From 09a1a618cd75ff24e3498fa0436669d5835ee0ba Mon Sep 17 00:00:00 2001 From: Brian Wellington Date: Fri, 9 Jun 2000 22:32:20 +0000 Subject: [PATCH] Use the entropy api. --- lib/dns/sec/dst/bsafe_link.c | 13 +- lib/dns/sec/dst/dst_api.c | 194 ++++++++++-------------------- lib/dns/sec/dst/dst_internal.h | 35 ++---- lib/dns/sec/dst/hmac_link.c | 9 +- lib/dns/sec/dst/include/dst/dst.h | 24 +--- lib/dns/sec/dst/openssl_link.c | 48 ++++++-- lib/dns/sec/dst/openssldh_link.c | 8 +- 7 files changed, 138 insertions(+), 193 deletions(-) diff --git a/lib/dns/sec/dst/bsafe_link.c b/lib/dns/sec/dst/bsafe_link.c index 3d1533e5d8..05e16ea61b 100644 --- a/lib/dns/sec/dst/bsafe_link.c +++ b/lib/dns/sec/dst/bsafe_link.c @@ -19,13 +19,14 @@ /* * Principal Author: Brian Wellington - * $Id: bsafe_link.c,v 1.28 2000/06/09 20:58:32 gson Exp $ + * $Id: bsafe_link.c,v 1.29 2000/06/09 22:32:13 bwelling Exp $ */ #if defined(DNSSAFE) #include +#include #include #include #include @@ -177,7 +178,7 @@ static isc_result_t dnssafersa_verify(dst_context_t *dctx, const isc_region_t *sig) { isc_md5_t *md5ctx = dctx->opaque; unsigned char digest[ISC_MD5_DIGESTLENGTH]; - unsigned char work_area[DST_HASH_SIZE + sizeof(pkcs1)]; + unsigned char work_area[ISC_MD5_DIGESTLENGTH + sizeof(pkcs1)]; isc_buffer_t work; isc_region_t work_region; dst_key_t *key = dctx->key; @@ -299,7 +300,7 @@ dnssafersa_compare(const dst_key_t *key1, const dst_key_t *key2) { } static isc_result_t -dnssafersa_generate(dst_key_t *key, int exp) { +dnssafersa_generate(dst_key_t *key, int exp, isc_entropy_t *ectx) { B_KEY_OBJ private; B_KEY_OBJ public; B_ALGORITHM_OBJ keypairGenerator = NULL; @@ -309,7 +310,7 @@ dnssafersa_generate(dst_key_t *key, int exp) { int exponent_len = 0; RSA_Key *rsa; unsigned char randomSeed[256]; - isc_buffer_t b, rand; + isc_buffer_t b; A_RSA_KEY *pub = NULL; isc_result_t ret; isc_mem_t *mctx; @@ -392,8 +393,8 @@ dnssafersa_generate(dst_key_t *key, int exp) { if (B_RandomInit(randomAlgorithm, CHOOSER, NULL_SURRENDER) != 0) do_fail(ISC_R_NOMEMORY); - isc_buffer_init(&rand, randomSeed, sizeof(randomSeed)); - ret = dst_random_get(sizeof(randomSeed), &rand); + ret = isc_entropy_getdata(ectx, randomSeed, sizeof(randomSeed), NULL, + ISC_ENTROPY_GOODONLY | ISC_ENTROPY_BLOCKING); if (ret != ISC_R_SUCCESS) goto fail; diff --git a/lib/dns/sec/dst/dst_api.c b/lib/dns/sec/dst/dst_api.c index 10525565eb..9544efdb86 100644 --- a/lib/dns/sec/dst/dst_api.c +++ b/lib/dns/sec/dst/dst_api.c @@ -19,7 +19,7 @@ /* * Principal Author: Brian Wellington - * $Id: dst_api.c,v 1.52 2000/06/09 20:58:33 gson Exp $ + * $Id: dst_api.c,v 1.53 2000/06/09 22:32:15 bwelling Exp $ */ #include @@ -28,6 +28,7 @@ #include #include +#include #include #include #include @@ -56,14 +57,13 @@ static dst_func_t *dst_t_func[DST_MAX_ALGS]; static isc_mem_t *dst_memory_pool = NULL; +static isc_entropy_t *dst_entropy_pool = NULL; +static unsigned