From 79d91e915023ffa5fac1bb2f91f19210bb18407c Mon Sep 17 00:00:00 2001
From: Brian Wellington <source@isc.org>
Date: Fri, 9 Jun 2000 22:34:40 +0000
Subject: [PATCH] Use the entropy api

---
 bin/dnssec/dnssec-keygen.c     | 21 +++++---
 bin/dnssec/dnssec-makekeyset.c | 10 +++-
 bin/dnssec/dnssec-signkey.c    | 10 +++-
 bin/dnssec/dnssec-signzone.c   | 10 +++-
 bin/dnssec/dnssectool.c        | 19 +++++++
 bin/dnssec/dnssectool.h        |  6 +++
 bin/tests/dst/dst_test.c       | 30 ++++-------
 bin/tests/dst/t_dst.c          | 93 ++++++++++++++++++----------------
 8 files changed, 126 insertions(+), 73 deletions(-)

diff --git a/bin/dnssec/dnssec-keygen.c b/bin/dnssec/dnssec-keygen.c
index 4502824975..e6609a0e0b 100644
--- a/bin/dnssec/dnssec-keygen.c
+++ b/bin/dnssec/dnssec-keygen.c
@@ -17,7 +17,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dnssec-keygen.c,v 1.32 2000/06/09 21:30:33 gson Exp $ */
+/* $Id: dnssec-keygen.c,v 1.33 2000/06/09 22:34:17 bwelling Exp $ */
 
 #include <config.h>
 
@@ -25,6 +25,7 @@
 
 #include <isc/buffer.h>
 #include <isc/commandline.h>
+#include <isc/entropy.h>
 #include <isc/mem.h>
 #include <isc/region.h>
 #include <isc/string.h>
@@ -89,7 +90,7 @@ main(int argc, char **argv) {
 	dns_name_t	*name;
 	isc_uint16_t	flags = 0;
 	dns_secalg_t	alg;
-	isc_boolean_t    conflict = ISC_FALSE, null_key = ISC_FALSE;
+	isc_boolean_t	conflict = ISC_FALSE, null_key = ISC_FALSE;
 	isc_mem_t	*mctx = NULL;
 	int		ch, rsa_exp = 0, generator = 0, param = 0;
 	int		protocol = -1, size = -1, signatory = 0;
@@ -98,6 +99,7 @@ main(int argc, char **argv) {
 	char		filename[255];
 	isc_buffer_t	buf;
 	isc_log_t	*log = NULL;
+	isc_entropy_t	*ectx = NULL;
 
 	RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
 
@@ -112,8 +114,6 @@ main(int argc, char **argv) {
 		usage();
 
 	dns_result_register();
-	dst_result_register();
-	dst_lib_init(mctx);
 
 	while ((ch = isc_commandline_parse(argc, argv,
 					   "a:b:eg:n:t:p:s:hv:")) != -1)
@@ -179,6 +179,12 @@ main(int argc, char **argv) {
 		} 
 	}
 
+	setup_entropy(mctx, &ectx);
+	ret = dst_lib_init(mctx, ectx,
+			   ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY);
+	if (ret != ISC_R_SUCCESS)
+		fatal("could not initialize dst");
+
 	setup_logging(verbose, mctx, &log);
 
 	if (argc < isc_commandline_index + 1)
@@ -311,8 +317,8 @@ main(int argc, char **argv) {
 				       mctx, &key);
 
 		if (ret != ISC_R_SUCCESS) {
-			fatal("failed to generate key %s/%d: %s\n", name, alg,
-				dst_result_totext(ret));
+			fatal("failed to generate key %s/%d: %s\n",
+			      nametostr(name), alg, dst_result_totext(ret));
 			exit(-1);
 		}
 		
