mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-29 21:47:59 +00:00
Code Issues Releases Wiki Activity

Moved the (lame) random number seeding code to the dst initialize routine,

Browse Source 
since the openssl dsa code calls the openssl random functions directly,
not through dst_random_get.
This commit is contained in:
Brian Wellington 2000-04-07 20:50:30 +00:00
parent 09c9fc94cf
commit f383cdfeb8
1 changed files with 22 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
lib/dns/sec/dst/dst_api.c
View File

@ -17,7 +17,7 @@
/* /*
* Principal Author: Brian Wellington * Principal Author: Brian Wellington
* $Id: dst_api.c,v 1.24 2000/03/28 03:06:36 bwelling Exp $ * $Id: dst_api.c,v 1.25 2000/04/07 20:50:30 bwelling Exp $
*/ */
#include <config.h> #include <config.h>
@ -812,7 +812,6 @@ dst_secret_size(const dst_key_t *key, unsigned int *n) {
isc_result_t isc_result_t
dst_random_get(const unsigned int wanted, isc_buffer_t *target) { dst_random_get(const unsigned int wanted, isc_buffer_t *target) {
isc_region_t r; isc_region_t r;
isc_result_t result;
int status; int status;
RUNTIME_CHECK(isc_once_do(&once, initialize) == ISC_R_SUCCESS); RUNTIME_CHECK(isc_once_do(&once, initialize) == ISC_R_SUCCESS);
@ -824,40 +823,12 @@ dst_random_get(const unsigned int wanted, isc_buffer_t *target) {
RUNTIME_CHECK(isc_mutex_lock((&random_lock)) == ISC_R_SUCCESS); RUNTIME_CHECK(isc_mutex_lock((&random_lock)) == ISC_R_SUCCESS);
status = RAND_bytes(r.base, wanted); status = RAND_bytes(r.base, wanted);
if (status == 0) {
isc_random_t rctx;
isc_uint32_t val;
isc_time_t now;
int count = 0;
isc_random_init(&rctx);
result = isc_time_now(&now);
if (result != ISC_R_SUCCESS)
goto failure;
isc_random_seed(&rctx, isc_time_nanoseconds(&now));
while (RAND_status() == 0 && count < 1000) {
isc_random_get(&rctx, &val);
RAND_add(&val, sizeof(isc_uint32_t), 1);
count++;
}
isc_random_invalidate(&rctx);
if (RAND_status() == 0) {
result = DST_R_NORANDOMNESS;
goto failure;
}
status = RAND_bytes(r.base, wanted);
}
RUNTIME_CHECK(isc_mutex_unlock((&random_lock)) == ISC_R_SUCCESS); RUNTIME_CHECK(isc_mutex_unlock((&random_lock)) == ISC_R_SUCCESS);
if (status == 0) if (status == 0)
return (DST_R_NORANDOMNESS); return (DST_R_NORANDOMNESS);
isc_buffer_add(target, wanted); isc_buffer_add(target, wanted);
return (ISC_R_SUCCESS); return (ISC_R_SUCCESS);
failure:
RUNTIME_CHECK(isc_mutex_unlock((&random_lock)) == ISC_R_SUCCESS);
return (result);
} }
/*** /***
@ -888,6 +859,27 @@ initialize() {
#ifdef OPENSSL #ifdef OPENSSL
dst_s_openssldsa_init(); dst_s_openssldsa_init();
dst_s_openssldh_init(); dst_s_openssldh_init();
/*
* Seed the random number generator, if necessary.
* XXX This doesn't do a very good job, and must be fixed.
*/
if (RAND_status() == 0) {
isc_random_t rctx;
isc_uint32_t val;
isc_time_t now;
isc_result_t result;
isc_random_init(&rctx);
result = isc_time_now(&now);
INSIST(result == ISC_R_SUCCESS);
isc_random_seed(&rctx, isc_time_nanoseconds(&now));
while (RAND_status() == 0) {
isc_random_get(&rctx, &val);
RAND_add(&val, sizeof(isc_uint32_t), 1);
}
isc_random_invalidate(&rctx);
}
#endif #endif
} }