int dst_entropy_flags = 0; static isc_boolean_t dst_initialized = ISC_FALSE; -static isc_mutex_t mutex, random_lock; -static isc_once_t once = ISC_ONCE_INIT; /* * Static functions. */ -static isc_result_t initialize(isc_mem_t *mctx); static dst_key_t * get_key_struct(dns_name_t *name, const unsigned int alg, const unsigned int flags, @@ -82,9 +82,41 @@ static isc_result_t buildfilename(dns_name_t *name, const char *directory, isc_buffer_t *out); +#define RETERR(x) do { \ + result = (x); \ + if (result != ISC_R_SUCCESS) \ + goto out; \ + } while (0) + isc_result_t -dst_lib_init(isc_mem_t *mctx) { - return (initialize(mctx)); +dst_lib_init(isc_mem_t *mctx, isc_entropy_t *ectx, unsigned int eflags) { + isc_result_t result; + + REQUIRE(mctx != NULL && ectx != NULL); + REQUIRE(dst_initialized == ISC_FALSE); + + isc_mem_attach(mctx, &dst_memory_pool); + isc_entropy_attach(ectx, &dst_entropy_pool); + dst_entropy_flags = eflags; + + dst_result_register(); + + memset(dst_t_func, 0, sizeof(dst_t_func)); + RETERR(dst__hmacmd5_init(&dst_t_func[DST_ALG_HMACMD5])); +#ifdef DNSSAFE + RETERR(dst__dnssafersa_init(&dst_t_func[DST_ALG_RSA])); +#endif +#ifdef OPENSSL + RETERR(dst__openssldsa_init(&dst_t_func[DST_ALG_DSA])); + RETERR(dst__openssldh_init(&dst_t_func[DST_ALG_DH])); +#endif + + dst_initialized = ISC_TRUE; + return (ISC_R_SUCCESS); + + out: + dst_lib_destroy(); + return (result); } void @@ -100,13 +132,16 @@ dst_lib_destroy(void) { dst__openssldsa_destroy(); dst__openssldh_destroy(); #endif - isc_mem_detach(&dst_memory_pool); + if (dst_memory_pool != NULL) + isc_mem_detach(&dst_memory_pool); + if (dst_entropy_pool != NULL) + isc_entropy_detach(&dst_entropy_pool); } isc_boolean_t dst_algorithm_supported(const unsigned int alg) { - REQUIRE(initialize(NULL) == ISC_R_SUCCESS); + REQUIRE(dst_initialized == ISC_TRUE); if (alg >= DST_MAX_ALGS || dst_t_func[alg] == NULL) return (ISC_FALSE); @@ -118,7 +153,7 @@ dst_context_create(dst_key_t *key, isc_mem_t *mctx, dst_context_t **dctxp) { dst_context_t *dctx; isc_result_t result; - REQUIRE(initialize(NULL) == ISC_R_SUCCESS); + REQUIRE(dst_initialized == ISC_TRUE); REQUIRE(mctx != NULL); REQUIRE(dctxp != NULL && *dctxp == NULL); @@ -197,7 +232,7 @@ isc_result_t dst_key_computesecret(const dst_key_t *pub, const dst_key_t *priv, isc_buffer_t *secret) { - REQUIRE(initialize(NULL) == ISC_R_SUCCESS); + REQUIRE(dst_initialized == ISC_TRUE); REQUIRE(VALID_KEY(pub) && VALID_KEY(priv)); REQUIRE(secret != NULL); @@ -223,7 +258,7 @@ isc_result_t dst_key_tofile(const dst_key_t *key, const int type, const char *directory) { isc_result_t ret = ISC_R_SUCCESS; - REQUIRE(initialize(NULL) == ISC_R_SUCCESS); + REQUIRE(dst_initialized == ISC_TRUE); REQUIRE(VALID_KEY(key)); REQUIRE((type & (DST_TYPE_PRIVATE | DST_TYPE_PUBLIC)) != 0); @@ -256,7 +291,7 @@ dst_key_fromfile(dns_name_t *name, const isc_uint16_t id, dst_key_t *key; isc_result_t