From 3f543c371fff724d1fb05eb564f732476e946b5b Mon Sep 17 00:00:00 2001
From: Brian Wellington <source@isc.org>
Date: Wed, 5 Sep 2001 23:15:42 +0000
Subject: [PATCH]  981.	[func]		The dnssec tools can now take multiple
 '-r randomfile' 			arguments.

---
 CHANGES                        |  3 +++
 bin/dnssec/dnssec-keygen.c     |  8 ++++----
 bin/dnssec/dnssec-makekeyset.c |  8 ++++----
 bin/dnssec/dnssec-signkey.c    |  8 ++++----
 bin/dnssec/dnssec-signzone.c   |  8 ++++----
 bin/dnssec/dnssectool.c        | 36 ++++++++++++++++++++++++++++++----
 6 files changed, 51 insertions(+), 20 deletions(-)

diff --git a/CHANGES b/CHANGES
index 0c5f2baefb..76116a3a5f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,7 @@
 
+ 981.	[func]		The dnssec tools can now take multiple '-r randomfile'
+ 			arguments.
+
  980.	[bug]		Incoming zone transfers restarting after an error
 			could trigger an assertion failure. [RT #1692]
 
diff --git a/bin/dnssec/dnssec-keygen.c b/bin/dnssec/dnssec-keygen.c
index 3306460a70..cb5abd517e 100644
--- a/bin/dnssec/dnssec-keygen.c
+++ b/bin/dnssec/dnssec-keygen.c
@@ -17,7 +17,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dnssec-keygen.c,v 1.48 2001/07/10 18:53:09 bwelling Exp $ */
+/* $Id: dnssec-keygen.c,v 1.49 2001/09/05 23:15:35 bwelling Exp $ */
 
 #include <config.h>
 
@@ -92,7 +92,6 @@ int
 main(int argc, char **argv) {
 	char		*algname = NULL, *nametype = NULL, *type = NULL;
 	char		*classname = NULL;
-	char		*randomfile = NULL;
 	char		*prog, *endp;
 	dst_key_t	*key = NULL, *oldkey;
 	dns_fixedname_t	fname;
@@ -173,7 +172,7 @@ main(int argc, char **argv) {
 				      "[0..15]");
 			break;
 		case 'r':
-			randomfile = isc_commandline_argument;
+			setup_entropy(mctx, isc_commandline_argument, &ectx);
 			break;
 		case 'v':
 			endp = NULL;
@@ -191,7 +190,8 @@ main(int argc, char **argv) {
 		}
 	}
 
-	setup_entropy(mctx, randomfile, &ectx);
+	if (ectx == NULL)
+		setup_entropy(mctx, NULL, &ectx);
 	ret = dst_lib_init(mctx, ectx,
 			   ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY);
 	if (ret != ISC_R_SUCCESS)
diff --git a/bin/dnssec/dnssec-makekeyset.c b/bin/dnssec/dnssec-makekeyset.c
index 12c5c8d5f6..ecfad49ed0 100644
--- a/bin/dnssec/dnssec-makekeyset.c
+++ b/bin/dnssec/dnssec-makekeyset.c
@@ -17,7 +17,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dnssec-makekeyset.c,v 1.52 2001/05/10 06:04:56 bwelling Exp $ */
+/* $Id: dnssec-makekeyset.c,v 1.53 2001/09/05 23:15:36 bwelling Exp $ */
 
 #include <config.h>
 
@@ -129,7 +129,6 @@ int
 main(int argc, char *argv[]) {
 	int i, ch;
 	char *startstr = NULL, *endstr = NULL;
-	char *randomfile = NULL;
 	dns_fixedname_t fdomain;
 	dns_name_t *domain = NULL;
 	char *output = NULL;
@@ -181,7 +180,7 @@ main(int argc, char *argv[]) {
 			break;
 
 		case 'r':
-			randomfile = isc_commandline_argument;
+			setup_entropy(mctx, isc_commandline_argument, &ectx);
 			break;
 
 		case 'v':
@@ -208,7 +207,8 @@ main(int argc, char *argv[]) {
 	if (argc < 1)
 		usage();
 
-	setup_entropy(mctx, randomfile, &ectx);
+	if (ectx == NULL)
+		setup_entropy(mctx, NULL, &ectx);
 	eflags = ISC_ENTROPY_BLOCKING;
 	if (!pseudorandom)
 		eflags |= ISC_ENTROPY_GOODONLY;
diff --git a/bin/dnssec/dnssec-signkey.c b/bin/dnssec/dnssec-signkey.c
index ddf699e84f..4e4378a1d7 100644
--- a/bin/dnssec/dnssec-signkey.c
+++ b/bin/dnssec/dnssec-signkey.c
@@ -17,7 +17,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dnssec-signkey.c,v 1.50 2001/05/10 06:04:57 bwelling Exp $ */
+/* $Id: dnssec-signkey.c,v 1.51 2001/09/05 23:15:38 bwelling Exp $ */
 
