From 14c5931d3d52baf17a786153c35c05fa62f916dc Mon Sep 17 00:00:00 2001
From: Brian Wellington <source@isc.org>
Date: Fri, 9 Jun 2000 22:33:08 +0000
Subject: [PATCH] tkey cleanups and conversion to the entropy api

---
 bin/named/include/named/tkeyconf.h |  5 ++-
 bin/named/tkeyconf.c               |  8 ++--
 lib/dns/include/dns/tkey.h         | 10 +++--
 lib/dns/include/dns/tkeyconf.h     |  5 ++-
 lib/dns/include/dns/types.h        |  2 +-
 lib/dns/tkey.c                     | 72 ++++++++++++++++++------------
 lib/dns/tkeyconf.c                 |  8 ++--
 7 files changed, 64 insertions(+), 46 deletions(-)

diff --git a/bin/named/include/named/tkeyconf.h b/bin/named/include/named/tkeyconf.h
index 1c49a7caa8..1e2ef4988a 100644
--- a/bin/named/include/named/tkeyconf.h
+++ b/bin/named/include/named/tkeyconf.h
@@ -26,8 +26,8 @@
 ISC_LANG_BEGINDECLS
 
 isc_result_t
-dns_tkeyctx_fromconfig(dns_c_ctx_t *cfg, isc_mem_t *mctx,
-		       dns_tkey_ctx_t **tctxp);
+dns_tkeyctx_fromconfig(dns_c_ctx_t *cfg, isc_mem_t *mctx, isc_entropy_t *ectx,
+		       dns_tkeyctx_t **tctxp);
 /*
  * 	Create a TKEY context and configure it, including the default DH key
  *	and default domain, according to 'cfg'.
@@ -35,6 +35,7 @@ dns_tkeyctx_fromconfig(dns_c_ctx_t *cfg, isc_mem_t *mctx,
  *	Requires:
  *		'cfg' is a valid configuration context.
  *		'mctx' is not NULL
+ *		'ectx' is not NULL
  *		'tctx' is not NULL
  *		'*tctx' is NULL
  *
diff --git a/bin/named/tkeyconf.c b/bin/named/tkeyconf.c
index 36452421c2..fceaf7e629 100644
--- a/bin/named/tkeyconf.c
+++ b/bin/named/tkeyconf.c
@@ -34,18 +34,18 @@
 
 
 isc_result_t
-dns_tkeyctx_fromconfig(dns_c_ctx_t *cfg, isc_mem_t *mctx,
-		       dns_tkey_ctx_t **tctxp)
+dns_tkeyctx_fromconfig(dns_c_ctx_t *cfg, isc_mem_t *mctx, isc_entropy_t *ectx,
+		       dns_tkeyctx_t **tctxp)
 {
 	isc_result_t result;
-	dns_tkey_ctx_t *tctx = NULL;
+	dns_tkeyctx_t *tctx = NULL;
 	char *s;
 	isc_uint32_t n;
 	isc_buffer_t b, namebuf;
 	unsigned char data[1024];
 	dns_name_t domain, keyname;
 
-	result = dns_tkeyctx_create(mctx, &tctx);
+	result = dns_tkeyctx_create(mctx, ectx, &tctx);
 	if (result != ISC_R_SUCCESS)
 		return (result);
 
diff --git a/lib/dns/include/dns/tkey.h b/lib/dns/include/dns/tkey.h
index bc4e4a8728..dee77001d5 100644
--- a/lib/dns/include/dns/tkey.h
+++ b/lib/dns/include/dns/tkey.h
@@ -19,6 +19,7 @@
 #define DNS_TKEY_H 1
 