result; - REQUIRE(initialize(NULL) == ISC_R_SUCCESS); + REQUIRE(dst_initialized == ISC_TRUE); REQUIRE(dns_name_isabsolute(name)); REQUIRE((type & (DST_TYPE_PRIVATE | DST_TYPE_PUBLIC)) != 0); REQUIRE(mctx != NULL); @@ -294,7 +329,7 @@ dst_key_fromnamedfile(const char *filename, const int type, isc_mem_t *mctx, dst_key_t *pubkey = NULL, *key = NULL; isc_uint16_t id; - REQUIRE(initialize(NULL) == ISC_R_SUCCESS); + REQUIRE(dst_initialized == ISC_TRUE); REQUIRE(filename != NULL); REQUIRE((type & (DST_TYPE_PRIVATE | DST_TYPE_PUBLIC)) != 0); REQUIRE(mctx != NULL); @@ -339,7 +374,7 @@ dst_key_fromnamedfile(const char *filename, const int type, isc_mem_t *mctx, isc_result_t dst_key_todns(const dst_key_t *key, isc_buffer_t *target) { - REQUIRE(initialize(NULL) == ISC_R_SUCCESS); + REQUIRE(dst_initialized == ISC_TRUE); REQUIRE(VALID_KEY(key)); REQUIRE(target != NULL); @@ -376,7 +411,7 @@ dst_key_fromdns(dns_name_t *name, isc_buffer_t *source, isc_mem_t *mctx, isc_uint8_t alg, proto; isc_uint32_t flags, extflags; - REQUIRE(initialize(NULL) == ISC_R_SUCCESS); + REQUIRE(dst_initialized == ISC_TRUE); REQUIRE(dns_name_isabsolute(name)); REQUIRE(source != NULL); REQUIRE(mctx != NULL); @@ -410,7 +445,7 @@ dst_key_frombuffer(dns_name_t *name, const unsigned int alg, dst_key_t *key; isc_result_t ret; - REQUIRE(initialize(NULL) == ISC_R_SUCCESS); + REQUIRE(dst_initialized == ISC_TRUE); REQUIRE(dns_name_isabsolute(name)); REQUIRE(source != NULL); REQUIRE(mctx != NULL); @@ -440,7 +475,7 @@ dst_key_frombuffer(dns_name_t *name, const unsigned int alg, isc_result_t dst_key_tobuffer(const dst_key_t *key, isc_buffer_t *target) { - REQUIRE(initialize(NULL) == ISC_R_SUCCESS); + REQUIRE(dst_initialized == ISC_TRUE); REQUIRE(VALID_KEY(key)); REQUIRE(target != NULL); @@ -462,7 +497,7 @@ dst_key_generate(dns_name_t *name, const unsigned int alg, dst_key_t *key; isc_result_t ret; - REQUIRE(initialize(NULL) == ISC_R_SUCCESS); + REQUIRE(dst_initialized == ISC_TRUE); REQUIRE(dns_name_isabsolute(name)); REQUIRE(mctx != NULL); REQUIRE(keyp != NULL && *keyp == NULL); @@ -485,7 +520,7 @@ dst_key_generate(dns_name_t *name, const unsigned int alg, return (DST_R_UNSUPPORTEDALG); } - ret = key->func->generate(key, param); + ret = key->func->generate(key, param, dst_entropy_pool); if (ret != ISC_R_SUCCESS) { dst_key_free(&key); return (ret); @@ -497,7 +532,7 @@ dst_key_generate(dns_name_t *name, const unsigned int alg, isc_boolean_t dst_key_compare(const dst_key_t *key1, const dst_key_t *key2) { - REQUIRE(initialize(NULL) == ISC_R_SUCCESS); + REQUIRE(dst_initialized == ISC_TRUE); REQUIRE(VALID_KEY(key1)); REQUIRE(VALID_KEY(key2)); @@ -516,7 +551,7 @@ dst_key_compare(const dst_key_t *key1, const dst_key_t *key2) { isc_boolean_t dst_key_paramcompare(const dst_key_t *key1, const dst_key_t *key2) { - REQUIRE(initialize(NULL) == ISC_R_SUCCESS); + REQUIRE(dst_initialized == ISC_TRUE); REQUIRE(VALID_KEY(key1)); REQUIRE(VALID_KEY(key2)); @@ -537,7 +572,7 @@ dst_key_free(dst_key_t **keyp) { isc_mem_t *mctx; dst_key_t *key; - REQUIRE(initialize(NULL) == ISC_R_SUCCESS); + REQUIRE(dst_initialized == ISC_TRUE); REQUIRE(keyp != NULL && VALID_KEY(*keyp)); key = *keyp; @@ -640,7 +675,7 @@ dst_key_buildfilename(const dst_key_t *key, const int type, isc_result_t dst_key_sigsize(const dst_key_t *key, unsigned int *n) { - REQUIRE(initialize(NULL) == ISC_R_SUCCESS); + REQUIRE(dst_initialized == ISC_TRUE); REQUIRE(VALID_KEY(key)); REQUIRE(n != NULL); @@ -663,7 +698,7 @@ dst_key_sigsize(const dst_key_t *key, unsigned int *n) { isc_result_t dst_key_secretsize(const dst_key_t *key, unsigned int *n) { - REQUIRE(initialize(NULL) == ISC_R_SUCCESS); + REQUIRE(dst_initialized == ISC_TRUE); REQUIRE(VALID_KEY(key)); REQUIRE(n != NULL); @@ -680,114 +715,10 @@ dst_key_secretsize(const dst_key_t *key, unsigned int *n) { return (ISC_R_SUCCESS); } -isc_result_t -dst_random_get(const unsigned int wanted, isc_buffer_t *target) { - isc_region_t r; - int status; - - REQUIRE(initialize(NULL) == ISC_R_SUCCESS); - REQUIRE(target != NULL); - - isc_buffer_availableregion(target, &r); - if (r.length < wanted) - return (ISC_R_NOSPACE); - - RUNTIME_CHECK(isc_mutex_lock((&random_lock)) == ISC_R_SUCCESS); - status = RAND_bytes(r.base, wanted); - RUNTIME_CHECK(isc_mutex_unlock((&random_lock)) == ISC_R_SUCCESS); - if (status == 0) - return (DST_R_NORANDOMNESS); - - isc_buffer_add(target, wanted); - return (ISC_R_SUCCESS); -} - /*** *** Static methods ***/ -#define RETERR(x) do { \ - result = (x); \ - if (result != ISC_R_SUCCESS) \ - goto out; \ - } while (0) - -static void -initialize_action(void) { - RUNTIME_CHECK(isc_mutex_init(&mutex) == ISC_R_SUCCESS); -} - -static isc_result_t -initialize(isc_mem_t *mctx) { - isc_result_t result = ISC_R_SUCCESS; - - isc_once_do(&once, initialize_action); - - LOCK(&mutex); - - if (mctx != NULL) - REQUIRE(dst_initialized == ISC_FALSE); - - if (dst_initialized) { - UNLOCK(&mutex); - return (ISC_R_SUCCESS); - } - - if (mctx != NULL) - isc_mem_attach(mctx, &dst_memory_pool); - else { - result = isc_mem_create(0, 0, &dst_memory_pool); - if (result != ISC_R_SUCCESS) - return (result); - } - - dst_initialized = ISC_TRUE; - - UNLOCK(&mutex); - - memset(dst_t_func, 0, sizeof(dst_t_func)); - - RETERR(isc_mutex_init(&random_lock)); - - dst_result_register(); - - RETERR(dst__hmacmd5_init(&dst_t_func[DST_ALG_HMACMD5])); -#ifdef DNSSAFE - RETERR(dst__dnssafersa_init(&dst_t_func[DST_ALG_RSA])); -#endif -#ifdef OPENSSL - RETERR(dst__openssldsa_init(&dst_t_func[DST_ALG_DSA])); - RETERR(dst__openssldh_init(&dst_t_func[DST_ALG_DH])); - - /* - * Seed the random number generator, if necessary. - * XXX This doesn't do a very good job, and must be fixed. - */ - if (RAND_status() == 0) { - isc_random_t rctx; - isc_uint32_t val; - isc_time_t now; - isc_result_t result; - - isc_random_init(&rctx); - result = isc_time_now(&now); - INSIST(result == ISC_R_SUCCESS); - isc_random_seed(&rctx, isc_time_nanoseconds(&now)); - while (RAND_status() == 0) { - isc_random_get(&rctx, &val); - RAND_add(&val, sizeof(isc_uint32_t), 1); - } - isc_random_invalidate(&rctx); - } -#endif - - return (ISC_R_SUCCESS); - - out: - dst_lib_destroy(); - return (result); -} - /* * Allocates a key structure and fills in some of the fields. */ @@ -1061,3 +992,10 @@ dst__mem_realloc(void *ptr, size_t size) { dst__mem_free(ptr); return (p); } + +isc_result_t +dst__entropy_getdata(void *buf, unsigned int len) { + return (isc_entropy_getdata(dst_entropy_pool, buf, len, NULL, + dst_entropy_flags)); + +} diff --git a/lib/dns/sec/dst/dst_internal.h b/lib/dns/sec/dst/dst_internal.h index fa724bebb4..b50f70c777 100644 --- a/lib/dns/sec/dst/dst_internal.h +++ b/lib/dns/sec/dst/dst_internal.h @@ -29,16 +29,6 @@ ISC_LANG_BEGINDECLS -/* - * define what crypto systems are supported. - * BSAFE, DNSSAFE for RSA - * OPENSSL for DSA - * Only one package per algorithm can be defined. - */ -#if defined(BSAFE) && defined(DNSSAFE) -# error "Cannot have both BSAFE and DNSSAFE defined" -#endif - /*** *** Types ***/ @@ -84,7 +74,8 @@ struct dst_func { isc_boolean_t (*compare)(const dst_key_t *key1, const dst_key_t *key2); isc_boolean_t (*paramcompare)(const dst_key_t *key1, const dst_key_t *key2); - isc_result_t (*generate)(dst_key_t *key, int parms); + isc_result_t (*generate)(dst_key_t *key, int parms, + isc_entropy_t *ectx); isc_boolean_t (*isprivate)(const dst_key_t *key); void (*destroy)(dst_key_t *key); @@ -96,18 +87,15 @@ struct dst_func { const char *filename); }; -#ifndef DST_HASH_SIZE -#define DST_HASH_SIZE 20 /* RIPEMD160 & SHA-1 are 20 bytes, MD5 is 16 */ -#endif - /* * Initializers */ +isc_result_t dst__openssl_init(void); + isc_result_t dst__hmacmd5_init(struct dst_func **funcp); isc_result_t dst__dnssafersa_init(struct dst_func **funcp); isc_result_t dst__openssldsa_init(struct dst_func **funcp); isc_result_t dst__openssldh_init(struct dst_func **funcp); -isc_result_t dst__opensslmd5_init(struct dst_func **funcp); /* * Destructors @@ -116,7 +104,6 @@ void dst__hmacmd5_destroy(void); void dst__dnssafersa_destroy(void); void dst__openssldsa_destroy(void); void dst__openssldh_destroy(void); -void dst__opensslmd5_destroy(void); /* * Support functions. @@ -127,12 +114,14 @@ dst__id_calc(const unsigned char *key, const int keysize); /* * Memory allocators using the DST memory pool. */ -void * -dst__mem_alloc(size_t size); -void -dst__mem_free(void *ptr); -void * -dst__mem_realloc(void *ptr, size_t size); +void * dst__mem_alloc(size_t size); +void dst__mem_free(void *ptr); +void * dst__mem_realloc(void *ptr, size_t size); + +/* + * Entropy retriever using the DST entropy pool. + */ +isc_result_t dst__entropy_getdata(void *buf, unsigned int len); ISC_LANG_ENDDECLS diff --git a/lib/dns/sec/dst/hmac_link.c