#include <isc/commandline.h>
#include <isc/dir.h>
-#include <isc/entropy.h>
#include <isc/hash.h>
#include <isc/log.h>
#include <isc/mem.h>
isc_mem_t *mctx = NULL;
isc_result_t result;
int exit_status = 0;
- isc_entropy_t *ectx = NULL;
isc_boolean_t load_zones = ISC_FALSE;
isc_boolean_t list_zones = ISC_FALSE;
isc_boolean_t print = ISC_FALSE;
RUNTIME_CHECK(setup_logging(mctx, stdout, &logc) == ISC_R_SUCCESS);
- RUNTIME_CHECK(isc_entropy_create(mctx, &ectx) == ISC_R_SUCCESS);
dns_result_register();
RUNTIME_CHECK(cfg_parser_create(mctx, logc, &parser) == ISC_R_SUCCESS);
isc_log_destroy(&logc);
- isc_entropy_detach(&ectx);
-
isc_mem_destroy(&mctx);
#ifdef _WIN32
#include <isc/app.h>
#include <isc/commandline.h>
#include <isc/dir.h>
-#include <isc/entropy.h>
#include <isc/hash.h>
#include <isc/log.h>
#include <isc/mem.h>
static int quiet = 0;
static isc_mem_t *mctx = NULL;
-static isc_entropy_t *ectx = NULL;
dns_zone_t *zone = NULL;
dns_zonetype_t zonetype = dns_zone_master;
static int dumpzone = 0;
if (!quiet)
RUNTIME_CHECK(setup_logging(mctx, errout, &lctx)
== ISC_R_SUCCESS);
- RUNTIME_CHECK(isc_entropy_create(mctx, &ectx) == ISC_R_SUCCESS);
dns_result_register();
destroy();
if (lctx != NULL)
isc_log_destroy(&lctx);
- isc_entropy_detach(&ectx);
isc_mem_destroy(&mctx);
#ifdef _WIN32
DestroySockets();
#include <isc/base64.h>
#include <isc/buffer.h>
#include <isc/commandline.h>
-#include <isc/entropy.h>
#include <isc/file.h>
#include <isc/keyboard.h>
#include <isc/mem.h>
if (progmode == progmode_confgen) {
fprintf(stderr, "\
Usage:\n\
- %s [-a alg] [-k keyname] [-r randomfile] [-q] [-s name | -z zone]\n\
+ %s [-a alg] [-k keyname] [-q] [-s name | -z zone]\n\
-a alg: algorithm (default hmac-sha256)\n\
-k keyname: name of the key as it will be used in named.conf\n\
- -r randomfile: source of random data (use \"keyboard\" for key timing)\n\
-s name: domain name to be updated using the created key\n\
-z zone: name of the zone as it will be used in named.conf\n\
-q: quiet mode: print the key, with no explanatory text\n",
} else {
fprintf(stderr, "\
Usage:\n\
- %s [-a alg] [-r randomfile] [keyname]\n\
- -a alg: algorithm (default hmac-sha256)\n\
- -r randomfile: source of random data (use \"keyboard\" for key timing)\n",
+ %s [-a alg] [keyname]\n\
+ -a alg: algorithm (default hmac-sha256)\n\n",
progname);
}
isc_buffer_t key_txtbuffer;
char key_txtsecret[256];
isc_mem_t *mctx = NULL;
- const char *randomfile = NULL;
const char *keyname = NULL;
const char *zone = NULL;
const char *self_domain = NULL;
usage(1);
break;
case 'r':
- randomfile = isc_commandline_argument;
+ fatal("The -r option has been deprecated.");
break;
case 's':
if (progmode == progmode_confgen)
isc_buffer_init(&key_txtbuffer, &key_txtsecret, sizeof(key_txtsecret));
- generate_key(mctx, randomfile, alg, keysize, &key_txtbuffer);
+ generate_key(mctx, alg, keysize, &key_txtbuffer);
if (!quiet)
#include <isc/base64.h>
#include <isc/buffer.h>
-#include <isc/entropy.h>
#include <isc/file.h>
#include <isc/keyboard.h>
#include <isc/mem.h>
}
/*%
- * Generate a key of size 'keysize' using entropy source 'randomfile',
- * and place it in 'key_txtbuffer'
