From e6f2f2a5e6a31fa0931ca66ce68119b0de0c0ad9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= Date: Mon, 5 Aug 2024 12:14:26 +0200 Subject: [PATCH] Initialize the DST subsystem implicitly Instead of calling dst_lib_init() and dst_lib_destroy() explicitly by all the programs, create a separate memory context for the DST subsystem and use the library constructor and destructor to initialize the DST internals. --- bin/check/named-checkconf.c | 8 -- bin/confgen/keygen.c | 6 +- bin/delv/delv.c | 6 -- bin/dig/dighost.c | 13 +-- bin/dnssec/dnssec-cds.c | 12 --- bin/dnssec/dnssec-dsfromkey.c | 7 -- bin/dnssec/dnssec-importkey.c | 7 -- bin/dnssec/dnssec-keyfromlabel.c | 6 -- bin/dnssec/dnssec-keygen.c | 10 +-- bin/dnssec/dnssec-ksr.c | 9 +- bin/dnssec/dnssec-revoke.c | 7 -- bin/dnssec/dnssec-settime.c | 7 -- bin/dnssec/dnssec-signzone.c | 7 -- bin/dnssec/dnssec-verify.c | 7 -- bin/named/main.c | 24 ++--- bin/named/server.c | 5 -- bin/nsupdate/nsupdate.c | 11 --- bin/tests/system/.gitignore | 1 + bin/tests/system/feature-test.c | 26 ++---- bin/tests/system/makejournal.c | 9 -- bin/tests/system/pipelined/pipequeries.c | 4 - bin/tests/system/rsabigexponent/bigkey.c | 2 - bin/tools/mdig.c | 3 - fuzz/dns_message_checksig.c | 10 --- lib/dns/dst_api.c | 107 +++++++---------------- lib/dns/dst_internal.h | 37 ++------ lib/dns/gssapi_link.c | 4 +- lib/dns/hmac_link.c | 3 +- lib/dns/include/dst/dst.h | 21 ----- lib/dns/openssl_link.c | 28 ------ lib/dns/opensslecdsa_link.c | 4 +- lib/dns/openssleddsa_link.c | 3 +- lib/dns/opensslrsa_link.c | 29 +----- lib/isc/tls.c | 20 +++++ tests/dns/dst_test.c | 22 +---- tests/dns/private_test.c | 28 +----- tests/dns/rsa_test.c | 26 +----- tests/dns/sigs_test.c | 26 +----- tests/dns/tsig_test.c | 28 +----- 39 files changed, 101 insertions(+), 492 deletions(-) diff --git a/bin/check/named-checkconf.c b/bin/check/named-checkconf.c index fcdeb867c4..00335b6089 100644 --- a/bin/check/named-checkconf.c +++ b/bin/check/named-checkconf.c @@ -593,7 +593,6 @@ main(int argc, char **argv) { const char *conffile = NULL; isc_mem_t *mctx = NULL; isc_result_t result = ISC_R_SUCCESS; - bool cleanup_dst = false; bool load_zones = false; bool list_zones = false; bool print = false; @@ -728,9 +727,6 @@ main(int argc, char **argv) { CHECK(setup_logging(mctx, stdout, &logc)); - CHECK(dst_lib_init(mctx)); - cleanup_dst = true; - CHECK(cfg_parser_create(mctx, logc, &parser)); if (nodeprecate) { @@ -757,10 +753,6 @@ cleanup: cfg_parser_destroy(&parser); } - if (cleanup_dst) { - dst_lib_destroy(); - } - if (logc != NULL) { isc_log_destroy(&logc); } diff --git a/bin/confgen/keygen.c b/bin/confgen/keygen.c index 922d066302..1ceaeedcfd 100644 --- a/bin/confgen/keygen.c +++ b/bin/confgen/keygen.c @@ -120,8 +120,6 @@ generate_key(isc_mem_t *mctx, dns_secalg_t alg, int keysize, fatal("unsupported algorithm %d\n", alg); } - DO("initialize dst library", dst_lib_init(mctx)); - DO("generate key", dst_key_generate(dns_rootname, alg, keysize, 0, 0, DNS_KEYPROTO_ANY, dns_rdataclass_in, NULL, mctx, &key, NULL)); @@ -132,14 +130,12 @@ generate_key(isc_mem_t *mctx, dns_secalg_t alg, int keysize, isc_buffer_usedregion(&key_rawbuffer, &key_rawregion); - DO("bsse64 encode secret", + DO("base64 encode secret", isc_base64_totext(&key_rawregion, -1, "", key_txtbuffer)); if (key != NULL) { dst_key_free(&key); } - - dst_lib_destroy(); } /*% diff --git a/bin/delv/delv.c b/bin/delv/delv.c index 0da4af4e1b..36f26f042c 100644 --- a/bin/delv/delv.c +++ b/bin/delv/delv.c @@ -2220,11 +2220,6 @@ main(int argc, char *argv[]) { isc_managers_create(&mctx, 1, &loopmgr, &netmgr); loop = isc_loop_main(loopmgr); - result = dst_lib_init(mctx); - if (result != ISC_R_SUCCESS) { - fatal("dst_lib_init failed: %d", result); - } - parse_args(argc, argv); CHECK(setup_style()); @@ -2267,7 +2262,6 @@ cleanup: } isc_log_destroy(&lctx); - dst_lib_destroy(); isc_managers_destroy(&mctx, &loopmgr, &netmgr); diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c index 0803bfd28a..6756bd9900 100644 --- a/bin/dig/dighost.c +++ b/bin/dig/dighost.c @@ -93,8 +93,7 @@ static bool cancel_now = false; bool check_ra = false, have_ipv4 = false, have_ipv6 = false, specified_source = false, free_now = false, usesearch = false, - showsearch = false, is_dst_up = false, keep_open = false, verbose = false, - yaml = false; + showsearch = false, keep_open = false, verbose = false, yaml = false; in_port_t port = 53; bool port_set = false; unsigned int timeout = 0; @@ -1374,10 +1373,6 @@ setup_libs(void) { isc_mem_setname(mctx, "dig"); mainloop = isc_loop_main(loopmgr); - - result = dst_lib_init(mctx); - check_result(result, "dst_lib_init"); - is_dst_up = true; } typedef struct dig_ednsoptname { @@ -4722,12 +4717,6 @@ cleanup_openssl_refs(void) { debug("freeing SIG(0) key %p", sig0key); dst_key_free(&sig0key); } - - if (is_dst_up) { - debug("destroy DST lib"); - dst_lib_destroy(); - is_dst_up = false; - } } /*% diff --git a/bin/dnssec/dnssec-cds.c b/bin/dnssec/dnssec-cds.c index 1952ffd721..fd877160d8 100644 --- a/bin/dnssec/dnssec-cds.c +++ b/bin/dnssec/dnssec-cds.c @@ -144,7 +144,6 @@ static dns_dbnode_t *parent_node = NULL; static