@@ -351,7 +357,7 @@ main(int argc, char **argv) {
 
 	ret = dst_key_tofile(key, DST_TYPE_PUBLIC | DST_TYPE_PRIVATE, NULL);
 	if (ret != ISC_R_SUCCESS)
-		fatal("failed to write key %s/%s/%d: %s\n", name, 
+		fatal("failed to write key %s/%s/%d: %s\n", nametostr(name),
 		      dst_key_id(key), algtostr(alg), isc_result_totext(ret));
 
 	isc_buffer_clear(&buf);
@@ -366,6 +372,7 @@ main(int argc, char **argv) {
 
 	if (log != NULL)
 		isc_log_destroy(&log);
+	cleanup_entropy(&ectx);
 	dst_lib_destroy();
 	if (verbose > 10)
 		isc_mem_stats(mctx, stdout);
diff --git a/bin/dnssec/dnssec-makekeyset.c b/bin/dnssec/dnssec-makekeyset.c
index 3a22cb91c4..de614cc243 100644
--- a/bin/dnssec/dnssec-makekeyset.c
+++ b/bin/dnssec/dnssec-makekeyset.c
@@ -22,6 +22,7 @@
 #include <stdlib.h>
 
 #include <isc/commandline.h>
+#include <isc/entropy.h>
 #include <isc/mem.h>
 #include <isc/string.h>
 #include <isc/util.h>
@@ -57,6 +58,7 @@ static isc_stdtime_t starttime = 0, endtime = 0, now;
 static int ttl = -1;
 
 static isc_mem_t *mctx = NULL;
+static isc_entropy_t *ectx = NULL;
 
 static keylist_t keylist;
 
@@ -138,7 +140,6 @@ main(int argc, char *argv[]) {
 		      isc_result_totext(result));
 
 	dns_result_register();
-	dst_lib_init(mctx);
 
 	while ((ch = isc_commandline_parse(argc, argv, "s:e:t:v:")) != -1)
 	{
@@ -183,6 +184,12 @@ main(int argc, char *argv[]) {
 	if (argc < 1)
 		usage();
 
+	setup_entropy(mctx, &ectx);
+	result = dst_lib_init(mctx, ectx,
+			      ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY);
+	if (result != ISC_R_SUCCESS)
+		fatal("could not initialize dst");
+
 	isc_stdtime_get(&now);
 
 	if (startstr != NULL) {
@@ -390,6 +397,7 @@ main(int argc, char *argv[]) {
 
 	if (log != NULL)
 		isc_log_destroy(&log);
+	cleanup_entropy(&ectx);
 
 	isc_mem_free(mctx, output);
 	dst_lib_destroy();
diff --git a/bin/dnssec/dnssec-signkey.c b/bin/dnssec/dnssec-signkey.c
index 1805301dfa..fdf0cab123 100644
--- a/bin/dnssec/dnssec-signkey.c
+++ b/bin/dnssec/dnssec-signkey.c
@@ -23,6 +23,7 @@
 
 #include <isc/string.h>
 #include <isc/commandline.h>
+#include <isc/entropy.h>
 #include <isc/mem.h>
 #include <isc/util.h>
 
@@ -56,6 +57,7 @@ typedef ISC_LIST(keynode_t) keylist_t;
 static isc_stdtime_t now;
 
 static isc_mem_t *mctx = NULL;
+static isc_entropy_t *ectx = NULL;
 static keylist_t keylist;
 
 static void
@@ -152,7 +154,6 @@ main(int argc, char *argv[]) {
 	check_result(result, "isc_mem_create()");
 
 	dns_result_register();
-	dst_lib_init(mctx);
 
 	while ((ch = isc_commandline_parse(argc, argv, "v:")) != -1)
 	{
@@ -176,6 +177,12 @@ main(int argc, char *argv[]) {
 	if (argc < 2)
 		usage();
 
+	setup_entropy(mctx, &ectx);
+	result = dst_lib_init(mctx, ectx,
+			      ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY);
+	if (result != ISC_R_SUCCESS)
+		fatal("could not initialize dst");
+
 	isc_stdtime_get(&now);
 
 	setup_logging(verbose, mctx, &log);
@@ -342,6 +349,7 @@ main(int argc, char *argv[]) {
 		isc_log_destroy(&log);
 
         isc_mem_free(mctx, output);
+	cleanup_entropy(&ectx);
 	dst_lib_destroy();
 	if (verbose > 10)
 		isc_mem_stats(mctx, stdout);
diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c
index 8ea4a0e483..afb6a785a2 100644
--- a/bin/dnssec/dnssec-signzone.c
+++ b/bin/dnssec/dnssec-signzone.c
@@ -22,6 +22,7 @@
 #include <stdlib.h>
 