 #include <isc/lang.h>
+#include <isc/types.h>
 
 #include <dns/types.h>
 
@@ -33,14 +34,15 @@ ISC_LANG_BEGINDECLS
 #define DNS_TKEYMODE_RESOLVERASSIGNED		4
 #define DNS_TKEYMODE_DELETE			5
 
-struct dns_tkey_ctx {
+struct dns_tkeyctx {
 	dst_key_t *dhkey;
 	dns_name_t *domain;
 	isc_mem_t *mctx;
+	isc_entropy_t *ectx;
 };
 
 isc_result_t
-dns_tkeyctx_create(isc_mem_t *mctx, dns_tkey_ctx_t **tctx);
+dns_tkeyctx_create(isc_mem_t *mctx, isc_entropy_t *ectx, dns_tkeyctx_t **tctxp);
 /*
  *	Create an empty TKEY context.
  *
@@ -56,7 +58,7 @@ dns_tkeyctx_create(isc_mem_t *mctx, dns_tkey_ctx_t **tctx);
  */
 
 void
-dns_tkeyctx_destroy(dns_tkey_ctx_t **tctx);
+dns_tkeyctx_destroy(dns_tkeyctx_t **tctxp);
 /*
  *      Frees all data associated with the TKEY context
  *
@@ -66,7 +68,7 @@ dns_tkeyctx_destroy(dns_tkey_ctx_t **tctx);
  */
 
 isc_result_t
-dns_tkey_processquery(dns_message_t *msg, dns_tkey_ctx_t *tctx,
+dns_tkey_processquery(dns_message_t *msg, dns_tkeyctx_t *tctx,
 		      dns_tsig_keyring_t *ring);
 /*
  *	Processes a query containing a TKEY record, adding or deleting TSIG
diff --git a/lib/dns/include/dns/tkeyconf.h b/lib/dns/include/dns/tkeyconf.h
index 1c49a7caa8..1e2ef4988a 100644
--- a/lib/dns/include/dns/tkeyconf.h
+++ b/lib/dns/include/dns/tkeyconf.h
@@ -26,8 +26,8 @@
 ISC_LANG_BEGINDECLS
 
 isc_result_t
-dns_tkeyctx_fromconfig(dns_c_ctx_t *cfg, isc_mem_t *mctx,
-		       dns_tkey_ctx_t **tctxp);
+dns_tkeyctx_fromconfig(dns_c_ctx_t *cfg, isc_mem_t *mctx, isc_entropy_t *ectx,
+		       dns_tkeyctx_t **tctxp);
 /*
  * 	Create a TKEY context and configure it, including the default DH key
  *	and default domain, according to 'cfg'.
@@ -35,6 +35,7 @@ dns_tkeyctx_fromconfig(dns_c_ctx_t *cfg, isc_mem_t *mctx,
  *	Requires:
  *		'cfg' is a valid configuration context.
  *		'mctx' is not NULL
+ *		'ectx' is not NULL
  *		'tctx' is not NULL
  *		'*tctx' is NULL
  *
diff --git a/lib/dns/include/dns/types.h b/lib/dns/include/dns/types.h
index b9a298874a..70762b2320 100644
--- a/lib/dns/include/dns/types.h
+++ b/lib/dns/include/dns/types.h
@@ -88,7 +88,7 @@ typedef isc_uint8_t				dns_secproto_t;
 typedef struct dns_signature			dns_signature_t;
 typedef struct dns_ssurule			dns_ssurule_t;
 typedef struct dns_ssutable			dns_ssutable_t;
-typedef struct dns_tkey_ctx			dns_tkey_ctx_t;
+typedef struct dns_tkeyctx			dns_tkeyctx_t;
 typedef isc_uint16_t				dns_trust_t;
 typedef struct dns_tsig_keyring			dns_tsig_keyring_t;
 typedef struct dns_tsigkey			dns_tsigkey_t;
diff --git a/lib/dns/tkey.c b/lib/dns/tkey.c
index 450e1bd7ca..8efcee9bfe 100644
--- a/lib/dns/tkey.c
+++ b/lib/dns/tkey.c
@@ -16,13 +16,14 @@
  */
 