dns_db_t *update_db = NULL; static dns_dbnode_t *update_node = NULL; static dns_dbversion_t *update_version = NULL; -static bool cleanup_dst = false; static bool print_mem_stats = false; static void @@ -1074,9 +1073,6 @@ cleanup(void) { if (lctx != NULL) { cleanup_logging(&lctx); } - if (cleanup_dst) { - dst_lib_destroy(); - } if (mctx != NULL) { if (print_mem_stats && verbose > 10) { isc_mem_stats(mctx, stdout); @@ -1090,7 +1086,6 @@ main(int argc, char *argv[]) { const char *child_path = NULL; const char *ds_path = NULL; const char *inplace = NULL; - isc_result_t result; bool prefer_cdnskey = false; bool nsupdate = false; uint32_t ttl = 0; @@ -1180,13 +1175,6 @@ main(int argc, char *argv[]) { setup_logging(mctx, &lctx); - result = dst_lib_init(mctx); - if (result != ISC_R_SUCCESS) { - fatal("could not initialize dst: %s", - isc_result_totext(result)); - } - cleanup_dst = true; - if (ds_path == NULL) { fatal("missing -d DS pathname"); } diff --git a/bin/dnssec/dnssec-dsfromkey.c b/bin/dnssec/dnssec-dsfromkey.c index 574b5a299e..466f7ce0fe 100644 --- a/bin/dnssec/dnssec-dsfromkey.c +++ b/bin/dnssec/dnssec-dsfromkey.c @@ -489,12 +489,6 @@ main(int argc, char **argv) { fatal("extraneous arguments"); } - result = dst_lib_init(mctx); - if (result != ISC_R_SUCCESS) { - fatal("could not initialize dst: %s", - isc_result_totext(result)); - } - setup_logging(mctx, &log); dns_rdataset_init(&rdataset); @@ -549,7 +543,6 @@ main(int argc, char **argv) { dns_rdataset_disassociate(&rdataset); } cleanup_logging(&log); - dst_lib_destroy(); if (verbose > 10) { isc_mem_stats(mctx, stdout); } diff --git a/bin/dnssec/dnssec-importkey.c b/bin/dnssec/dnssec-importkey.c index 1574ee7aba..3bb4029052 100644 --- a/bin/dnssec/dnssec-importkey.c +++ b/bin/dnssec/dnssec-importkey.c @@ -408,12 +408,6 @@ main(int argc, char **argv) { fatal("extraneous arguments"); } - result = dst_lib_init(mctx); - if (result != ISC_R_SUCCESS) { - fatal("could not initialize dst: %s", - isc_result_totext(result)); - } - setup_logging(mctx, &log); dns_rdataset_init(&rdataset); @@ -459,7 +453,6 @@ main(int argc, char **argv) { dns_rdataset_disassociate(&rdataset); } cleanup_logging(&log); - dst_lib_destroy(); if (verbose > 10) { isc_mem_stats(mctx, stdout); } diff --git a/bin/dnssec/dnssec-keyfromlabel.c b/bin/dnssec/dnssec-keyfromlabel.c index 38ed1f7d75..a4afc1f66a 100644 --- a/bin/dnssec/dnssec-keyfromlabel.c +++ b/bin/dnssec/dnssec-keyfromlabel.c @@ -332,11 +332,6 @@ main(int argc, char **argv) { } } - ret = dst_lib_init(mctx); - if (ret != ISC_R_SUCCESS) { - fatal("could not initialize dst: %s", isc_result_totext(ret)); - } - setup_logging(mctx, &log); if (predecessor == NULL) { @@ -729,7 +724,6 @@ main(int argc, char **argv) { } cleanup_logging(&log); - dst_lib_destroy(); if (verbose > 10) { isc_mem_stats(mctx, stdout); } diff --git a/bin/dnssec/dnssec-keygen.c b/bin/dnssec/dnssec-keygen.c index 8dd1b07ae9..5dce14964f 100644 --- a/bin/dnssec/dnssec-keygen.c +++ b/bin/dnssec/dnssec-keygen.c @@ -1137,14 +1137,9 @@ main(int argc, char **argv) { } } - ret = dst_lib_init(mctx); - if (ret != ISC_R_SUCCESS) { - fatal("could not initialize dst: %s", isc_result_totext(ret)); - } - /* - * After dst_lib_init which will set FIPS mode if requested - * at build time. The minumums are both raised to 2048. + * The DST subsystem will set FIPS mode if requested at build time. + * The minimum sizes are both raised to 2048. */ if (isc_fips_mode()) { min_rsa = min_dh = 2048; @@ -1287,7 +1282,6 @@ main(int argc, char **argv) { } cleanup_logging(&lctx); - dst_lib_destroy(); if (verbose > 10) { isc_mem_stats(mctx, stdout); } diff --git a/bin/dnssec/dnssec-ksr.c b/bin/dnssec/dnssec-ksr.c index 51e6e8dbfd..07e9c97310 100644 --- a/bin/dnssec/dnssec-ksr.c +++ b/bin/dnssec/dnssec-ksr.c @@ -1264,14 +1264,9 @@ main(int argc, char *argv[]) { fatal("must provide a command and zone name"); } - ret = dst_lib_init(mctx); - if (ret != ISC_R_SUCCESS) { - fatal("could not initialize dst: %s", isc_result_totext(ret)); - } - /* - * After dst_lib_init which will set FIPS mode if requested - * at build time. The minumums are both raised to 2048. + * The DST subsystem will set FIPS mode if requested at build time. + * The minimum sizes are both raised to 2048. */ if (isc_fips_mode()) { min_rsa = min_dh = 2048; diff --git a/bin/dnssec/dnssec-revoke.c b/bin/dnssec/dnssec-revoke.c index afea87f148..bc2ca62bf2 100644 --- a/bin/dnssec/dnssec-revoke.c +++ b/bin/dnssec/dnssec-revoke.c @@ -157,12 +157,6 @@ main(int argc, char **argv) { } } - result = dst_lib_init(mctx); - if (result != ISC_R_SUCCESS) { - fatal("Could not initialize dst: %s", - isc_result_totext(result)); - } - result = dst_key_fromnamedfile( filename, dir, DST_TYPE_PUBLIC | DST_TYPE_PRIVATE, mctx, &key); if (result != ISC_R_SUCCESS) { @@ -246,7 +240,6 @@ main(int argc, char **argv) { cleanup: dst_key_free(&key); - dst_lib_destroy(); if (verbose > 10) { isc_mem_stats(mctx, stdout); } diff --git a/bin/dnssec/dnssec-settime.c b/bin/dnssec/dnssec-settime.c index 0b46f2f8ef..3ca072f0e4 100644 --- a/bin/dnssec/dnssec-settime.c +++ b/bin/dnssec/dnssec-settime.c @@ -553,12 +553,6 @@ main(int argc, char **argv) { fatal("Options -g, -d, -k, -r and -z require -s to be set"); } - result = dst_lib_init(mctx); - if (result != ISC_R_SUCCESS) { - fatal("Could not initialize dst: %s", - isc_result_totext(result)); - } - if (predecessor != NULL) { int major, minor; @@ -950,7 +944,6 @@ main(int argc, char **argv) { dst_key_free(&prevkey); } dst_key_free(&key); - dst_lib_destroy(); if (verbose > 10) { isc_mem_stats(mctx, stdout); } diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c index 90423d418f..e17f85325d 100644 --- a/bin/dnssec/dnssec-signzone.c +++ b/bin/dnssec/dnssec-signzone.c @@ -3745,12 +3745,6 @@ main(int argc, char *argv[]) { } } - result = dst_lib_init(mctx); - if (result != ISC_R_SUCCESS) { - fatal("could not initialize dst: %s", - isc_result_totext(result)); - } - setup_logging(mctx, &log); argc -= isc_commandline_index; @@ -4123,7 +4117,6 @@ main(int argc, char *argv[]) { dns_master_styledestroy(&dsstyle, mctx); cleanup_logging(&log); - dst_lib_destroy(); if (verbose > 10) { isc_mem_stats(mctx, stdout); } diff --git a/bin/dnssec/dnssec-verify.c b/bin/dnssec/dnssec-verify.c index 0494113884..913f463ae5 100644 --- a/bin/dnssec/dnssec-verify.c +++ b/bin/dnssec/dnssec-verify.c @@ -272,12 +272,6 @@ main(int argc, char *argv[]) { } } - result = dst_lib_init(mctx); - if (result != ISC_R_SUCCESS) { - fatal("could not initialize dst: %s", - isc_result_totext(result)); - } - now = isc_stdtime_now(); rdclass = strtoclass(classname); @@ -333,7 +327,6 @@ main(int argc, char *argv[]) { dns_db_detach(&gdb); cleanup_logging(&log); - dst_lib_destroy(); if (verbose > 10) { isc_mem_stats(mctx, stdout); } diff --git a/bin/named/main.c b/bin/named/main.c index 73f9060d96..274c2bbe2c 100644 --- a/bin/named/main.c +++ b/bin/named/main.c @@ -556,8 +556,6 @@ format_supported_algorithms(void (*emit)(isc_buffer_t *b)) { static void printversion(bool verbose) { char rndcconf[PATH_MAX], *dot = NULL; - isc_mem_t *mctx = NULL; - isc_result_t result; isc_buffer_t b; char buf[512]; #if defined(HAVE_GEOIP2) @@ -631,17 +629,9 @@ printversion(bool verbose) { #endif /* if defined(HAVE_DNSTAP) */ printf("threads support is enabled\n"); - isc_mem_create(&mctx); - result = dst_lib_init(mctx); - if (result == ISC_R_SUCCESS) { - isc_buffer_init(&b, buf, sizeof(buf)); - format_supported_algorithms(printit); - printf("\n"); - dst_lib_destroy(); - } else { - printf("DST initialization failure: %s\n", - isc_result_totext(result)); - } + isc_buffer_init(&b, buf, sizeof(buf)); + format_supported_algorithms(printit); + printf("\n"); /* * The default rndc.conf and rndc.key paths are in the same @@ -665,6 +655,8 @@ printversion(bool verbose) { printf(" named PID file: %s\n", named_g_defaultpidfile); #if defined(HAVE_GEOIP2) #define RTC(x) RUNTIME_CHECK((x) == ISC_R_SUCCESS) + isc_mem_t *mctx = NULL; + isc_mem_create(&mctx); RTC(cfg_parser_create(mctx, named_g_lctx, &parser)); RTC(named_config_parsedefaults(parser, &config)); RTC(cfg_map_get(config, "options", &defaults)); @@ -674,8 +666,8 @@ printversion(bool verbose) { } cfg_obj_destroy(parser, &config); cfg_parser_destroy(&parser); -#endif /* HAVE_GEOIP2 */ isc_mem_detach(&mctx); +#endif /* HAVE_GEOIP2 */ } static void @@ -1300,10 +1292,6 @@ setup(void) { ENSURE(named_g_server != NULL); sctx = named_g_server->sctx; - /* - * Report supported algorithms now that dst_lib_init() has - * been called via named_server_create(). - */ format_supported_algorithms(logit); /* diff --git a/bin/named/server.c b/bin/named/server.c index 341bf7460d..7739d6b6f8 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -10330,9 +10330,6 @@ named_server_create(isc_mem_t *mctx, named_server_t **serverp) { ISC_LIST_INIT(server->keystorelist); ISC_LIST_INIT(server->viewlist); - /* Must be first. */ - CHECKFATAL(dst_lib_init(named_g_mctx), "initializing DST"); - CHECKFATAL(dns_rootns_create(mctx, dns_rdataclass_in, NULL, &server->in_roothints), "setting up root hints"); @@ -10436,8 +10433,6 @@ named_server_destroy(named_server_t **serverp) { dns_zonemgr_detach(&server->zonemgr); } - dst_lib_destroy(); - INSIST(ISC_LIST_EMPTY(server->kasplist)); INSIST(ISC_LIST_EMPTY(server->keystorelist)); INSIST(ISC_LIST_EMPTY(server->viewlist)); diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c index 64bec6b631..d23b1c6732 100644 --- a/bin/nsupdate/nsupdate.c +++ b/bin/nsupdate/nsupdate.c @@ -117,7 +117,6 @@ static bool debugging = false, ddebugging = false; static bool memdebugging = false; static bool have_ipv4 = false; static bool have_ipv6 = false; -static bool is_dst_up = false; static bool use_tls = false; static bool usevc = false; static bool usegsstsig = false; @@ -926,10 +925,6 @@ setup_system(void *arg ISC_ATTR_UNUSED) { result = dns_dispatchmgr_create(gmctx, loopmgr, netmgr, &dispatchmgr); check_result(result, "dns_dispatchmgr_create"); - result = dst_lib_init(gmctx); - check_result(result, "dst_lib_init"); - is_dst_up = true; - set_source_ports(dispatchmgr); if (have_ipv6) { @@ -3503,12 +3498,6 @@ cleanup(void) { isc_mutex_destroy(&answer_lock); - if (is_dst_up) { - ddebug("Destroy DST lib"); - dst_lib_destroy(); - is_dst_up = false; - } - ddebug("Shutting down managers"); isc_managers_destroy(&gmctx, &loopmgr, &netmgr); } diff --git a/bin/tests/system/.gitignore b/bin/tests/system/.gitignore index 3c2db219b0..663f744cf9 100644 --- a/bin/tests/system/.gitignore +++ b/bin/tests/system/.gitignore @@ -9,6 +9,7 @@ named.lock named.pid named.run /feature-test +/legacy.run.sh /makejournal /random.data /*.log diff --git a/bin/tests/system/feature-test.c b/bin/tests/system/feature-test.c index 2d17e1e8a2..3c242f9a4f 100644 --- a/bin/tests/system/feature-test.c +++ b/bin/tests/system/feature-test.c @@ -198,15 +198,10 @@ main(int argc, char **argv) { } if (strcmp(argv[1], "--md5") == 0) { - isc_mem_t *mctx = NULL; - int answer; - - isc_mem_create(&mctx); - dst_lib_init(mctx); - answer = dst_algorithm_supported(DST_ALG_HMACMD5) ? 