 #include <isc/commandline.h>
+#include <isc/entropy.h>
 #include <isc/mem.h>
 #include <isc/string.h>
 #include <isc/util.h>
@@ -73,6 +74,7 @@ static isc_stdtime_t starttime = 0, endtime = 0, now;
 static int cycle = -1;
 static isc_boolean_t tryverify = ISC_FALSE;
 static isc_mem_t *mctx = NULL;
+static isc_entropy_t *ectx = NULL;
 
 static inline void
 set_bit(unsigned char *array, unsigned int index, unsigned int bit) {
@@ -1216,7 +1218,6 @@ main(int argc, char *argv[]) {
 		fatal("out of memory");
 
 	dns_result_register();
-	dst_lib_init(mctx);
 
 	while ((ch = isc_commandline_parse(argc, argv, "s:e:c:v:o:f:ah"))
 	       != -1) {
@@ -1274,6 +1275,12 @@ main(int argc, char *argv[]) {
 		}
 	}
 
+	setup_entropy(mctx, &ectx);
+	result = dst_lib_init(mctx, ectx,
+			      ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY);
+	if (result != ISC_R_SUCCESS)
+		fatal("could not initialize dst");
+
 	isc_stdtime_get(&now);
 
 	if (startstr != NULL) {
@@ -1412,6 +1419,7 @@ main(int argc, char *argv[]) {
 
 	if (log != NULL)
 		isc_log_destroy(&log);
+	cleanup_entropy(&ectx);
 	dst_lib_destroy();
 	if (verbose > 10)
 		isc_mem_stats(mctx, stdout);
diff --git a/bin/dnssec/dnssectool.c b/bin/dnssec/dnssectool.c
index a83d1dfaa9..7657e6259f 100644
--- a/bin/dnssec/dnssectool.c
+++ b/bin/dnssec/dnssectool.c
@@ -20,6 +20,7 @@
 #include <stdlib.h>
 
 #include <isc/buffer.h>
+#include <isc/entropy.h>
 #include <isc/string.h>
 #include <isc/util.h>
 
@@ -34,6 +35,8 @@
 extern int verbose;
 extern const char *program;
 
+static isc_entropysource_t *devrandom = NULL;
+
 void
 fatal(const char *format, ...) {
 	va_list args;
@@ -165,3 +168,19 @@ setup_logging(int verbose, isc_mem_t *mctx, isc_log_t **logp) {
 	*logp = log;
 }
 
+void
+setup_entropy(isc_mem_t *mctx, isc_entropy_t **ectx) {
+	isc_result_t result;
+	result = isc_entropy_create(mctx, ectx);
+	if (result != ISC_R_SUCCESS)
+		fatal("could not create entropy object");
+	(void) isc_entropy_createfilesource(*ectx, "/dev/random", 0,
+					    &devrandom);
+}
+
+void
+cleanup_entropy(isc_entropy_t **ectx) {
+	if (devrandom != NULL)
+		isc_entropy_destroysource(&devrandom);
+	isc_entropy_detach(ectx);
+}
diff --git a/bin/dnssec/dnssectool.h b/bin/dnssec/dnssectool.h
index 7417bea930..e73d937543 100644
--- a/bin/dnssec/dnssectool.h
+++ b/bin/dnssec/dnssectool.h
@@ -39,4 +39,10 @@ algtostr(const dns_secalg_t alg);
 void
 setup_logging(int verbose, isc_mem_t *mctx, isc_log_t **logp);
 
+void
+setup_entropy(isc_mem_t *mctx, isc_entropy_t **ectx);
+
+void
+cleanup_entropy(isc_entropy_t **ectx);
+
 #endif /* DNSSEC_DNSSECTOOL_H */
diff --git a/bin/tests/dst/dst_test.c b/bin/tests/dst/dst_test.c
index 82d9f08f8c..9775f25cb2 100644
--- a/bin/tests/dst/dst_test.c
+++ b/bin/tests/dst/dst_test.c
@@ -22,6 +22,7 @@
 #include <unistd.h>		/* XXX */
 