 /*
- * $Id: tkey.c,v 1.44 2000/06/08 06:16:09 marka Exp $
+ * $Id: tkey.c,v 1.45 2000/06/09 22:33:03 bwelling Exp $
  * Principal Author: Brian Wellington
  */
 
 #include <config.h>
 
 #include <isc/buffer.h>
+#include <isc/entropy.h>
 #include <isc/md5.h>
 #include <isc/mem.h>
 #include <isc/string.h>
@@ -50,38 +51,48 @@
 
 
 isc_result_t
-dns_tkeyctx_create(isc_mem_t *mctx, dns_tkey_ctx_t **tctx) {
+dns_tkeyctx_create(isc_mem_t *mctx, isc_entropy_t *ectx, dns_tkeyctx_t **tctxp)
+{
+	dns_tkeyctx_t *tctx;
+
 	REQUIRE(mctx != NULL);
-	REQUIRE(tctx != NULL);
-	REQUIRE(*tctx == NULL);
+	REQUIRE(ectx != NULL);
+	REQUIRE(tctxp != NULL && *tctxp == NULL);
 
-	*tctx = isc_mem_get(mctx, sizeof(dns_tkey_ctx_t));
-	if (*tctx == NULL)
+	tctx = isc_mem_get(mctx, sizeof(dns_tkeyctx_t));
+	if (tctx == NULL)
 		return (ISC_R_NOMEMORY);
-	(*tctx)->mctx = mctx;
-	(*tctx)->dhkey = NULL;
-	(*tctx)->domain = NULL;
+	tctx->mctx = NULL;
+	isc_mem_attach(mctx, &tctx->mctx);
+	tctx->ectx = NULL;
+	isc_entropy_attach(ectx, &tctx->ectx);
+	tctx->dhkey = NULL;
+	tctx->domain = NULL;
 
+	*tctxp = tctx;
 	return (ISC_R_SUCCESS);
 }
 
 void
-dns_tkeyctx_destroy(dns_tkey_ctx_t **tctx) {
+dns_tkeyctx_destroy(dns_tkeyctx_t **tctxp) {
 	isc_mem_t *mctx;
+	dns_tkeyctx_t *tctx;
 
-	REQUIRE(tctx != NULL);
-	REQUIRE(*tctx != NULL);
+	REQUIRE(tctxp != NULL && *tctxp != NULL);
 
-	if ((*tctx)->dhkey != NULL)
-		dst_key_free(&(*tctx)->dhkey);
-	if ((*tctx)->domain != NULL) {
-		dns_name_free((*tctx)->domain, (*tctx)->mctx);
-		isc_mem_put((*tctx)->mctx, (*tctx)->domain,
-			    sizeof(dns_name_t));
+	tctx = *tctxp;
+	mctx = tctx->mctx;
+
+	if (tctx->dhkey != NULL)
+		dst_key_free(&tctx->dhkey);
+	if (tctx->domain != NULL) {
+		dns_name_free(tctx->domain, mctx);
+		isc_mem_put(mctx, tctx->domain, sizeof(dns_name_t));
 	}
-
-	mctx = (*tctx)->mctx;
-	isc_mem_put(mctx, *tctx, sizeof(dns_tkey_ctx_t));
+	isc_entropy_detach(&tctx->ectx);
+	isc_mem_put(mctx, tctx, sizeof(dns_tkeyctx_t));
+	isc_mem_detach(&mctx);
+	*tctxp = NULL;
 }
 
 static isc_result_t
@@ -200,7 +211,7 @@ compute_secret(isc_buffer_t *shared, isc_region_t *queryrandomness,
 