0 : 1; - dst_lib_destroy(); - isc_mem_detach(&mctx); - return (answer); + if (!dst_algorithm_supported(DST_ALG_HMACMD5)) { + return (1); + } + return (0); } if (strcmp(argv[1], "--ipv6only=no") == 0) { @@ -229,14 +224,11 @@ main(int argc, char **argv) { } if (strcasecmp(argv[1], "--rsasha1") == 0) { - int answer; - isc_mem_t *mctx = NULL; - isc_mem_create(&mctx); - dst_lib_init(mctx); - answer = dst_algorithm_supported(DST_ALG_RSASHA1) ? 0 : 1; - dst_lib_destroy(); - isc_mem_detach(&mctx); - return (answer); + if (!dst_algorithm_supported(DST_ALG_RSASHA1)) { + return (1); + } + + return (0); } if (strcmp(argv[1], "--with-dlz-filesystem") == 0) { diff --git a/bin/tests/system/makejournal.c b/bin/tests/system/makejournal.c index c42c97ba58..6c1ddfc85c 100644 --- a/bin/tests/system/makejournal.c +++ b/bin/tests/system/makejournal.c @@ -39,8 +39,6 @@ isc_mem_t *mctx = NULL; isc_log_t *lctx = NULL; -static bool dst_active = false; - /* * Logging categories: this needs to match the list in bin/named/log.c. */ @@ -101,9 +99,6 @@ main(int argc, char **argv) { isc_mem_debugging |= ISC_MEM_DEBUGRECORD; isc_mem_create(&mctx); - CHECK(dst_lib_init(mctx)); - dst_active = true; - isc_log_create(mctx, &lctx, &logconfig); isc_log_registercategories(lctx, categories); isc_log_setcontext(lctx); @@ -148,10 +143,6 @@ cleanup: if (lctx != NULL) { isc_log_destroy(&lctx); } - if (dst_active) { - dst_lib_destroy(); - dst_active = false; - } if (mctx != NULL) { isc_mem_destroy(&mctx); } diff --git a/bin/tests/system/pipelined/pipequeries.c b/bin/tests/system/pipelined/pipequeries.c index d2237e8347..d636f05978 100644 --- a/bin/tests/system/pipelined/pipequeries.c +++ b/bin/tests/system/pipelined/pipequeries.c @@ -275,8 +275,6 @@ main(int argc, char *argv[]) { isc_log_create(mctx, &lctx, &lcfg); - RUNCHECK(dst_lib_init(mctx)); - RUNCHECK(dns_dispatchmgr_create(mctx, loopmgr, netmgr, &dispatchmgr)); RUNCHECK(dns_dispatch_createudp( @@ -294,8 +292,6 @@ main(int argc, char *argv[]) { isc_loopmgr_run(loopmgr); - dst_lib_destroy(); - isc_log_destroy(&lctx); isc_managers_destroy(&mctx, &loopmgr, &netmgr); diff --git a/bin/tests/system/rsabigexponent/bigkey.c b/bin/tests/system/rsabigexponent/bigkey.c index 5f3c9151a2..ad76fd7db8 100644 --- a/bin/tests/system/rsabigexponent/bigkey.c +++ b/bin/tests/system/rsabigexponent/bigkey.c @@ -105,7 +105,6 @@ main(int argc, char **argv) { } isc_mem_create(&mctx); - CHECK(dst_lib_init(mctx), "dst_lib_init()"); isc_log_create(mctx, &log_, &logconfig); isc_log_setcontext(log_); dns_log_init(log_); @@ -148,7 +147,6 @@ main(int argc, char **argv) { isc_log_destroy(&log_); isc_log_setcontext(NULL); dns_log_setcontext(NULL); - dst_lib_destroy(); isc_mem_destroy(&mctx); return (0); } diff --git a/bin/tools/mdig.c b/bin/tools/mdig.c index b620f51688..7a5e9e3948 100644 --- a/bin/tools/mdig.c +++ b/bin/tools/mdig.c @@ -2131,7 +2131,6 @@ main(int argc, char *argv[]) { isc_managers_create(&mctx, 1, &loopmgr, &netmgr); isc_log_create(mctx, &lctx, &lcfg); - RUNCHECK(dst_lib_init(mctx)); isc_nonce_buf(cookie_secret, sizeof(cookie_secret)); ISC_LIST_INIT(queries); @@ -2191,8 +2190,6 @@ main(int argc, char *argv[]) { isc_loopmgr_run(loopmgr); - dst_lib_destroy(); - isc_log_destroy(&lctx); query = ISC_LIST_HEAD(queries); diff --git a/fuzz/dns_message_checksig.c b/fuzz/dns_message_checksig.c index 363b3e9ff1..865de6a0e2 100644 --- a/fuzz/dns_message_checksig.c +++ b/fuzz/dns_message_checksig.c @@ -124,8 +124,6 @@ static char c3[] = "sig0key. 0 IN SOA . . 0 0 0 0 0\n\ sig0key. 0 IN NS .\n\ sig0key. 0 IN KEY 512 3 8 AwEAAa22lgHi1vAbQvu5ETdTrm2H8rwga9tvyMa6LFiSDyevLvSv0Uo5 uvfrXnxaLdtBMts6e1Ly2piSH9JRbOGMNibOK4EXWhWAn8MII4SWgQAs bFwtiz4HyPn2wScrUQdo8DocKiQJBanesr7vDO8fdA6Rg1e0yAtSeNti e8avx46/HJa6CFs3CoE0sf6oOFSxM954AgCBTXOGNBt1Nt3Bhfqt2qyA TLFii5K1jLDTZDVkoiyDXL1M7wcTwKf9METgj1eQmH3GGlRM/OJ/j8xk ZiFGbL3cipWdiH48031jiV2hlc92mKn8Ya0d9AN6c44piza/JSFydZXw sY32nxzjDbs=\n"; -static bool destroy_dst = false; - int LLVMFuzzerInitialize(int *argc ISC_ATTR_UNUSED, char ***argv ISC_ATTR_UNUSED) { isc_result_t result; @@ -173,14 +171,6 @@ LLVMFuzzerInitialize(int *argc ISC_ATTR_UNUSED, char ***argv ISC_ATTR_UNUSED) { isc_mem_create(&mctx); - result = dst_lib_init(mctx); - if (result != ISC_R_SUCCESS) { - fprintf(stderr, "dst_lib_init failed: %s\n", - isc_result_totext(result)); - return (1); - } - destroy_dst = true; - isc_loopmgr_create(mctx, 