 #include <config.h>
 
@@ -159,7 +159,6 @@ main(int argc, char *argv[]) {
 	char *output = NULL;
 	char *endp;
 	unsigned char *data;
-	char *randomfile = NULL;
 	dns_db_t *db;
 	dns_dbnode_t *node;
 	dns_dbversion_t *version;
@@ -209,7 +208,7 @@ main(int argc, char *argv[]) {
 			break;
 
 		case 'r':
-			randomfile = isc_commandline_argument;
+			setup_entropy(mctx, isc_commandline_argument, &ectx);
 			break;
 
 		case 'v':
@@ -241,7 +240,8 @@ main(int argc, char *argv[]) {
 	} else
 		rdclass = dns_rdataclass_in;
 
-	setup_entropy(mctx, randomfile, &ectx);
+	if (ectx == NULL)
+		setup_entropy(mctx, NULL, &ectx);
 	eflags = ISC_ENTROPY_BLOCKING;
 	if (!pseudorandom)
 		eflags |= ISC_ENTROPY_GOODONLY;
diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c
index 3a39e61df1..813ab583f1 100644
--- a/bin/dnssec/dnssec-signzone.c
+++ b/bin/dnssec/dnssec-signzone.c
@@ -17,7 +17,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dnssec-signzone.c,v 1.139 2001/07/22 06:09:41 mayer Exp $ */
+/* $Id: dnssec-signzone.c,v 1.140 2001/09/05 23:15:40 bwelling Exp $ */
 
 #include <config.h>
 
@@ -1500,7 +1500,6 @@ main(int argc, char *argv[]) {
 	int i, ch;
 	char *startstr = NULL, *endstr = NULL, *classname = NULL;
 	char *origin = NULL, *file = NULL, *output = NULL;
-	char *randomfile = NULL;
 	char *endp;
 	isc_time_t timer_start, timer_finish;
 	signer_key_t *key;
@@ -1552,7 +1551,7 @@ main(int argc, char *argv[]) {
 			break;
 
 		case 'r':
-			randomfile = isc_commandline_argument;
+			setup_entropy(mctx, isc_commandline_argument, &ectx);
 			break;
 
 		case 'v':
@@ -1596,7 +1595,8 @@ main(int argc, char *argv[]) {
 		}
 	}
 
-	setup_entropy(mctx, randomfile, &ectx);
+	if (ectx == NULL)
+		setup_entropy(mctx, NULL, &ectx);
 	eflags = ISC_ENTROPY_BLOCKING;
 	if (!pseudorandom)
 		eflags |= ISC_ENTROPY_GOODONLY;
diff --git a/bin/dnssec/dnssectool.c b/bin/dnssec/dnssectool.c
index 9f6e1a187b..9acb1f48ec 100644
--- a/bin/dnssec/dnssectool.c
+++ b/bin/dnssec/dnssectool.c
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dnssectool.c,v 1.32 2001/09/05 22:32:05 bwelling Exp $ */
+/* $Id: dnssectool.c,v 1.33 2001/09/05 23:15:42 bwelling Exp $ */
 
 #include <config.h>
 
@@ -23,6 +23,8 @@
 
 #include <isc/buffer.h>
 #include <isc/entropy.h>
+#include <isc/list.h>
+#include <isc/mem.h>
 #include <isc/string.h>
 #include <isc/time.h>
 #include <isc/util.h>
@@ -41,7 +43,15 @@
 extern int verbose;
 extern const char *program;
 
-static isc_entropysource_t *source = NULL;
+typedef struct entropysource entropysource_t;
+
+struct entropysource {
+	isc_entropysource_t *source;
+	isc_mem_t *mctx;
+	ISC_LINK(entropysource_t) link;
+};
+
+static ISC_LIST(entropysource_t) sources;
 static fatalcallback_t *fatalcallback = NULL;
 
 void
@@ -201,6 +211,8 @@ cleanup_logging(isc_log_t **logp) {
 void
 setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) {
 	isc_result_t result;
+	isc_entropysource_t *source = NULL;
+	entropysource_t *elt;
 	int usekeyboard = ISC_ENTROPY_KEYBOARDMAYBE;
 
 	REQUIRE(ectx != NULL);
@@ -209,6 +221,7 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) {
 		result = isc_entropy_create(mctx, ectx);
 		if (result != ISC_R_SUCCESS)
 			fatal("could not create entropy object");
+		ISC_LIST_INIT(sources);
 	}
 
 	if (randomfile != NULL && strcmp(randomfile, "keyboard") == 0) {
@@ -222,12 +235,27 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) {
 	if (result != ISC_R_SUCCESS)
 		fatal("could not initialize entropy source: %s",
 		      isc_result_totext(result));
+
+	if (source != NULL) {
+		elt = isc_mem_get(mctx, sizeof *elt);
+		if (elt == NULL)
+			fatal("out of memory");
+		elt->source = source;
+		elt->mctx = mctx;
+		ISC_LINK_INIT(elt, link);
+		ISC_LIST_APPEND(sources, elt, link);
+	}
 }
 
 void
 cleanup_entropy(isc_entropy_t **ectx) {
-	if (source != NULL)
-		isc_entropy_destroysource(&source);
+	entropysource_t *source;
+	while (!ISC_LIST_EMPTY(sources)) {
+		source = ISC_LIST_HEAD(sources);
+		ISC_LIST_UNLINK(sources, source, link);
+		isc_entropy_destroysource(&source->source);
+		isc_mem_put(source->mctx, source, sizeof *source);
+	}
 	isc_entropy_detach(ectx);
 }