b/lib/dns/sec/dst/hmac_link.c index ccccacc07d..5156f97556 100644 --- a/lib/dns/sec/dst/hmac_link.c +++ b/lib/dns/sec/dst/hmac_link.c @@ -19,11 +19,12 @@ /* * Principal Author: Brian Wellington - * $Id: hmac_link.c,v 1.35 2000/06/09 20:58:37 gson Exp $ + * $Id: hmac_link.c,v 1.36 2000/06/09 22:32:17 bwelling Exp $ */ #include +#include #include #include #include @@ -144,7 +145,7 @@ hmacmd5_compare(const dst_key_t *key1, const dst_key_t *key2) { } static isc_result_t -hmacmd5_generate(dst_key_t *key, int unused) { +hmacmd5_generate(dst_key_t *key, int unused, isc_entropy_t *ectx) { isc_buffer_t b; isc_result_t ret; int bytes; @@ -159,8 +160,8 @@ hmacmd5_generate(dst_key_t *key, int unused) { } memset(data, 0, HMAC_LEN); - isc_buffer_init(&b, data, sizeof(data)); - ret = dst_random_get(bytes, &b); + ret = isc_entropy_getdata(ectx, data, bytes, NULL, + ISC_ENTROPY_GOODONLY | ISC_ENTROPY_BLOCKING); if (ret != ISC_R_SUCCESS) return (ret); diff --git a/lib/dns/sec/dst/include/dst/dst.h b/lib/dns/sec/dst/include/dst/dst.h index 3fe7db77bd..7a1137a422 100644 --- a/lib/dns/sec/dst/include/dst/dst.h +++ b/lib/dns/sec/dst/include/dst/dst.h @@ -43,14 +43,13 @@ typedef struct dst_context dst_context_t; ***/ isc_result_t -dst_lib_init(isc_mem_t *mctx); +dst_lib_init(isc_mem_t *mctx, isc_entropy_t *ectx, unsigned int eflags); /* - * Initializes the DST subsystem. If this call is omitted, DST will allocate - * resources itself when the first library call is made (including its own - * memory context). + * Initializes the DST subsystem. * * Requires: * "mctx" is a valid memory context + * "ectx" is a valid entropy context * * Returns: * ISC_R_SUCCESS @@ -475,23 +474,6 @@ dst_key_secretsize(const dst_key_t *key, unsigned int *n); * "n" stores the size of a generated shared secret */ -isc_result_t -dst_random_get(const unsigned int wanted, isc_buffer_t *data); -/* - * Generate random data. - * - * Requires: - * "data" is a valid buffer, with at least "wanted" bytes available. - * - * Returns: - * ISC_R_SUCCESS - * any other result indicates failure - * - * Ensures: - * "wanted" bytes will be written to "data", and the used pointer will - * be advanced. - */ - ISC_LANG_ENDDECLS #endif /* DST_DST_H */ diff --git a/lib/dns/sec/dst/openssl_link.c b/lib/dns/sec/dst/openssl_link.c index 0fbc0404c2..52d9f3d5ca 100644 --- a/lib/dns/sec/dst/openssl_link.c +++ b/lib/dns/sec/dst/openssl_link.c @@ -19,12 +19,13 @@ /* * Principal Author: Brian Wellington - * $Id: openssl_link.c,v 1.28 2000/06/09 20:58:38 gson Exp $ + * $Id: openssl_link.c,v 1.29 2000/06/09 22:32:18 bwelling Exp $ */ #if defined(OPENSSL) #include +#include #include #include #include @@ -36,6 +37,7 @@ #include "dst_parse.h" #include +#include static isc_result_t openssldsa_todns(const dst_key_t *key, isc_buffer_t *data); @@ -170,18 +172,18 @@ openssldsa_compare(const dst_key_t *key1, const dst_key_t *key2) { } static