(dst_key_t *key, int unused) {
|
|||
DSA_free(dsa);
|
||||
return (DST_R_OPENSSLFAILURE);
|
||||
}
|
||||
dsa->flags &= ~DSA_FLAG_CACHE_MONT_P;
|
||||
|
||||
key->opaque = dsa;
|
||||
|
||||
|
|
@ -282,6 +287,7 @@ openssldsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
|
|||
dsa = DSA_new();
|
||||
if (dsa == NULL)
|
||||
return (ISC_R_NOMEMORY);
|
||||
dsa->flags &= ~DSA_FLAG_CACHE_MONT_P;
|
||||
|
||||
t = (unsigned int) *r.base++;
|
||||
if (t > 8) {
|
||||
|
|
@ -387,6 +393,7 @@ openssldsa_fromfile(dst_key_t *key, const isc_uint16_t id, const char *filename)
|
|||
dsa = DSA_new();
|
||||
if (dsa == NULL)
|
||||
DST_RET(ISC_R_NOMEMORY);
|
||||
dsa->flags &= ~DSA_FLAG_CACHE_MONT_P;
|
||||
key->opaque = dsa;
|
||||
|
||||
for (i=0; i < priv.nelements; i++) {
|
||||
|
|
@ -493,10 +500,30 @@ entropy_add(const void *buf, int num, double entropy) {
|
|||
UNUSED(entropy);
|
||||
}
|
||||
|
||||
static void
|
||||
lock_callback(int mode, int type, const char *file, int line) {
|
||||
if ((mode & CRYPTO_LOCK) != 0)
|
||||
LOCK(&locks[type]);
|
||||
else
|
||||
UNLOCK(&locks[type]);
|
||||
}
|
||||
|
||||
static unsigned long
|
||||
id_callback(void) {
|
||||
return ((unsigned long)isc_thread_self());
|
||||
}
|
||||
|
||||
isc_result_t
|
||||
dst__openssl_init(void) {
|
||||
isc_result_t result;
|
||||
|
||||
CRYPTO_set_mem_functions(dst__mem_alloc, dst__mem_realloc,
|
||||
dst__mem_free);
|
||||
result = isc_mutexblock_init(locks, CRYPTO_NUM_LOCKS);
|
||||
if (result != ISC_R_SUCCESS)
|
||||
return (result);
|
||||
CRYPTO_set_locking_callback(lock_callback);
|
||||
CRYPTO_set_id_callback(id_callback);
|
||||
rm = dst__mem_alloc(sizeof(RAND_METHOD));
|
||||
if (rm == NULL)
|
||||
return (ISC_R_NOMEMORY);
|
||||
|
|
@ -512,6 +539,8 @@ dst__openssl_init(void) {
|
|||
|
||||
void
|
||||
dst__openssl_destroy(void) {
|
||||
RUNTIME_CHECK(isc_mutexblock_destroy(locks, CRYPTO_NUM_LOCKS) ==
|
||||
ISC_R_SUCCESS);
|
||||
dst__mem_free(rm);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@
|
|||
|
||||
/*
|
||||
* Principal Author: Brian Wellington
|
||||
* $Id: openssldh_link.c,v 1.31 2000/09/08 14:23:48 bwelling Exp $
|
||||
* $Id: openssldh_link.c,v 1.32 2000/12/04 23:06:36 bwelling Exp $
|
||||
*/
|
||||
|
||||
#if defined(OPENSSL)
|
||||
|
|
@ -161,6 +161,7 @@ openssldh_generate(dst_key_t *key, int generator) {
|
|||
DH_free(dh);
|
||||
return (DST_R_OPENSSLFAILURE);
|
||||
}
|
||||
dh->flags &= ~DH_FLAG_CACHE_MONT_P;
|
||||
|
||||
key->opaque = dh;
|
||||
|
||||
|
|
@ -279,6 +280,7 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
|
|||
dh = DH_new();
|
||||
if (dh == NULL)
|
||||
return (ISC_R_NOMEMORY);
|
||||
dh->flags &= ~DH_FLAG_CACHE_MONT_P;
|
||||
|
||||
/*
|
||||
* Read the prime length. 1 & 2 are table entries, > 16 means a
|
||||
|
|
@ -444,6 +446,7 @@ openssldh_fromfile(dst_key_t *key, const isc_uint16_t id, const char *filename)
|
|||
dh = DH_new();
|
||||
if (dh == NULL)
|
||||
DST_RET(ISC_R_NOMEMORY);
|
||||
dh->flags &= ~DH_FLAG_CACHE_MONT_P;
|
||||
key->opaque = dh;
|
||||
|
||||
for (i=0; i < priv.nelements; i++) {
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@
|
|||
|
||||
/*
|
||||
* Principal Author: Brian Wellington
|
||||
* $Id: opensslrsa_link.c,v 1.4 2000/11/22 00:11:30 bwelling Exp $
|
||||
* $Id: opensslrsa_link.c,v 1.5 2000/12/04 23:06:37 bwelling Exp $
|
||||
*/
|
||||
#if defined(OPENSSL)
|
||||
|
||||
|
|
@ -215,6 +215,7 @@ opensslrsa_generate(dst_key_t *key, int exp) {
|
|||
else
|
||||
e = RSA_F4;
|
||||
rsa = RSA_generate_key(key->key_size, e, NULL, NULL);
|
||||
rsa->flags &= ~(RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE);
|
||||
|
||||
if (rsa == NULL) {
|
||||
ERR_clear_error();
|
||||
|
|
@ -302,6 +303,7 @@ opensslrsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
|
|||
rsa = RSA_new();
|
||||
if (rsa == NULL)
|
||||
return (ISC_R_NOMEMORY);
|
||||
rsa->flags &= ~(RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE);
|
||||
|
||||
if (r.length < 1)
|
||||
return (DST_R_INVALIDPUBLICKEY);
|
||||
|
|
@ -438,6 +440,7 @@ opensslrsa_fromfile(dst_key_t *key, const isc_uint16_t id,
|
|||
rsa = RSA_new();
|
||||
if (rsa == NULL)
|
||||
DST_RET(ISC_R_NOMEMORY);
|
||||
rsa->flags &= ~(RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE);
|
||||
key->opaque = rsa;
|
||||
|
||||
for (i = 0; i < priv.nelements; i++) {
|
||||
|
|
|
|||
Loading…
Reference in a new issue