+ * Generate a key of size 'keysize' and place it in 'key_txtbuffer'
*/
void
-generate_key(isc_mem_t *mctx, const char *randomfile, dns_secalg_t alg,
- int keysize, isc_buffer_t *key_txtbuffer) {
+generate_key(isc_mem_t *mctx, dns_secalg_t alg, int keysize,
+ isc_buffer_t *key_txtbuffer) {
isc_result_t result = ISC_R_SUCCESS;
- isc_entropysource_t *entropy_source = NULL;
- int open_keyboard = ISC_ENTROPY_KEYBOARDMAYBE;
- int entropy_flags = 0;
- isc_entropy_t *ectx = NULL;
isc_buffer_t key_rawbuffer;
isc_region_t key_rawregion;
char key_rawsecret[64];
fatal("unsupported algorithm %d\n", alg);
}
-
- DO("create entropy context", isc_entropy_create(mctx, &ectx));
-
- if (randomfile == NULL) {
- isc_entropy_usehook(ectx, ISC_TRUE);
- }
- if (randomfile != NULL && strcmp(randomfile, "keyboard") == 0) {
- randomfile = NULL;
- open_keyboard = ISC_ENTROPY_KEYBOARDYES;
- }
- DO("start entropy source", isc_entropy_usebestsource(ectx,
- &entropy_source,
- randomfile,
- open_keyboard));
-
- entropy_flags = ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY;
-
- DO("initialize dst library", dst_lib_init(mctx, ectx, NULL, entropy_flags));
+ DO("initialize dst library", dst_lib_init(mctx, NULL));
DO("generate key", dst_key_generate(dns_rootname, alg,
keysize, 0, 0, DNS_KEYPROTO_ANY,
DO("bsse64 encode secret", isc_base64_totext(&key_rawregion, -1, "",
key_txtbuffer));
- /*
- * Shut down the entropy source now so the "stop typing" message
- * does not muck with the output.
- */
- if (entropy_source != NULL)
- isc_entropy_destroysource(&entropy_source);
-
if (key != NULL)
dst_key_free(&key);
- isc_entropy_detach(&ectx);
dst_lib_destroy();
}
ISC_LANG_BEGINDECLS
-void generate_key(isc_mem_t *mctx, const char *randomfile, dns_secalg_t alg,
- int keysize, isc_buffer_t *key_txtbuffer);
+void generate_key(isc_mem_t *mctx, dns_secalg_t alg, int keysize,
+ isc_buffer_t *key_txtbuffer);
void write_key_file(const char *keyfile, const char *user,
const char *keyname, isc_buffer_t *secret,
#include <isc/base64.h>
#include <isc/buffer.h>
#include <isc/commandline.h>
-#include <isc/entropy.h>
#include <isc/file.h>
#include <isc/keyboard.h>
#include <isc/mem.h>
fprintf(stderr, "\
Usage:\n\
- %s [-a] [-b bits] [-c keyfile] [-k keyname] [-p port] [-r randomfile] \
+ %s [-a] [-b bits] [-c keyfile] [-k keyname] [-p port] \
[-s addr] [-t chrootdir] [-u user]\n\
-a: generate just the key clause and write it to keyfile (%s)\n\
-A alg: algorithm (default hmac-sha256)\n\
-c keyfile: specify an alternate key file (requires -a)\n\
-k keyname: the name as it will be used in named.conf and rndc.conf\n\
-p port: the port named will listen on and rndc will connect to\n\
- -r randomfile: source of random data (use \"keyboard\" for key timing)\n\
-s addr: the address to which rndc should connect\n\
-t chrootdir: write a keyfile in chrootdir as well (requires -a)\n\
-u user: set the keyfile owner to \"user\" (requires -a)\n",
isc_mem_t *mctx = NULL;
isc_result_t result = ISC_R_SUCCESS;
const char *keyname = NULL;
- const char *randomfile = NULL;
const char *serveraddr = NULL;
dns_secalg_t alg;
const char *algname;
isc_commandline_argument);
break;
case 'r':