 #include <isc/buffer.h>
+#include <isc/entropy.h>
 #include <isc/mem.h>
 #include <isc/region.h>
 #include <isc/string.h>		/* Required for HP/UX (and others?) */
@@ -212,24 +213,11 @@ generate(int alg, isc_mem_t *mctx) {
 	dst_key_free(&key);
 }
 
-static void
-get_random(void) {
-	unsigned char data[25];
-	isc_buffer_t databuf;
-	isc_result_t ret;
-	unsigned int i;
-
-	isc_buffer_init(&databuf, data, sizeof(data));
-	ret = dst_random_get(sizeof(data), &databuf);
-	printf("random() returned: %s\n", isc_result_totext(ret));
-	for (i = 0; i < sizeof data; i++)
-		printf("%02x ", data[i]);
-	printf("\n");
-}
-
 int
 main(void) {
 	isc_mem_t *mctx = NULL;
+	isc_entropy_t *ectx = NULL;
+	isc_entropysource_t *devrandom = NULL;
 	isc_buffer_t b;
 	dns_fixedname_t fname;
 	dns_name_t *name;
@@ -240,8 +228,11 @@ main(void) {
 	getcwd(current, 256);
 
 	dns_result_register();
-	dst_result_register();
-	dst_lib_init(mctx);
+
+	isc_entropy_create(mctx, &ectx);
+	isc_entropy_createfilesource(ectx, "/dev/random", 0,
+			&devrandom);
+	dst_lib_init(mctx, ectx, ISC_ENTROPY_BLOCKING|ISC_ENTROPY_GOODONLY);
 
 	dns_fixedname_init(&fname);
 	name = dns_fixedname_name(&fname);
@@ -264,9 +255,10 @@ main(void) {
 	generate(DST_ALG_DSA, mctx);
 	generate(DST_ALG_HMACMD5, mctx);
 
-	get_random();
-
 	dst_lib_destroy();
+	if (devrandom != NULL)
+		isc_entropy_destroysource(&devrandom);
+	isc_entropy_detach(&ectx);
 
 	isc_mem_put(mctx, current, 256);
 /*	isc_mem_stats(mctx, stdout);*/
diff --git a/bin/tests/dst/t_dst.c b/bin/tests/dst/t_dst.c
index 10b07e5f77..a77a436f0d 100644
--- a/bin/tests/dst/t_dst.c
+++ b/bin/tests/dst/t_dst.c
@@ -29,6 +29,7 @@
 #include <unistd.h>		/* XXX */
 
 #include <isc/buffer.h>
+#include <isc/entropy.h>
 #include <isc/mem.h>
 #include <isc/region.h>
 #include <isc/string.h>
@@ -326,47 +327,6 @@ generate(int alg, isc_mem_t *mctx, int size, int *nfails) {
 