 static isc_result_t
 process_dhtkey(dns_message_t *msg, dns_name_t *signer, dns_name_t *name,
-	       dns_rdata_tkey_t *tkeyin, dns_tkey_ctx_t *tctx,
+	       dns_rdata_tkey_t *tkeyin, dns_tkeyctx_t *tctx,
 	       dns_rdata_tkey_t *tkeyout,
 	       dns_tsig_keyring_t *ring, dns_namelist_t *namelist)
 {
@@ -215,7 +226,7 @@ process_dhtkey(dns_message_t *msg, dns_name_t *signer, dns_name_t *name,
 	isc_uint32_t ourttl;
 	unsigned char keydata[DST_KEY_MAXSIZE];
 	unsigned int sharedsize;
-	isc_buffer_t randombuf, secret;
+	isc_buffer_t secret;
 	unsigned char *randomdata = NULL, secretdata[256];
 	isc_stdtime_t now;
 
@@ -318,10 +329,11 @@ process_dhtkey(dns_message_t *msg, dns_name_t *signer, dns_name_t *name,
 		result = ISC_R_NOMEMORY;
 		goto failure;
 	}
-	isc_buffer_init(&randombuf, randomdata, TKEY_RANDOM_AMOUNT);
-	RETERR(dst_random_get(TKEY_RANDOM_AMOUNT, &randombuf));
+	RETERR(isc_entropy_getdata(tctx->ectx, randomdata, TKEY_RANDOM_AMOUNT,
+				   NULL, 0));
 
-	isc_buffer_usedregion(&randombuf, &r);
+	r.base = randomdata;
+	r.length = TKEY_RANDOM_AMOUNT;
 	r2.base = tkeyin->key;
 	r2.length = tkeyin->keylen;
 	RETERR(compute_secret(shared, &r2, &r, &secret));
@@ -411,7 +423,7 @@ process_deletetkey(dns_message_t *msg, dns_name_t *signer, dns_name_t *name,
 }
 
 isc_result_t
-dns_tkey_processquery(dns_message_t *msg, dns_tkey_ctx_t *tctx,
+dns_tkey_processquery(dns_message_t *msg, dns_tkeyctx_t *tctx,
 		      dns_tsig_keyring_t *ring)
 {
 	isc_result_t result = ISC_R_SUCCESS;
@@ -525,8 +537,10 @@ dns_tkey_processquery(dns_message_t *msg, dns_tkey_ctx_t *tctx,
 			isc_buffer_t b, b2;
 			int i;
 
-			isc_buffer_init(&b, randomtext, sizeof(randomtext));
-			result = dst_random_get(sizeof(randomtext)/2, &b);
+			result = isc_entropy_getdata(tctx->ectx,
+						     randomtext,
+						     sizeof(randomtext),
+						     NULL, 0);
 			if (result != ISC_R_SUCCESS) {
 				dns_message_takebuffer(msg, &buf);
 				goto failure;
diff --git a/lib/dns/tkeyconf.c b/lib/dns/tkeyconf.c
index 36452421c2..fceaf7e629 100644
--- a/lib/dns/tkeyconf.c
+++ b/lib/dns/tkeyconf.c
@@ -34,18 +34,18 @@
 
 
 isc_result_t
-dns_tkeyctx_fromconfig(dns_c_ctx_t *cfg, isc_mem_t *mctx,
-		       dns_tkey_ctx_t **tctxp)
+dns_tkeyctx_fromconfig(dns_c_ctx_t *cfg, isc_mem_t *mctx, isc_entropy_t *ectx,
+		       dns_tkeyctx_t **tctxp)
 {
 	isc_result_t result;
-	dns_tkey_ctx_t *tctx = NULL;
+	dns_tkeyctx_t *tctx = NULL;
 	char *s;
 	isc_uint32_t n;
 	isc_buffer_t b, namebuf;
 	unsigned char data[1024];
 	dns_name_t domain, keyname;
 
-	result = dns_tkeyctx_create(mctx, &tctx);
+	result = dns_tkeyctx_create(mctx, ectx, &tctx);
 	if (result != ISC_R_SUCCESS)
 		return (result);