mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-02 15:45:25 +00:00
Code Issues Releases Wiki Activity

Reversed the sense of my earlier change to hmacmd5 key generation that

Browse Source 
required good entropy only when 'param' (to dst_key_generate) was non-zero.
Since the default was always to require good entropy, that default behavior
has been restored and now a non-zero param means that pseudorandom is ok.
This commit is contained in:
David Lawrence
2001-05-31 18:34:51 +00:00
parent b79e66b06d
commit 11c4f6b687
3 changed files with 11 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
bin/named/controlconf.c
View File

@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/ */
/* $Id: controlconf.c,v 1.9 2001/05/31 10:36:05 tale Exp $ */ /* $Id: controlconf.c,v 1.10 2001/05/31 18:34:47 tale Exp $ */
#include <config.h> #include <config.h>
@@ -712,10 +712,11 @@ make_automagic_key(isc_mem_t *mctx) {
dst_key_t *key = NULL; dst_key_t *key = NULL;
/* /*
* First generate a secret. * First generate a secret. The fourth parameter non-zero means
* that pseudorandom data is ok; good entropy is not required.
*/ */
result = dst_key_generate(dns_rootname, DST_ALG_HMACMD5, result = dst_key_generate(dns_rootname, DST_ALG_HMACMD5,
NS_AUTOKEY_BITS, 0, 0, DNS_KEYPROTO_ANY, NS_AUTOKEY_BITS, 1, 0, DNS_KEYPROTO_ANY,
dns_rdataclass_in, mctx, &key); dns_rdataclass_in, mctx, &key);
if (result == ISC_R_SUCCESS) { if (result == ISC_R_SUCCESS) {

7
lib/dns/sec/dst/hmac_link.c
View File

@@ -19,7 +19,7 @@
/* /*
* Principal Author: Brian Wellington * Principal Author: Brian Wellington
* $Id: hmac_link.c,v 1.52 2001/05/31 10:49:28 tale Exp $ * $Id: hmac_link.c,v 1.53 2001/05/31 18:34:50 tale Exp $
*/ */
#include <config.h> #include <config.h>
@@ -124,7 +124,7 @@ hmacmd5_compare(const dst_key_t *key1, const dst_key_t *key2) {
} }
static isc_result_t static isc_result_t
hmacmd5_generate(dst_key_t *key, int good_entropy) { hmacmd5_generate(dst_key_t *key, int pseudorandom_ok) {
isc_buffer_t b; isc_buffer_t b;
isc_result_t ret; isc_result_t ret;
int bytes; int bytes;
@@ -137,8 +137,7 @@ hmacmd5_generate(dst_key_t *key, int good_entropy) {
} }
memset(data, 0, HMAC_LEN); memset(data, 0, HMAC_LEN);
ret = dst__entropy_getdata(data, bytes, ret = dst__entropy_getdata(data, bytes, ISC_TF(pseudorandom_ok != 0));
good_entropy != 0 ? ISC_FALSE : ISC_TRUE);
if (ret != ISC_R_SUCCESS) if (ret != ISC_R_SUCCESS)
return (ret); return (ret);

6
lib/dns/sec/dst/include/dst/dst.h
View File

@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/ */
/* $Id: dst.h,v 1.41 2001/05/21 22:10:23 bwelling Exp $ */ /* $Id: dst.h,v 1.42 2001/05/31 18:34:51 tale Exp $ */
#ifndef DST_DST_H #ifndef DST_DST_H
#define DST_DST_H 1 #define DST_DST_H 1
@@ -376,7 +376,9 @@ dst_key_generate(dns_name_t *name, unsigned int alg,
* otherwise use 2 as the generator. * otherwise use 2 as the generator.
* !0 use this value as the generator. * !0 use this value as the generator.
* DSA: unused * DSA: unused
* HMACMD5:unused * HMACMD5: entropy
* 0 default - require good entropy
* !0 lack of good entropy is ok
* *
* Requires: * Requires:
* "name" is a valid absolute dns name. * "name" is a valid absolute dns name.