From 11c4f6b687564cdda8a0a38745e30a12e874084a Mon Sep 17 00:00:00 2001 From: David Lawrence Date: Thu, 31 May 2001 18:34:51 +0000 Subject: [PATCH] Reversed the sense of my earlier change to hmacmd5 key generation that required good entropy only when 'param' (to dst_key_generate) was non-zero. Since the default was always to require good entropy, that default behavior has been restored and now a non-zero param means that pseudorandom is ok. --- bin/named/controlconf.c | 7 ++++--- lib/dns/sec/dst/hmac_link.c | 7 +++---- lib/dns/sec/dst/include/dst/dst.h | 6 ++++-- 3 files changed, 11 insertions(+), 9 deletions(-) diff --git a/bin/named/controlconf.c b/bin/named/controlconf.c index 380c7f3e9d..44827d67e3 100644 --- a/bin/named/controlconf.c +++ b/bin/named/controlconf.c @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: controlconf.c,v 1.9 2001/05/31 10:36:05 tale Exp $ */ +/* $Id: controlconf.c,v 1.10 2001/05/31 18:34:47 tale Exp $ */ #include @@ -712,10 +712,11 @@ make_automagic_key(isc_mem_t *mctx) { dst_key_t *key = NULL; /* - * First generate a secret. + * First generate a secret. The fourth parameter non-zero means + * that pseudorandom data is ok; good entropy is not required. */ result = dst_key_generate(dns_rootname, DST_ALG_HMACMD5, - NS_AUTOKEY_BITS, 0, 0, DNS_KEYPROTO_ANY, + NS_AUTOKEY_BITS, 1, 0, DNS_KEYPROTO_ANY, dns_rdataclass_in, mctx, &key); if (result == ISC_R_SUCCESS) { diff --git a/lib/dns/sec/dst/hmac_link.c b/lib/dns/sec/dst/hmac_link.c index 68b9d79004..d803cfc612 100644 --- a/lib/dns/sec/dst/hmac_link.c +++ b/lib/dns/sec/dst/hmac_link.c @@ -19,7 +19,7 @@ /* * Principal Author: Brian Wellington - * $Id: hmac_link.c,v 1.52 2001/05/31 10:49:28 tale Exp $ + * $Id: hmac_link.c,v 1.53 2001/05/31 18:34:50 tale Exp $ */ #include @@ -124,7 +124,7 @@ hmacmd5_compare(const dst_key_t *key1, const dst_key_t *key2) { } static isc_result_t -hmacmd5_generate(dst_key_t *key, int good_entropy) { +hmacmd5_generate(dst_key_t *key, int pseudorandom_ok) { isc_buffer_t b; isc_result_t ret; int bytes; @@ -137,8 +137,7 @@ hmacmd5_generate(dst_key_t *key, int good_entropy) { } memset(data, 0, HMAC_LEN); - ret = dst__entropy_getdata(data, bytes, - good_entropy != 0 ? ISC_FALSE : ISC_TRUE); + ret = dst__entropy_getdata(data, bytes, ISC_TF(pseudorandom_ok != 0)); if (ret != ISC_R_SUCCESS) return (ret); diff --git a/lib/dns/sec/dst/include/dst/dst.h b/lib/dns/sec/dst/include/dst/dst.h index e43bd0f402..cbb9e53106 100644 --- a/lib/dns/sec/dst/include/dst/dst.h +++ b/lib/dns/sec/dst/include/dst/dst.h @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dst.h,v 1.41 2001/05/21 22:10:23 bwelling Exp $ */ +/* $Id: dst.h,v 1.42 2001/05/31 18:34:51 tale Exp $ */ #ifndef DST_DST_H #define DST_DST_H 1 @@ -376,7 +376,9 @@ dst_key_generate(dns_name_t *name, unsigned int alg, * otherwise use 2 as the generator. * !0 use this value as the generator. * DSA: unused - * HMACMD5:unused + * HMACMD5: entropy + * 0 default - require good entropy + * !0 lack of good entropy is ok * * Requires: * "name" is a valid absolute dns name.