From f383cdfeb8f307d8de383a3aedf6664121e0df6c Mon Sep 17 00:00:00 2001
From: Brian Wellington <source@isc.org>
Date: Fri, 7 Apr 2000 20:50:30 +0000
Subject: [PATCH] Moved the (lame) random number seeding code to the dst
 initialize routine, since the openssl dsa code calls the openssl random
 functions directly, not through dst_random_get.

---
 lib/dns/sec/dst/dst_api.c | 52 +++++++++++++++++----------------------
 1 file changed, 22 insertions(+), 30 deletions(-)

diff --git a/lib/dns/sec/dst/dst_api.c b/lib/dns/sec/dst/dst_api.c
index f61bc1b40a..f060aa3171 100644
--- a/lib/dns/sec/dst/dst_api.c
+++ b/lib/dns/sec/dst/dst_api.c
@@ -17,7 +17,7 @@
 
 /*
  * Principal Author: Brian Wellington
- * $Id: dst_api.c,v 1.24 2000/03/28 03:06:36 bwelling Exp $
+ * $Id: dst_api.c,v 1.25 2000/04/07 20:50:30 bwelling Exp $
  */
 
 #include <config.h>
@@ -812,7 +812,6 @@ dst_secret_size(const dst_key_t *key, unsigned int *n) {
 isc_result_t 
 dst_random_get(const unsigned int wanted, isc_buffer_t *target) {
 	isc_region_t r;
-	isc_result_t result;
 	int status;
 
 	RUNTIME_CHECK(isc_once_do(&once, initialize) == ISC_R_SUCCESS);
@@ -824,40 +823,12 @@ dst_random_get(const unsigned int wanted, isc_buffer_t *target) {
 
 	RUNTIME_CHECK(isc_mutex_lock((&random_lock)) == ISC_R_SUCCESS);
 	status = RAND_bytes(r.base, wanted);
-	if (status == 0) {
-		isc_random_t rctx;
-		isc_uint32_t val;
-		isc_time_t now;
-		int count = 0;
-
-		isc_random_init(&rctx);
-		result = isc_time_now(&now);
-		if (result != ISC_R_SUCCESS)
-			goto failure;
-		isc_random_seed(&rctx, isc_time_nanoseconds(&now));
-		while (RAND_status() == 0 && count < 1000) {
-			isc_random_get(&rctx, &val);
-			RAND_add(&val, sizeof(isc_uint32_t), 1);
-			count++;
-		}
-		isc_random_invalidate(&rctx);
-		if (RAND_status() == 0) {
-			result = DST_R_NORANDOMNESS;
-			goto failure;
-		}
-		status = RAND_bytes(r.base, wanted);
-	}
 	RUNTIME_CHECK(isc_mutex_unlock((&random_lock)) == ISC_R_SUCCESS);
 	if (status == 0)
 		return (DST_R_NORANDOMNESS);
 
 	isc_buffer_add(target, wanted);
 	return (ISC_R_SUCCESS);
-
- failure:
-	RUNTIME_CHECK(isc_mutex_unlock((&random_lock)) == ISC_R_SUCCESS);
-	return (result);
-	
 }
 
 /***
@@ -888,6 +859,27 @@ initialize() {
 #ifdef OPENSSL
 	dst_s_openssldsa_init();
 	dst_s_openssldh_init();
+
+	/*
+	 * Seed the random number generator, if necessary.
+	 * XXX This doesn't do a very good job, and must be fixed.
+	 */
+	if (RAND_status() == 0) {
+		isc_random_t rctx;
+		isc_uint32_t val;
+		isc_time_t now;
+		isc_result_t result;
+
+		isc_random_init(&rctx);
+		result = isc_time_now(&now);
+		INSIST(result == ISC_R_SUCCESS);
+		isc_random_seed(&rctx, isc_time_nanoseconds(&now));
+		while (RAND_status() == 0) {
+			isc_random_get(&rctx, &val);
+			RAND_add(&val, sizeof(isc_uint32_t), 1);
+		}
+		isc_random_invalidate(&rctx);
+	}
 #endif
 }