- randomfile = isc_commandline_argument;
+ fatal("The -r option has been deprecated.");
break;
case 's':
serveraddr = isc_commandline_argument;
DO("create memory context", isc_mem_create(0, 0, &mctx));
isc_buffer_init(&key_txtbuffer, &key_txtsecret, sizeof(key_txtsecret));
- generate_key(mctx, randomfile, alg, keysize, &key_txtbuffer);
+ generate_key(mctx, alg, keysize, &key_txtbuffer);
if (keyonly) {
write_key_file(keyfile, chrootdir == NULL ? user : NULL,
#include <isc/app.h>
#include <isc/base64.h>
-#include <isc/entropy.h>
#include <isc/file.h>
#include <isc/hex.h>
#include <isc/lang.h>
isc_buffer_t *namebuf = NULL;
dns_tsigkey_t *tsigkey = NULL;
isc_boolean_t validated = ISC_TRUE;
-isc_entropy_t *entp = NULL;
isc_mempool_t *commctx = NULL;
isc_boolean_t debugging = ISC_FALSE;
isc_boolean_t debugtiming = ISC_FALSE;
setup_file_key();
else if (keysecret[0] != 0)
setup_text_key();
- result = isc_entropy_getdata(entp, cookie_secret,
- sizeof(cookie_secret), NULL, 0);
- if (result != ISC_R_SUCCESS)
- fatal("unable to generate cookie secret");
+
+ isc_random_buf(cookie_secret, sizeof(cookie_secret));
}
/*%
result = isc_socketmgr_create(mctx, &socketmgr);
check_result(result, "isc_socketmgr_create");
- result = isc_entropy_create(mctx, &entp);
- check_result(result, "isc_entropy_create");
-
- result = dst_lib_init(mctx, entp, NULL, 0);
+ result = dst_lib_init(mctx, NULL);
check_result(result, "dst_lib_init");
is_dst_up = ISC_TRUE;
srv != NULL;
srv = ISC_LIST_HEAD(lookup->my_server_list)) {
INSIST(i > 0);
- isc_random_get(&j);
+ j = isc_random();
j %= i;
next = ISC_LIST_NEXT(srv, link);
while (j-- > 0 && next != NULL) {
dighost_trying(store, lookup);
INSIST(dns_name_isabsolute(lookup->name));
- isc_random_get(&id);
+ id = isc_random();
lookup->sendmsg->id = (unsigned short)id & 0xFFFF;
lookup->sendmsg->opcode = lookup->opcode;
lookup->msgcounter = 0;
dst_lib_destroy();
is_dst_up = ISC_FALSE;
}
- if (entp != NULL) {
- debug("detach from entropy");
- isc_entropy_detach(&entp);
- }
UNLOCK_LOOKUP;
DESTROYLOCK(&lookup_lock);
#include <isc/buffer.h>
#include <isc/commandline.h>
-#include <isc/entropy.h>
#include <isc/file.h>
#include <isc/hash.h>
#include <isc/mem.h>
*/
static isc_log_t *lctx = NULL;
static isc_mem_t *mctx = NULL;
-static isc_entropy_t *ectx = NULL;
/*
* The domain we are working on
setup_logging(mctx, &lctx);
- if (ectx == NULL) {
- setup_entropy(mctx, NULL, &ectx);
- }
- result = dst_lib_init(mctx, ectx, NULL,
- ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY);
+ result = dst_lib_init(mctx, NULL);
if (result != ISC_R_SUCCESS) {
fatal("could not initialize dst: %s",
isc_result_totext(result));
}
- isc_entropy_stopcallbacksources(ectx);
if (ds_path == NULL) {
fatal("missing -d DS pathname");
free_all_sets();
cleanup_logging(&lctx);
dst_lib_destroy();
- cleanup_entropy(&ectx);
if (verbose > 10) {
isc_mem_stats(mctx, stdout);
}
#include <isc/buffer.h>
#include <isc/commandline.h>
-#include <isc/entropy.h>
#include <isc/hash.h>
#include <isc/mem.h>
#include <isc/print.h>
isc_boolean_t showall = ISC_FALSE;
isc_result_t result;
isc_log_t *log = NULL;
- isc_entropy_t *ectx = NULL;