isc_result_t -openssldsa_generate(dst_key_t *key, int unused) { +openssldsa_generate(dst_key_t *key, int unused, isc_entropy_t *ectx) { DSA *dsa; unsigned char dns_array[DST_KEY_MAXSIZE]; unsigned char rand_array[ISC_SHA1_DIGESTLENGTH]; - isc_buffer_t dns, rand; + isc_buffer_t dns; isc_result_t result; isc_region_t r; UNUSED(unused); - isc_buffer_init(&rand, rand_array, sizeof(rand_array)); - result = dst_random_get(ISC_SHA1_DIGESTLENGTH, &rand); + result = isc_entropy_getdata(ectx, rand_array, sizeof(rand_array), NULL, + ISC_ENTROPY_GOODONLY|ISC_ENTROPY_BLOCKING); if (result != ISC_R_SUCCESS) return (result); @@ -452,8 +454,6 @@ static dst_func_t openssldsa_functions = { isc_result_t dst__openssldsa_init(dst_func_t **funcp) { REQUIRE(funcp != NULL && *funcp == NULL); - CRYPTO_set_mem_functions(dst__mem_alloc, dst__mem_realloc, - dst__mem_free); *funcp = &openssldsa_functions; return (ISC_R_SUCCESS); } @@ -462,4 +462,38 @@ void dst__openssldsa_destroy(void) { } +static int +entropy_get(unsigned char *buf, int num) { + isc_result_t result; + if (num < 0) + return (-1); + result = dst__entropy_getdata(buf, (unsigned int) num); + return (result == ISC_R_SUCCESS ? 0 : -1); +} + +static void +entropy_add(const void *buf, int num, double entropy) { + /* + * Do nothing. The only call to this provides no useful data anyway. + */ + UNUSED(buf); + UNUSED(num); + UNUSED(entropy); +} + +isc_result_t +dst__openssl_init(void) { + RAND_METHOD rm; + CRYPTO_set_mem_functions(dst__mem_alloc, dst__mem_realloc, + dst__mem_free); + rm.seed = NULL; + rm.bytes = entropy_get; + rm.cleanup = NULL; + rm.add = entropy_add; + rm.pseudorand = entropy_get; + rm.status = NULL; + RAND_set_rand_method(&rm); + return (ISC_R_SUCCESS); +} + #endif /* OPENSSL */ diff --git a/lib/dns/sec/dst/openssldh_link.c b/lib/dns/sec/dst/openssldh_link.c index eb8e924868..8dcf6404f0 100644 --- a/lib/dns/sec/dst/openssldh_link.c +++ b/lib/dns/sec/dst/openssldh_link.c @@ -19,7 +19,7 @@ /* * Principal Author: Brian Wellington - * $Id: openssldh_link.c,v 1.23 2000/06/09 20:58:39 gson Exp $ + * $Id: openssldh_link.c,v 1.24 2000/06/09 22:32:19 bwelling Exp $ */ #if defined(OPENSSL) @@ -128,13 +128,15 @@ openssldh_paramcompare(const dst_key_t *key1, const dst_key_t *key2) { } static isc_result_t -openssldh_generate(dst_key_t *key, int generator) { +openssldh_generate(dst_key_t *key, int generator, isc_entropy_t *ectx) { DH *dh = NULL; unsigned char dns_array[DST_KEY_MAXSIZE]; isc_buffer_t dns; isc_region_t r; isc_result_t result; + UNUSED(ectx); + if (generator == 0) { if (key->key_size == 768 || key->key_size == 1024) { dh = DH_new(); @@ -552,8 +554,6 @@ static dst_func_t openssldh_functions = { isc_result_t dst__openssldh_init(dst_func_t **funcp) { REQUIRE(funcp != NULL && *funcp == NULL); - CRYPTO_set_mem_functions(dst__mem_alloc, dst__mem_realloc, - dst__mem_free); BN_init(&bn2); BN_init(&bn768); BN_init(&bn1024);