1, &loopmgr); result = dns_view_create(mctx, NULL, dns_rdataclass_in, "view", &view); diff --git a/lib/dns/dst_api.c b/lib/dns/dst_api.c index cd593ca9fd..8144f4bed9 100644 --- a/lib/dns/dst_api.c +++ b/lib/dns/dst_api.c @@ -138,9 +138,7 @@ static const char *keystates[KEYSTATES_NVALUES] = { #define MAX_NTAGS \ (DST_MAX_NUMERIC + DST_MAX_BOOLEAN + DST_MAX_TIMES + DST_MAX_KEYSTATES) -static dst_func_t *dst_t_func[DST_MAX_ALGS]; - -static bool dst_initialized = false; +static dst_func_t *dst_t_func[DST_MAX_ALGS] = { 0 }; void gss_log(int level, const char *fmt, ...) ISC_FORMAT_PRINTF(2, 3); @@ -189,71 +187,55 @@ addsuffix(char *filename, int len, const char *dirname, const char *ofilename, return ((_r)); \ } while (0); -isc_result_t -dst_lib_init(isc_mem_t *mctx) { - isc_result_t result; +static isc_mem_t *dst__mctx = NULL; - REQUIRE(mctx != NULL); - REQUIRE(!dst_initialized); +void ISC_CONSTRUCTOR +dst__lib_init(void); +void ISC_DESTRUCTOR +dst__lib_destroy(void); + +void +dst__lib_init(void) { + isc_mem_create(&dst__mctx); + + dst__hmacmd5_init(&dst_t_func[DST_ALG_HMACMD5]); + dst__hmacsha1_init(&dst_t_func[DST_ALG_HMACSHA1]); + dst__hmacsha224_init(&dst_t_func[DST_ALG_HMACSHA224]); + dst__hmacsha256_init(&dst_t_func[DST_ALG_HMACSHA256]); + dst__hmacsha384_init(&dst_t_func[DST_ALG_HMACSHA384]); + dst__hmacsha512_init(&dst_t_func[DST_ALG_HMACSHA512]); - memset(dst_t_func, 0, sizeof(dst_t_func)); - dst__openssl_init(); /* Sets FIPS mode. */ - RETERR(dst__hmacmd5_init(&dst_t_func[DST_ALG_HMACMD5])); - RETERR(dst__hmacsha1_init(&dst_t_func[DST_ALG_HMACSHA1])); - RETERR(dst__hmacsha224_init(&dst_t_func[DST_ALG_HMACSHA224])); - RETERR(dst__hmacsha256_init(&dst_t_func[DST_ALG_HMACSHA256])); - RETERR(dst__hmacsha384_init(&dst_t_func[DST_ALG_HMACSHA384])); - RETERR(dst__hmacsha512_init(&dst_t_func[DST_ALG_HMACSHA512])); /* RSASHA1 (NSEC3RSASHA1) is verify only in FIPS mode. */ - RETERR(dst__opensslrsa_init(&dst_t_func[DST_ALG_RSASHA1], - DST_ALG_RSASHA1)); - RETERR(dst__opensslrsa_init(&dst_t_func[DST_ALG_NSEC3RSASHA1], - DST_ALG_NSEC3RSASHA1)); - RETERR(dst__opensslrsa_init(&dst_t_func[DST_ALG_RSASHA256], - DST_ALG_RSASHA256)); - RETERR(dst__opensslrsa_init(&dst_t_func[DST_ALG_RSASHA512], - DST_ALG_RSASHA512)); - RETERR(dst__opensslecdsa_init(&dst_t_func[DST_ALG_ECDSA256])); - RETERR(dst__opensslecdsa_init(&dst_t_func[DST_ALG_ECDSA384])); - RETERR(dst__openssleddsa_init(&dst_t_func[DST_ALG_ED25519], - DST_ALG_ED25519)); + dst__opensslrsa_init(&dst_t_func[DST_ALG_RSASHA1], DST_ALG_RSASHA1); + dst__opensslrsa_init(&dst_t_func[DST_ALG_NSEC3RSASHA1], + DST_ALG_NSEC3RSASHA1); + dst__opensslrsa_init(&dst_t_func[DST_ALG_RSASHA256], DST_ALG_RSASHA256); + dst__opensslrsa_init(&dst_t_func[DST_ALG_RSASHA512], DST_ALG_RSASHA512); + dst__opensslecdsa_init(&dst_t_func[DST_ALG_ECDSA256]); + dst__opensslecdsa_init(&dst_t_func[DST_ALG_ECDSA384]); + dst__openssleddsa_init(&dst_t_func[DST_ALG_ED25519], DST_ALG_ED25519); #ifdef HAVE_OPENSSL_ED448 - RETERR(dst__openssleddsa_init(&dst_t_func[DST_ALG_ED448], - DST_ALG_ED448)); -#endif /* HAVE_OPENSSL_ED448 */ + dst__openssleddsa_init(&dst_t_func[DST_ALG_ED448], DST_ALG_ED448); +#endif /* ifdef HAVE_OPENSSL_ED448 */ #if HAVE_GSSAPI - RETERR(dst__gssapi_init(&dst_t_func[DST_ALG_GSSAPI])); + dst__gssapi_init(&dst_t_func[DST_ALG_GSSAPI]); #endif /* HAVE_GSSAPI */ - - dst_initialized = true; - return (ISC_R_SUCCESS); - -out: - /* avoid immediate crash! */ - dst_initialized = true; - dst_lib_destroy(); - return (result); } void -dst_lib_destroy(void) { - int i; - RUNTIME_CHECK(dst_initialized); - dst_initialized = false; - - for (i = 0; i < DST_MAX_ALGS; i++) { +dst__lib_destroy(void) { + for (size_t i = 0; i < DST_MAX_ALGS; i++) { if (dst_t_func[i] != NULL && dst_t_func[i]->cleanup != NULL) { dst_t_func[i]->cleanup(); } } - dst__openssl_destroy(); + + isc_mem_destroy(&dst__mctx); } bool dst_algorithm_supported(unsigned int alg) { - REQUIRE(dst_initialized); - if (alg >= DST_MAX_ALGS || dst_t_func[alg] == NULL) { return (false); } @@ -273,7 +255,6 @@ dst_context_create(dst_key_t *key, isc_mem_t *mctx, isc_logcategory_t *category, dst_context_t *dctx; isc_result_t result; - REQUIRE(dst_initialized); REQUIRE(VALID_KEY(key)); REQUIRE(mctx != NULL); REQUIRE(dctxp != NULL && *dctxp == NULL); @@ -398,7 +379,6 @@ dst_context_verify2(dst_context_t *dctx, unsigned int maxbits, isc_result_t dst_key_computesecret(const dst_key_t *pub, const dst_key_t *priv, isc_buffer_t *secret) { - REQUIRE(dst_initialized); REQUIRE(VALID_KEY(pub) && VALID_KEY(priv)); REQUIRE(secret != NULL); @@ -426,7 +406,6 @@ isc_result_t dst_key_tofile(const dst_key_t *key, int type, const char *directory) { isc_result_t ret = ISC_R_SUCCESS; - REQUIRE(dst_initialized); REQUIRE(VALID_KEY(key)); REQUIRE((type & (DST_TYPE_PRIVATE | DST_TYPE_PUBLIC | DST_TYPE_STATE)) != 0); @@ -501,7 +480,6 @@ dst_key_getfilename(dns_name_t *name, dns_keytag_t id, unsigned int alg, isc_buffer_t *buf) { isc_result_t result; - REQUIRE(dst_initialized); REQUIRE(dns_name_isabsolute(name)); REQUIRE((type & (DST_TYPE_PRIVATE | DST_TYPE_PUBLIC | DST_TYPE_STATE)) != 0); @@ -530,7 +508,6 @@ dst_key_fromfile(dns_name_t *name, dns_keytag_t id, unsigned int alg, int type, isc_buffer_t buf; dst_key_t *key; - REQUIRE(dst_initialized); REQUIRE(dns_name_isabsolute(name)); REQUIRE((type & (DST_TYPE_PRIVATE | DST_TYPE_PUBLIC)) != 0); REQUIRE(mctx != NULL); @@ -583,7 +560,6 @@ dst_key_fromnamedfile(const char *filename, const char *dirname, int type, int newfilenamelen = 0, statefilenamelen = 0; isc_lex_t *lex = NULL; - REQUIRE(dst_initialized); REQUIRE(filename != NULL); REQUIRE((type & (DST_TYPE_PRIVATE | DST_TYPE_PUBLIC)) != 0); REQUIRE(mctx != NULL); @@ -716,7 +692,6 @@ out: isc_result_t dst_key_todns(const dst_key_t *key, isc_buffer_t *target) { - REQUIRE(dst_initialized); REQUIRE(VALID_KEY(key)); REQUIRE(target != NULL); @@ -765,8 +740,6 @@ dst_key_fromdns_ex(const dns_name_t *name, dns_rdataclass_t rdclass, isc_region_t r; isc_result_t result; - REQUIRE(dst_initialized); - isc_buffer_remainingregion(source, &r); if (isc_buffer_remaininglength(source) < 4) { @@ -806,8 +779,6 @@ dst_key_frombuffer(const dns_name_t *name, unsigned int alg, unsigned int flags, dst_key_t *key = NULL; isc_result_t result; - REQUIRE(dst_initialized); - result = frombuffer(name, alg, flags, protocol, rdclass, source, mctx, false, &key); if (result != ISC_R_SUCCESS) { @@ -826,7 +797,6 @@ dst_key_frombuffer(const dns_name_t *name, unsigned int alg, unsigned int flags, isc_result_t dst_key_tobuffer(const dst_key_t *key, isc_buffer_t *target) { - REQUIRE(dst_initialized); REQUIRE(VALID_KEY(key)); REQUIRE(target != NULL); @@ -844,7 +814,6 @@ dst_key_privatefrombuffer(dst_key_t *key, isc_buffer_t *buffer) { isc_lex_t *lex = NULL; isc_result_t result = ISC_R_SUCCESS; - REQUIRE(dst_initialized); REQUIRE(VALID_KEY(key)); REQUIRE(!dst_key_isprivate(key)); REQUIRE(buffer != NULL); @@ -970,7 +939,6 @@ dst_key_buildinternal(const dns_name_t *name, unsigned int alg, dst_key_t *key; isc_result_t result; - REQUIRE(dst_initialized); REQUIRE(dns_name_isabsolute(name)); REQUIRE(mctx != NULL); REQUIRE(keyp != NULL && *keyp == NULL); @@ -1001,7 +969,6 @@ dst_key_fromlabel(const dns_name_t *name, int alg, unsigned int flags, dst_key_t *key; isc_result_t result; - REQUIRE(dst_initialized); REQUIRE(dns_name_isabsolute(name)); REQUIRE(mctx != NULL); REQUIRE(keyp != NULL && *keyp == NULL); @@ -1040,7 +1007,6 @@ dst_key_generate(const dns_name_t *name, unsigned int alg, unsigned int bits, dst_key_t *key; isc_result_t ret; - REQUIRE(dst_initialized); REQUIRE(dns_name_isabsolute(name)); REQUIRE(mctx != NULL); REQUIRE(keyp != NULL && *keyp == NULL); @@ -1265,7 +1231,6 @@ static bool comparekeys(const dst_key_t *key1, const dst_key_t *key2, bool match_revoked_key, bool (*compare)(const dst_key_t *key1, const dst_key_t *key2)) { - REQUIRE(dst_initialized); REQUIRE(VALID_KEY(key1)); REQUIRE(VALID_KEY(key2)); @@ -1362,7 +1327,6 @@ dst_key_pubcompare(const dst_key_t *key1, const dst_key_t *key2, bool dst_key_paramcompare(const dst_key_t *key1, const dst_key_t *key2) { - REQUIRE(dst_initialized); REQUIRE(VALID_KEY(key1)); REQUIRE(VALID_KEY(key2)); @@ -1381,7 +1345,6 @@ dst_key_paramcompare(const dst_key_t *key1, const dst_key_t *key2) { void dst_key_attach(dst_key_t *source, dst_key_t **target) { - REQUIRE(dst_initialized); REQUIRE(target != NULL && *target == NULL); REQUIRE(VALID_KEY(source)); @@ -1391,7 +1354,6 @@ dst_key_attach(dst_key_t *source, dst_key_t **target) { void dst_key_free(dst_key_t **keyp) { - REQUIRE(dst_initialized); REQUIRE(keyp != NULL && VALID_KEY(*keyp)); dst_key_t *key = *keyp; *keyp = NULL; @@ -1441,7 +1403,6 @@ dst_key_buildfilename(const dst_key_t *key, int type, const char *directory, isc_result_t dst_key_sigsize(const dst_key_t *key, unsigned int *n) { - REQUIRE(dst_initialized); REQUIRE(VALID_KEY(key)); REQUIRE(n != NULL); @@ -1531,7 +1492,6 @@ dst_key_restore(dns_name_t *name, unsigned int alg, unsigned int flags, isc_result_t result; dst_key_t *key; - REQUIRE(dst_initialized); REQUIRE(keyp != NULL && *keyp == NULL); if (alg >= DST_MAX_ALGS || dst_t_func[alg] == NULL) { @@ -1940,7 +1900,6 @@ cleanup: static bool issymmetric(const dst_key_t *key) { - REQUIRE(dst_initialized); REQUIRE(VALID_KEY(key)); switch (key->key_alg) { @@ -2352,8 +2311,6 @@ frombuffer(const dns_name_t *name, unsigned int alg, unsigned int flags, static isc_result_t algorithm_status(unsigned int alg) { - REQUIRE(dst_initialized); - if (dst_algorithm_supported(alg)) { return (ISC_R_SUCCESS); } diff --git a/lib/dns/dst_internal.h b/lib/dns/dst_internal.h index fe89420916..f8a90f3ff5 100644 --- a/lib/dns/dst_internal.h +++ b/lib/dns/dst_internal.h @@ -195,47 +195,28 @@ struct dst_func { * Initializers */ void -dst__openssl_init(void); - -isc_result_t dst__hmacmd5_init(struct dst_func **funcp); -isc_result_t +void dst__hmacsha1_init(struct dst_func **funcp); -isc_result_t +void dst__hmacsha224_init(struct dst_func **funcp); -isc_result_t +void dst__hmacsha256_init(struct dst_func **funcp); -isc_result_t +void dst__hmacsha384_init(struct dst_func **funcp); -isc_result_t +void dst__hmacsha512_init(struct dst_func **funcp); -isc_result_t +void dst__opensslrsa_init(struct dst_func **funcp, unsigned char algorithm); -isc_result_t +void