DNSSEC crypto: add GOST engine initialization

ref #121

src/libknot/dnssec/config.h

@@ -36,6 +36,12 @@
   #undef KNOT_ENABLE_ECDSA
 #endif
 
+#if !defined(OPENSSL_NO_GOST)
+  #define KNOT_ENABLE_GOST 1
+#else
+  #undef KNOT_ENABLE_GOST
+#endif
+
 #endif // _KNOT_DNSSEC_CONFIG_H_
 
 /*! @} */

src/libknot/dnssec/crypto.c

@@ -16,13 +16,17 @@
 
 #include <assert.h>
 #include <openssl/crypto.h>
+#include <openssl/engine.h>
 #include <openssl/err.h>
 #include <openssl/evp.h>
 #include <pthread.h>
 
 #include "libknot/common.h"
+#include "libknot/dnssec/config.h"
 #include "libknot/dnssec/crypto.h"
 
+/*- thread safety -----------------------------------------------------------*/
+
 /*!
  * \brief Mutexes to be used by OpenSSL.
  */
@@ -107,6 +111,45 @@ static void openssl_threadid_cb(CRYPTO_THREADID *openssl_id)
 	CRYPTO_THREADID_set_pointer(openssl_id, (void *)id);
 }
 
+/*- pluggable engines -------------------------------------------------------*/
+
+#if KNOT_ENABLE_GOST
+
+static ENGINE *gost_engine = NULL;
+
+static void init_gost_engine(void)
+{
+	assert(gost_engine == NULL);
+
+#ifndef OPENSSL_NO_STATIC_ENGINE
+	ENGINE_load_gost();
+#else
+	ENGINE_load_dynamic();
+#endif
+
+	gost_engine = ENGINE_by_id("gost");
+	if (!gost_engine) {
+		return;
+	}
+
+	ENGINE_init(gost_engine);
+	ENGINE_register_pkey_asn1_meths(gost_engine);
+	ENGINE_ctrl_cmd_string(gost_engine, "CRYPT_PARAMS",
+	                       "id-Gost28147-89-CryptoPro-A-ParamSet", 0);
+}
+
+static void deinit_gost_engine(void)
+{
+	assert(gost_engine);
+
+	ENGINE_finish(gost_engine);
+	ENGINE_free(gost_engine);
+
+	gost_engine = NULL;
+}
+
+#endif
+
 /*- public API --------------------------------------------------------------*/
 
 void knot_crypto_init(void)
@@ -116,6 +159,8 @@ void knot_crypto_init(void)
 
 void knot_crypto_cleanup(void)
 {
+	knot_crypto_unload_engines();
+
 	EVP_cleanup();
 	CRYPTO_cleanup_all_ex_data();
 	ERR_free_strings();
@@ -145,3 +190,21 @@ void knot_crypto_cleanup_threads(void)
 		openssl_mutexes_destroy();
 	}
 }
+
+void knot_crypto_load_engines(void)
+{
+#if KNOT_ENABLE_GOST
+	if (!gost_engine) {
+		init_gost_engine();
+	}
+#endif
+}
+
+void knot_crypto_unload_engines(void)
+{
+#if KNOT_ENABLE_GOST
+	if (gost_engine) {
+		deinit_gost_engine();
+	}
+#endif
+}

src/libknot/dnssec/crypto.h

@@ -54,6 +54,16 @@ void knot_crypto_init_threads(void);
  */
 void knot_crypto_cleanup_threads(void);
 
+/*!
+ * \brief Load pluggable crypto engines.
+ */
+void knot_crypto_load_engines(void);
+
+/*!
+ * \brief Unload pluggable crypto engines.
+ */
+void knot_crypto_unload_engines(void);
+
 #endif // _KNOT_DNSSEC_CRYPTO_H_
 
 /*! @} */