From f76c4ebaf586a693521f018fbc617c292c1555d7 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Tue, 19 Mar 2002 04:30:57 +0000
Subject: [PATCH] 1235.   [func]          Report 'out of memory' errors from
 openssl.

---
 CHANGES                           |  2 ++
 lib/dns/sec/dst/dst_openssl.h     | 33 +++++++++++++++++++++++++++++++
 lib/dns/sec/dst/openssl_link.c    | 19 +++++++++++++++++-
 lib/dns/sec/dst/openssldh_link.c  |  9 +++++----
 lib/dns/sec/dst/openssldsa_link.c | 11 ++++++-----
 lib/dns/sec/dst/opensslrsa_link.c | 21 ++++++++------------
 util/copyrights                   |  1 +
 7 files changed, 73 insertions(+), 23 deletions(-)
 create mode 100644 lib/dns/sec/dst/dst_openssl.h

diff --git a/CHANGES b/CHANGES
index 2451243fc0..8377bb83b7 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+1235.	[func]		Report 'out of memory' errors from openssl.
+
 1234.	[bug]		contrib/sdb: 'zonetodb' failed to call
 			dns_result_register().  DNS_R_SEENINCLUDE should not
 			be fatal.
diff --git a/lib/dns/sec/dst/dst_openssl.h b/lib/dns/sec/dst/dst_openssl.h
new file mode 100644
index 0000000000..12388b4254
--- /dev/null
+++ b/lib/dns/sec/dst/dst_openssl.h
@@ -0,0 +1,33 @@
+/*
+ * Copyright (C) 2002  Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
+ * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
+ * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
+ * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
+ * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
+ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: dst_openssl.h,v 1.1 2002/03/19 04:30:53 marka Exp $ */
+
+#ifndef DST_OPENSSL_H
+#define DST_OPENSSL_H 1
+
+#include <isc/lang.h>
+#include <isc/result.h>
+
+ISC_LANG_BEGINDECLS
+
+isc_result_t
+dst__openssl_toresult(isc_result_t fallback);
+
+ISC_LANG_ENDDECLS
+
+#endif /* DST_OPENSSL_H */
diff --git a/lib/dns/sec/dst/openssl_link.c b/lib/dns/sec/dst/openssl_link.c
index 4e20a187ed..13d4011bb3 100644
--- a/lib/dns/sec/dst/openssl_link.c
+++ b/lib/dns/sec/dst/openssl_link.c
@@ -19,7 +19,7 @@
 
 /*
  * Principal Author: Brian Wellington
- * $Id: openssl_link.c,v 1.49 2001/11/30 01:59:31 gson Exp $
+ * $Id: openssl_link.c,v 1.50 2002/03/19 04:30:53 marka Exp $
  */
 #ifdef OPENSSL
 
@@ -34,6 +34,7 @@
 #include <isc/util.h>
 
 #include "dst_internal.h"
+#include "dst_openssl.h"
 
 #include <openssl/err.h>
 #include <openssl/rand.h>
@@ -188,6 +189,22 @@ dst__openssl_destroy() {
 		mem_free(rm);
 }
 
+isc_result_t
+dst__openssl_toresult(isc_result_t fallback) {
+	isc_result_t result = fallback;
+	int err = ERR_get_error();
+
+	switch (ERR_GET_REASON(err)) {
+	case ERR_R_MALLOC_FAILURE:
+		result = ISC_R_NOMEMORY;
+		break;
+	default:
+		break;
+	}
+	ERR_clear_error();
+	return (result);
+}
+
 #else /* OPENSSL */
 
 #include <isc/util.h>
diff --git a/lib/dns/sec/dst/openssldh_link.c b/lib/dns/sec/dst/openssldh_link.c
index fba90cde1f..da38e5c484 100644
--- a/lib/dns/sec/dst/openssldh_link.c
+++ b/lib/dns/sec/dst/openssldh_link.c
@@ -19,7 +19,7 @@
 
 /*
  * Principal Author: Brian Wellington
- * $Id: openssldh_link.c,v 1.47 2002/02/27 22:12:01 bwelling Exp $
+ * $Id: openssldh_link.c,v 1.48 2002/03/19 04:30:55 marka Exp $
  */
 
 #ifdef OPENSSL
@@ -35,6 +35,7 @@
 #include <dst/result.h>
 
 #include "dst_internal.h"
+#include "dst_openssl.h"
 #include "dst_parse.h"
 
 #include <openssl/dh.h>
@@ -83,7 +84,7 @@ openssldh_computesecret(const dst_key_t *pub, const dst_key_t *priv,
 		return (ISC_R_NOSPACE);
 	ret = DH_compute_key(r.base, dhpub->pub_key, dhpriv);
 	if (ret == 0)
-		return (DST_R_COMPUTESECRETFAILURE);
+		return (dst__openssl_toresult(DST_R_COMPUTESECRETFAILURE));
 	isc_buffer_add(secret, len);
 	return (ISC_R_SUCCESS);
 }
@@ -167,11 +168,11 @@ openssldh_generate(dst_key_t *key, int generator) {
 					    NULL, NULL);
 
 	if (dh == NULL)
-		return (DST_R_OPENSSLFAILURE);
+		return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
 
 	if (DH_generate_key(dh) == 0) {
 		DH_free(dh);
-		return (DST_R_OPENSSLFAILURE);
+		return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
 	}
 	dh->flags &= ~DH_FLAG_CACHE_MONT_P;
 
diff --git a/lib/dns/sec/dst/openssldsa_link.c b/lib/dns/sec/dst/openssldsa_link.c
index f71b7c94a6..aba2af3e87 100644
--- a/lib/dns/sec/dst/openssldsa_link.c
+++ b/lib/dns/sec/dst/openssldsa_link.c
@@ -17,7 +17,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: openssldsa_link.c,v 1.10 2002/02/27 22:12:02 bwelling Exp $ */
+/* $Id: openssldsa_link.c,v 1.11 2002/03/19 04:30:56 marka Exp $ */
 