dns_rdataset_t rdataset;
dns_rdata_t rdata;
if (argc > isc_commandline_index + 1)
fatal("extraneous arguments");
- if (ectx == NULL)
- setup_entropy(mctx, NULL, &ectx);
- result = dst_lib_init(mctx, ectx, NULL,
- ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY);
+ result = dst_lib_init(mctx, NULL);
if (result != ISC_R_SUCCESS)
fatal("could not initialize dst: %s",
isc_result_totext(result));
- isc_entropy_stopcallbacksources(ectx);
setup_logging(mctx, &log);
dns_rdataset_disassociate(&rdataset);
cleanup_logging(&log);
dst_lib_destroy();
- cleanup_entropy(&ectx);
dns_name_destroy();
if (verbose > 10)
isc_mem_stats(mctx, stdout);
#include <isc/buffer.h>
#include <isc/commandline.h>
-#include <isc/entropy.h>
#include <isc/hash.h>
#include <isc/mem.h>
#include <isc/print.h>
int ch;
isc_result_t result;
isc_log_t *log = NULL;
- isc_entropy_t *ectx = NULL;
dns_rdataset_t rdataset;
dns_rdata_t rdata;
isc_stdtime_t now;
if (argc > isc_commandline_index + 1)
fatal("extraneous arguments");
- if (ectx == NULL)
- setup_entropy(mctx, NULL, &ectx);
- result = dst_lib_init(mctx, ectx, NULL,
- ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY);
+ result = dst_lib_init(mctx, NULL);
if (result != ISC_R_SUCCESS)
fatal("could not initialize dst: %s",
isc_result_totext(result));
- isc_entropy_stopcallbacksources(ectx);
setup_logging(mctx, &log);
dns_rdataset_disassociate(&rdataset);
cleanup_logging(&log);
dst_lib_destroy();
- cleanup_entropy(&ectx);
dns_name_destroy();
if (verbose > 10)
isc_mem_stats(mctx, stdout);
#include <isc/buffer.h>
#include <isc/commandline.h>
-#include <isc/entropy.h>
#include <isc/mem.h>
#include <isc/region.h>
#include <isc/print.h>
char filename[255];
isc_buffer_t buf;
isc_log_t *log = NULL;
- isc_entropy_t *ectx = NULL;
dns_rdataclass_t rdclass;
int options = DST_TYPE_PRIVATE | DST_TYPE_PUBLIC;
char *label = NULL;
}
}
- if (ectx == NULL)
- setup_entropy(mctx, NULL, &ectx);
- ret = dst_lib_init(mctx, ectx, engine,
- ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY);
+ ret = dst_lib_init(mctx, engine);
if (ret != ISC_R_SUCCESS)
fatal("could not initialize dst: %s",
isc_result_totext(ret));
engine,
#endif
label, NULL, mctx, &key);
- isc_entropy_stopcallbacksources(ectx);
if (ret != ISC_R_SUCCESS) {
char namestr[DNS_NAME_FORMATSIZE];
dst_key_free(&prevkey);
cleanup_logging(&log);
- cleanup_entropy(&ectx);
dst_lib_destroy();
dns_name_destroy();
if (verbose > 10)
#include <isc/buffer.h>
#include <isc/commandline.h>
-#include <isc/entropy.h>
#include <isc/mem.h>
#include <isc/print.h>
#include <isc/region.h>
"(DH only)\n");
fprintf(stderr, " -L <ttl>: default key TTL\n");
fprintf(stderr, " -p <protocol>: (default: 3 [dnssec])\n");
- fprintf(stderr, " -r <randomdev>: a file containing random data\n");
+ fprintf(stderr, " -r <randomdev>: DEPRECATED and ignored\n");
fprintf(stderr, " -s <strength>: strength value this key signs DNS "
"records with (default: 0)\n");
fprintf(stderr, " -T <rrtype>: DNSKEY | KEY (default: DNSKEY; "
dst_key_t *prevkey = NULL;
isc_buffer_t buf;
isc_log_t *log = NULL;
- isc_entropy_t *ectx = NULL;
#ifdef USE_PKCS11
const char *engine = PKCS11_ENGINE;
#else
quiet = ISC_TRUE;