dst__opensslecdsa_init(struct dst_func **funcp); -isc_result_t +void dst__openssleddsa_init(struct dst_func **funcp, unsigned char algorithm); #if HAVE_GSSAPI -isc_result_t +void dst__gssapi_init(struct dst_func **funcp); #endif /* HAVE_GSSAPI*/ -/*% - * Destructors - */ -void -dst__openssl_destroy(void); - -/*% - * Memory allocators using the DST memory pool. - */ -void * -dst__mem_alloc(size_t size); -void -dst__mem_free(void *ptr); -void * -dst__mem_realloc(void *ptr, size_t size); - /*% * Secure private file handling */ diff --git a/lib/dns/gssapi_link.c b/lib/dns/gssapi_link.c index 94a4683b3b..33ed54cb66 100644 --- a/lib/dns/gssapi_link.c +++ b/lib/dns/gssapi_link.c @@ -353,11 +353,11 @@ static dst_func_t gssapi_functions = { gssapi_restore, }; -isc_result_t +void dst__gssapi_init(dst_func_t **funcp) { REQUIRE(funcp != NULL); + if (*funcp == NULL) { *funcp = &gssapi_functions; } - return (ISC_R_SUCCESS); } diff --git a/lib/dns/hmac_link.c b/lib/dns/hmac_link.c index c8c806df97..4361fb73bf 100644 --- a/lib/dns/hmac_link.c +++ b/lib/dns/hmac_link.c @@ -135,7 +135,7 @@ NULL, /*%< dump */ \ NULL, /*%< restore */ \ }; \ - isc_result_t dst__hmac##alg##_init(dst_func_t **funcp) { \ + void dst__hmac##alg##_init(dst_func_t **funcp) { \ REQUIRE(funcp != NULL); \ if (*funcp == NULL) { \ isc_hmac_t *ctx = isc_hmac_new(); \ @@ -146,7 +146,6 @@ } \ isc_hmac_free(ctx); \ } \ - return (ISC_R_SUCCESS); \ } static isc_result_t diff --git a/lib/dns/include/dst/dst.h b/lib/dns/include/dst/dst.h index ee569582ca..85f99ad63e 100644 --- a/lib/dns/include/dst/dst.h +++ b/lib/dns/include/dst/dst.h @@ -197,27 +197,6 @@ typedef enum dst_algorithm { /*** *** Functions ***/ -isc_result_t -dst_lib_init(isc_mem_t *mctx); -/*%< - * Initializes the DST subsystem. - * - * Requires: - * \li "mctx" is a valid memory context - * - * Returns: - * \li ISC_R_SUCCESS - * \li ISC_R_NOMEMORY - * - * Ensures: - * \li DST is properly initialized. - */ - -void -dst_lib_destroy(void); -/*%< - * Releases all resources allocated by DST. - */ bool dst_algorithm_supported(unsigned int alg); diff --git a/lib/dns/openssl_link.c b/lib/dns/openssl_link.c index 596627046c..57638a9245 100644 --- a/lib/dns/openssl_link.c +++ b/lib/dns/openssl_link.c @@ -27,7 +27,6 @@ * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#include #include #include #include @@ -55,33 +54,6 @@ goto err; \ } -static void -enable_fips_mode(void) { -#if defined(ENABLE_FIPS_MODE) - if (isc_fips_mode()) { - /* - * FIPS mode is already enabled. - */ - return; - } - - if (isc_fips_set_mode(1) != ISC_R_SUCCESS) { - dst__openssl_toresult2("FIPS_mode_set", DST_R_OPENSSLFAILURE); - exit(EXIT_FAILURE); - } -#endif -} - -void -dst__openssl_init(void) { - enable_fips_mode(); -} - -void -dst__openssl_destroy(void) { - /* No-op */ -} - static isc_result_t toresult(isc_result_t fallback) { isc_result_t result = fallback; diff --git a/lib/dns/opensslecdsa_link.c b/lib/dns/opensslecdsa_link.c index c072ae27d6..683b96cab4 100644 --- a/lib/dns/opensslecdsa_link.c +++ b/lib/dns/opensslecdsa_link.c @@ -1152,11 +1152,11 @@ static dst_func_t opensslecdsa_functions = { NULL, /*%< restore */ }; -isc_result_t +void dst__opensslecdsa_init(dst_func_t **funcp) { REQUIRE(funcp != NULL); + if (*funcp == NULL) { *funcp = &opensslecdsa_functions; } - return (ISC_R_SUCCESS); } diff --git a/lib/dns/openssleddsa_link.c b/lib/dns/openssleddsa_link.c index 76aa2a9f57..ffd298bfd1 100644 --- a/lib/dns/openssleddsa_link.c +++ b/lib/dns/openssleddsa_link.c @@ -640,7 +640,7 @@ err: return (ret); } -isc_result_t +void dst__openssleddsa_init(dst_func_t **funcp, unsigned char algorithm) { REQUIRE(funcp != NULL); @@ -649,5 +649,4 @@ dst__openssleddsa_init(dst_func_t **funcp, unsigned char algorithm) { *funcp = &openssleddsa_functions; } } - return (ISC_R_SUCCESS); } diff --git a/lib/dns/opensslrsa_link.c b/lib/dns/opensslrsa_link.c index ea71f2e2e2..519ab7711f 100644 --- a/lib/dns/opensslrsa_link.c +++ b/lib/dns/opensslrsa_link.c @@ -1233,10 +1233,6 @@ check_algorithm(unsigned char algorithm) { isc_result_t ret = ISC_R_SUCCESS; size_t len; - if (evp_md_ctx == NULL) { - DST_RET(ISC_R_NOMEMORY); - } - switch (algorithm) { case DST_ALG_RSASHA1: case DST_ALG_NSEC3RSASHA1: @@ -1258,23 +1254,14 @@ check_algorithm(unsigned char algorithm) { DST_RET(ISC_R_NOTIMPLEMENTED); } - if (type == NULL) { - DST_RET(ISC_R_NOTIMPLEMENTED); - } - /* * Construct pkey. */ c.e = BN_bin2bn(e_bytes, sizeof(e_bytes) - 1, NULL); c.n = BN_bin2bn(n_bytes, sizeof(n_bytes) - 1, NULL); - if (c.e == NULL || c.n == NULL) { - DST_RET(ISC_R_NOMEMORY); - } ret = opensslrsa_build_pkey(false, &c, &pkey); - if (ret != ISC_R_SUCCESS) { - goto err; - } + INSIST(ret == ISC_R_SUCCESS); /* * Check that we can verify the signature. @@ -1294,21 +1281,13 @@ err: return (ret); } -isc_result_t +void dst__opensslrsa_init(dst_func_t **funcp, unsigned char algorithm) { - isc_result_t result; - REQUIRE(funcp != NULL); - result = check_algorithm(algorithm); - - if (result == ISC_R_SUCCESS) { - if (*funcp == NULL) { + if (*funcp == NULL) { + if (check_algorithm(algorithm) == ISC_R_SUCCESS) { *funcp = &opensslrsa_functions; } - } else if (result == ISC_R_NOTIMPLEMENTED) { - result = ISC_R_SUCCESS; } - - return (result); } diff --git a/lib/isc/tls.c b/lib/isc/tls.c index f496410e9b..7c8d684c2d 100644 --- a/lib/isc/tls.c +++ b/lib/isc/tls.c @@ -34,6 +34,7 @@ #include #include +#include #include #include #include @@ -125,6 +126,23 @@ isc__tls_free_ex(void *ptr, const char *file, int line) { #endif /* !defined(LIBRESSL_VERSION_NUMBER) */ +static void +enable_fips_mode(void) { +#if defined(ENABLE_FIPS_MODE) + if (isc_fips_mode()) { + /* + * FIPS mode is already enabled. + */ + return; + } + + if (isc_fips_set_mode(1) != ISC_R_SUCCESS) { + dst__openssl_toresult2("FIPS_mode_set", DST_R_OPENSSLFAILURE); + exit(EXIT_FAILURE); + } +#endif +} + void isc__tls_initialize(void) { isc_mem_create(&isc__tls_mctx); @@ -160,6 +178,8 @@ isc__tls_initialize(void) { "cannot be initialized (see the `PRNG not " "seeded' message in the OpenSSL FAQ)"); } + + enable_fips_mode(); } void diff --git a/tests/dns/dst_test.c b/tests/dns/dst_test.c index 9ebc5be3f0..7713195660 100644 --- a/tests/dns/dst_test.c +++ b/tests/dns/dst_test.c @@ -43,24 +43,6 @@ #include -static int -setup_test(void **state) { - UNUSED(state); - - dst_lib_init(mctx); - - return (0); -} - -static int -teardown_test(void **state) { - UNUSED(state); - - dst_lib_destroy(); - - return (0); -} - /* Read sig in file at path to buf. Check signature ineffability */ static isc_result_t sig_fromfile(const char *path, isc_buffer_t *buf) { @@ -440,8 +422,8 @@ ISC_RUN_TEST_IMPL(cmp_test) { } ISC_TEST_LIST_START -ISC_TEST_ENTRY_CUSTOM(sig_test, setup_test, teardown_test) -ISC_TEST_ENTRY_CUSTOM(cmp_test, setup_test, teardown_test) +ISC_TEST_ENTRY(sig_test) +ISC_TEST_ENTRY(cmp_test) ISC_TEST_LIST_END ISC_TEST_MAIN diff --git a/tests/dns/private_test.c b/tests/dns/private_test.c index 0b2eb6ddf8..c40bd7f23c 100644 --- a/tests/dns/private_test.c +++ b/tests/dns/private_test.c @@ -37,30 +37,6 @@ static dns_rdatatype_t privatetype = 65534; -static int -setup_test(void **state) { - isc_result_t result; - - UNUSED(state); - - result = dst_lib_init(mctx); - - if (result != ISC_R_SUCCESS) { - return (1); - } - - return (0); -} - -static int -teardown_test(void **state) { - UNUSED(state); - - dst_lib_destroy(); - - return (0); -} - typedef struct { unsigned char alg; dns_keytag_t keyid; @@ -211,8 +187,8 @@ ISC_RUN_TEST_IMPL(private_nsec3_totext) { } ISC_TEST_LIST_START -ISC_TEST_ENTRY_CUSTOM(private_signing_totext, setup_test, teardown_test) -ISC_TEST_ENTRY_CUSTOM(private_nsec3_totext, setup_test, teardown_test) +ISC_TEST_ENTRY(private_signing_totext) +ISC_TEST_ENTRY(private_nsec3_totext) ISC_TEST_LIST_END ISC_TEST_MAIN diff --git a/tests/dns/rsa_test.c b/tests/dns/rsa_test.c index 7a5c356e1c..f634621943 100644 --- a/tests/dns/rsa_test.c +++ b/tests/dns/rsa_test.c @@ -37,30 +37,6 @@ #include -static int -setup_test(void **state) { - isc_result_t result; - - UNUSED(state); - - result = dst_lib_init(mctx); - - if (result != ISC_R_SUCCESS) { - return (1); - } - - return (0); -} - -static int -teardown_test(void **state) { - UNUSED(state); - - dst_lib_destroy(); - - return (0); -} - static unsigned char d[10] = { 0xa, 0x10, 0xbb, 0, 0xfe, 0x15, 0x1, 0x88, 0xcc, 0x7d }; @@ -226,7 +202,7 @@ ISC_RUN_TEST_IMPL(isc_rsa_verify) { } ISC_TEST_LIST_START -ISC_TEST_ENTRY_CUSTOM(isc_rsa_verify, setup_test, teardown_test) +ISC_TEST_ENTRY(isc_rsa_verify) ISC_TEST_LIST_END ISC_TEST_MAIN diff --git a/tests/dns/sigs_test.c b/tests/dns/sigs_test.c index d33d74e8cc..30b1fe2008 100644 --- a/tests/dns/sigs_test.c +++ b/tests/dns/sigs_test.c @@ -71,30 +71,6 @@ typedef struct { * */ } updatesigs_test_params_t; -static int -setup_test(void **state) { - isc_result_t result; - - UNUSED(state); - - result = dst_lib_init(mctx); - - if (result != ISC_R_SUCCESS) { - return (1); - } - - return (0); -} - -static int -teardown_test(void **state) { - UNUSED(state); - - dst_lib_destroy(); - - return (0); -} - /*% * Check whether the 'found' tuple matches the 'expected' tuple. 'found' is * the 'index'th tuple output by dns__zone_updatesigs() in test 'test'. @@ -437,7 +413,7 @@ ISC_RUN_TEST_IMPL(updatesigs_next) { } ISC_TEST_LIST_START -ISC_TEST_ENTRY_CUSTOM(updatesigs_next, setup_test, teardown_test) +ISC_TEST_ENTRY(updatesigs_next) ISC_TEST_LIST_END ISC_TEST_MAIN diff --git a/tests/dns/tsig_test.c b/tests/dns/tsig_test.c index 1cd62e675f..321c9bbcdb 100644 --- a/tests/dns/tsig_test.c +++ b/tests/dns/tsig_test.c @@ -48,30 +48,6 @@ static int debug = 0; -static int -setup_test(void **state) { - isc_result_t result; - - UNUSED(state); - - result = dst_lib_init(mctx); - - if (result != ISC_R_SUCCESS) { - return (1); - } - - return (0); -} - -static int -teardown_test(void **state) { - UNUSED(state); - - dst_lib_destroy(); - - return (0); -} - static isc_result_t add_mac(dst_context_t *tsigctx, isc_buffer_t *buf) { dns_rdata_any_tsig_t tsig; @@ -519,8 +495,8 @@ ISC_RUN_TEST_IMPL(algvalid) { } ISC_TEST_LIST_START -ISC_TEST_ENTRY_CUSTOM(tsig_tcp, setup_test, teardown_test) -ISC_TEST_ENTRY_CUSTOM(tsig_badtime, setup_test, teardown_test) +ISC_TEST_ENTRY(tsig_tcp) +ISC_TEST_ENTRY(tsig_badtime) ISC_TEST_ENTRY(algvalid) ISC_TEST_LIST_END