 #ifdef OPENSSL
 
@@ -33,6 +33,7 @@
 #include <dst/result.h>
 
 #include "dst_internal.h"
+#include "dst_openssl.h"
 #include "dst_parse.h"
 
 #include <openssl/dsa.h>
@@ -96,7 +97,7 @@ openssldsa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
 
 	dsasig = DSA_do_sign(digest, ISC_SHA1_DIGESTLENGTH, dsa);
 	if (dsasig == NULL)
-		return (DST_R_SIGNFAILURE);
+		return (dst__openssl_toresult(DST_R_SIGNFAILURE));
 
 	*r.base++ = (key->key_size - 512)/64;
 	BN_bn2bin_fixed(dsasig->r, r.base, ISC_SHA1_DIGESTLENGTH);
@@ -134,7 +135,7 @@ openssldsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
 	status = DSA_do_verify(digest, ISC_SHA1_DIGESTLENGTH, dsasig, dsa);
 	DSA_SIG_free(dsasig);
 	if (status == 0)
-		return (DST_R_VERIFYFAILURE);
+		return (dst__openssl_toresult(DST_R_VERIFYFAILURE));
 
 	return (ISC_R_SUCCESS);
 }
@@ -187,11 +188,11 @@ openssldsa_generate(dst_key_t *key, int unused) {
 				      NULL, NULL);
 
 	if (dsa == NULL)
-		return (DST_R_OPENSSLFAILURE);
+		return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
 
 	if (DSA_generate_key(dsa) == 0) {
 		DSA_free(dsa);
-		return (DST_R_OPENSSLFAILURE);
+		return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
 	}
 	dsa->flags &= ~DSA_FLAG_CACHE_MONT_P;
 
diff --git a/lib/dns/sec/dst/opensslrsa_link.c b/lib/dns/sec/dst/opensslrsa_link.c
index ad1016eea6..0b8f9b5a48 100644
--- a/lib/dns/sec/dst/opensslrsa_link.c
+++ b/lib/dns/sec/dst/opensslrsa_link.c
@@ -17,7 +17,7 @@
 
 /*
  * Principal Author: Brian Wellington
- * $Id: opensslrsa_link.c,v 1.22 2002/02/27 22:12:04 bwelling Exp $
+ * $Id: opensslrsa_link.c,v 1.23 2002/03/19 04:30:57 marka Exp $
  */
 #ifdef OPENSSL
 
@@ -33,6 +33,7 @@
 #include <dst/result.h>
 
 #include "dst_internal.h"
+#include "dst_openssl.h"
 #include "dst_parse.h"
 
 #include <openssl/err.h>
@@ -142,10 +143,8 @@ opensslrsa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
 	}
 
 	status = RSA_sign(type, digest, digestlen, r.base, &siglen, rsa);
-	if (status == 0) {
-		ERR_clear_error();
-		return (DST_R_SIGNFAILURE);
-	}
+	if (status == 0)
+		return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
 
 	isc_buffer_add(sig, siglen);
 
@@ -182,10 +181,8 @@ opensslrsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
 
 	status = RSA_verify(type, digest, digestlen, sig->base,
 			    RSA_size(rsa), rsa);
-	if (status == 0) {
-		ERR_clear_error();
-		return (DST_R_VERIFYFAILURE);
-	}
+	if (status == 0)
+		return (dst__openssl_toresult(DST_R_VERIFYFAILURE));
 
 	return (ISC_R_SUCCESS);
 }
@@ -232,10 +229,8 @@ opensslrsa_generate(dst_key_t *key, int exp) {
 	else
 		e = RSA_F4;
 	rsa = RSA_generate_key(key->key_size, e, NULL, NULL);
-	if (rsa == NULL) {
-		ERR_clear_error();
-		return (DST_R_OPENSSLFAILURE);
-	}
+	if (rsa == NULL)
+		return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
 	SET_FLAGS(rsa);
 	key->opaque = rsa;
 
diff --git a/util/copyrights b/util/copyrights
index 05b6ef2d99..78fa3a0806 100644
--- a/util/copyrights
+++ b/util/copyrights
@@ -1806,6 +1806,7 @@
 ./lib/dns/sec/dst/dst_api.c			C.NAI	1999,2000,2001,2002
 ./lib/dns/sec/dst/dst_internal.h		C.NAI	2000,2001
 ./lib/dns/sec/dst/dst_lib.c			C	1999,2000,2001
+./lib/dns/sec/dst/dst_openssl.h			C	2002
 ./lib/dns/sec/dst/dst_parse.c			C.NAI	1999,2000,2001,2002
 ./lib/dns/sec/dst/dst_parse.h			C.NAI	2000,2001
 ./lib/dns/sec/dst/dst_result.c			C	1999,2000,2001