break;
case 'r':
- setup_entropy(mctx, isc_commandline_argument, &ectx);
+ fatal("The -r option has been deprecated.\n"
+ "System random data is always used.\n");
break;
case 's':
signatory = strtol(isc_commandline_argument,
if (!isatty(0))
quiet = ISC_TRUE;
- if (ectx == NULL)
- setup_entropy(mctx, NULL, &ectx);
- ret = dst_lib_init(mctx, ectx, engine,
- ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY);
+ ret = dst_lib_init(mctx, engine);
if (ret != ISC_R_SUCCESS)
fatal("could not initialize dst: %s",
isc_result_totext(ret));
NULL);
}
- isc_entropy_stopcallbacksources(ectx);
-
if (ret != ISC_R_SUCCESS) {
char namestr[DNS_NAME_FORMATSIZE];
char algstr[DNS_SECALG_FORMATSIZE];
dst_key_free(&prevkey);
cleanup_logging(&log);
- cleanup_entropy(&ectx);
dst_lib_destroy();
dns_name_destroy();
if (verbose > 10)
#include <isc/buffer.h>
#include <isc/commandline.h>
-#include <isc/entropy.h>
#include <isc/file.h>
#include <isc/hash.h>
#include <isc/mem.h>
char keystr[DST_KEY_FORMATSIZE];
char *endp;
int ch;
- isc_entropy_t *ectx = NULL;
dst_key_t *key = NULL;
isc_uint32_t flags;
isc_buffer_t buf;
}
}
- if (ectx == NULL)
- setup_entropy(mctx, NULL, &ectx);
- result = dst_lib_init(mctx, ectx, engine,
- ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY);
+ result = dst_lib_init(mctx, engine);
if (result != ISC_R_SUCCESS)
fatal("Could not initialize dst: %s",
isc_result_totext(result));
- isc_entropy_stopcallbacksources(ectx);
result = dst_key_fromnamedfile(filename, dir,
DST_TYPE_PUBLIC|DST_TYPE_PRIVATE,
cleanup:
dst_key_free(&key);
dst_lib_destroy();
- cleanup_entropy(&ectx);
if (verbose > 10)
isc_mem_stats(mctx, stdout);
if (dir != NULL)
#include <isc/buffer.h>
#include <isc/commandline.h>
-#include <isc/entropy.h>
#include <isc/file.h>
#include <isc/hash.h>
#include <isc/mem.h>
char keystr[DST_KEY_FORMATSIZE];
char *endp, *p;
int ch;
- isc_entropy_t *ectx = NULL;
const char *predecessor = NULL;
dst_key_t *prevkey = NULL;
dst_key_t *key = NULL;
if (argc > isc_commandline_index + 1)
fatal("Extraneous arguments");
- if (ectx == NULL)
- setup_entropy(mctx, NULL, &ectx);
- result = dst_lib_init(mctx, ectx, engine,
- ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY);
+ result = dst_lib_init(mctx, engine);
if (result != ISC_R_SUCCESS)
fatal("Could not initialize dst: %s",
isc_result_totext(result));
- isc_entropy_stopcallbacksources(ectx);
if (predecessor != NULL) {
int major, minor;
dst_key_free(&prevkey);
dst_key_free(&key);
dst_lib_destroy();
- cleanup_entropy(&ectx);
if (verbose > 10)
isc_mem_stats(mctx, stdout);
cleanup_logging(&log);
#include <isc/app.h>
#include <isc/base32.h>
#include <isc/commandline.h>
-#include <isc/entropy.h>
#include <isc/event.h>
#include <isc/file.h>
#include <isc/hash.h>
static isc_boolean_t tryverify = ISC_FALSE;
static isc_boolean_t printstats = ISC_FALSE;
static isc_mem_t *mctx = NULL;
-static isc_entropy_t *ectx = NULL;
static dns_ttl_t zone_soa_min_ttl;
static dns_ttl_t soa_ttl;
static FILE *outfp = NULL;
else
expiry = endtime;
- jendtime = (jitter != 0) ? isc_random_jitter(expiry, jitter) : expiry;
+ jendtime = (jitter != 0) ? expiry - isc_random_uniform(jitter) : expiry;