 #define	DBUFSIZ	25
 
-static void
-get_random(int *nfails) {
-	unsigned char data1[DBUFSIZ];
-	unsigned char data2[DBUFSIZ];
-	isc_buffer_t databuf1;
-	isc_buffer_t databuf2;
-	isc_result_t ret;
-	unsigned int i;
-
-	isc_buffer_init(&databuf1, data1, sizeof(data1));
-	ret = dst_random_get(sizeof(data1), &databuf1);
-	if (ret != ISC_R_SUCCESS) {
-		t_info("random() returned: %s\n", dst_result_totext(ret));
-		++*nfails;
-		return;
-	}
-
-	isc_buffer_init(&databuf2, data2, sizeof(data2));
-	ret = dst_random_get(sizeof(data2), &databuf2);
-	if (ret != ISC_R_SUCCESS) {
-		t_info("random() returned: %s\n", dst_result_totext(ret));
-		++*nfails;
-		return;
-	}
-
-	/*
-	 * Weak test, but better than nought.
-	 */
-	if (memcmp(data1, data2, DBUFSIZ) == 0) {
-		t_info("data not random\n");
-		++*nfails;
-	}
-
-	if (T_debug) {
-		for (i = 0; i < sizeof(data1); i++)
-			t_info("data1[%d]: %02x ", i, data1[i]);
-		for (i = 0; i < sizeof(data2); i++)
-			t_info("data2[%d]: %02x ", i, data2[i]);
-	}
-}
-
 static const char *a1 =
 		"the dst module provides the capability to "
 		"generate, store and retrieve public and private keys, "
@@ -376,6 +336,8 @@ static const char *a1 =
 static void
 t1(void) {
 	isc_mem_t	*mctx;
+	isc_entropy_t	*ectx;
+	isc_entropysource_t *devrandom;
 	int		nfails;
 	int		nprobs;
 	int		result;
@@ -396,7 +358,25 @@ t1(void) {
 		t_result(T_UNRESOLVED);
 		return;
 	}
-	dst_lib_init(mctx);
+	ectx = NULL;
+	isc_result = isc_entropy_create(mctx, &ectx);
+	if (isc_result != ISC_R_SUCCESS) {
+		t_info("isc_entropy_create failed %d\n",
+		       isc_result_totext(isc_result));
+		t_result(T_UNRESOLVED);
+		return;
+	}
+	devrandom = NULL;
+	isc_entropy_createfilesource(ectx, "/dev/random", 0,
+			&devrandom);
+	isc_result = dst_lib_init(mctx, ectx,
+				  ISC_ENTROPY_BLOCKING|ISC_ENTROPY_GOODONLY);
+	if (isc_result != ISC_R_SUCCESS) {
+		t_info("dst_lib_init failed %d\n",
+		       isc_result_totext(isc_result));
+		t_result(T_UNRESOLVED);
+		return;
+	}
 
 	t_info("testing use of stored keys [1]\n");
 
@@ -435,10 +415,13 @@ t1(void) {
 	generate(DST_ALG_HMACMD5, mctx, 512, &nfails);
 
 	t_info("testing random number sequence generation\n");
-	get_random(&nfails);
 
 	dst_lib_destroy();
 
+	if (devrandom != NULL)
+		isc_entropy_destroysource(&devrandom);
+	isc_entropy_detach(&ectx);
+
 	isc_mem_destroy(&mctx);
 
 	result = T_UNRESOLVED;
@@ -820,6 +803,8 @@ t2_vfy(char **av) {
 	int		nfails;
 	int		nprobs;
 	isc_mem_t	*mctx;
+	isc_entropy_t	*ectx;
+	isc_entropysource_t *devrandom;
 	isc_result_t	isc_result;
 	int		result;
 
@@ -849,7 +834,23 @@ t2_vfy(char **av) {
 		       isc_result_totext(isc_result));
 		return(T_UNRESOLVED);
 	}
-	dst_lib_init(mctx);
+	ectx = NULL;
+	isc_result = isc_entropy_create(mctx, &ectx);
+	if (isc_result != ISC_R_SUCCESS) {
+		t_info("isc_entropy_create failed %d\n",
+		       isc_result_totext(isc_result));
+		return(T_UNRESOLVED);
+	}
+	devrandom = NULL;
+	isc_entropy_createfilesource(ectx, "/dev/random", 0,
+			&devrandom);
+	isc_result = dst_lib_init(mctx, ectx,
+				  ISC_ENTROPY_BLOCKING|ISC_ENTROPY_GOODONLY);
+	if (isc_result != ISC_R_SUCCESS) {
+		t_info("dst_lib_init failed %d\n",
+		       isc_result_totext(isc_result));
+		return(T_UNRESOLVED);
+	}
 
 	t_info("testing %s, %s, %s, %s, %s, %s\n",
 			datapath, sigpath, keyname, key, alg, exp_result);
@@ -860,6 +861,10 @@ t2_vfy(char **av) {
 
 	dst_lib_destroy();
 
+	if (devrandom != NULL)
+		isc_entropy_destroysource(&devrandom);
+	isc_entropy_detach(&ectx);
+
 	isc_mem_destroy(&mctx);
 
 	result = T_UNRESOLVED;