isc_buffer_init(&b, array, sizeof(array));
result = dns_dnssec_sign(name, rdataset, key, &starttime, &jendtime,
mctx, &b, &trdata);
- isc_entropy_stopcallbacksources(ectx);
if (result != ISC_R_SUCCESS) {
fatal("dnskey '%s' failed to sign data: %s",
keystr, isc_result_totext(result));
#else
fprintf(stderr, "\t\tname of an OpenSSL engine to use\n");
#endif
- fprintf(stderr, "\t-p:\t");
- fprintf(stderr, "use pseudorandom data (faster but less secure)\n");
fprintf(stderr, "\t-P:\t");
fprintf(stderr, "disable post-sign verification\n");
fprintf(stderr, "\t-Q:\t");
dns_dnsseckey_t *key;
isc_result_t result;
isc_log_t *log = NULL;
- isc_boolean_t pseudorandom = ISC_FALSE;
#ifdef USE_PKCS11
const char *engine = PKCS11_ENGINE;
#else
const char *engine = NULL;
#endif
- unsigned int eflags;
isc_boolean_t free_output = ISC_FALSE;
int tempfilelen = 0;
dns_rdataclass_t rdclass;
break;
case 'p':
- pseudorandom = ISC_TRUE;
+ fatal("The -p option has been deprecated.\n");
break;
case 'Q':
break;
case 'r':
- setup_entropy(mctx, isc_commandline_argument, &ectx);
+ fatal("The -r options has been deprecated.\n");
break;
case 'S':
}
}
- if (ectx == NULL)
- setup_entropy(mctx, NULL, &ectx);
- eflags = ISC_ENTROPY_BLOCKING;
- if (!pseudorandom)
- eflags |= ISC_ENTROPY_GOODONLY;
-
- result = dst_lib_init(mctx, ectx, engine, eflags);
+ result = dst_lib_init(mctx, engine);
if (result != ISC_R_SUCCESS)
fatal("could not initialize dst: %s",
isc_result_totext(result));
cleanup_logging(&log);
dst_lib_destroy();
- cleanup_entropy(&ectx);
dns_name_destroy();
if (verbose > 10)
isc_mem_stats(mctx, stdout);
#include <isc/app.h>
#include <isc/base32.h>
#include <isc/commandline.h>
-#include <isc/entropy.h>
#include <isc/event.h>
#include <isc/file.h>
#include <isc/hash.h>
static isc_stdtime_t now;
static isc_mem_t *mctx = NULL;
-static isc_entropy_t *ectx = NULL;
static dns_masterformat_t inputformat = dns_masterformat_text;
static dns_db_t *gdb; /* The database */
static dns_dbversion_t *gversion; /* The database version */
}
}
- if (ectx == NULL)
- setup_entropy(mctx, NULL, &ectx);
-
- result = dst_lib_init(mctx, ectx, engine, ISC_ENTROPY_BLOCKING);
+ result = dst_lib_init(mctx, engine);
if (result != ISC_R_SUCCESS)
fatal("could not initialize dst: %s",
isc_result_totext(result));
cleanup_logging(&log);
dst_lib_destroy();
- cleanup_entropy(&ectx);
dns_name_destroy();
if (verbose > 10)
isc_mem_stats(mctx, stdout);
#include <isc/buffer.h>
#include <isc/commandline.h>
#include <isc/dir.h>
-#include <isc/entropy.h>
#include <isc/file.h>
#include <isc/heap.h>
#include <isc/list.h>
extern int verbose;
extern const char *program;
-typedef struct entropysource entropysource_t;
-
-struct entropysource {
- isc_entropysource_t *source;
- isc_mem_t *mctx;
- ISC_LINK(entropysource_t) link;
-};
-
-static ISC_LIST(entropysource_t) sources;
static fatalcallback_t *fatalcallback = NULL;
void
dns_log_setcontext(NULL);
}
-void
-setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) {
- isc_result_t result;
- isc_entropysource_t *source = NULL;
- entropysource_t *elt;
- int usekeyboard = ISC_ENTROPY_KEYBOARDMAYBE;
-
- REQUIRE(ectx != NULL);
-
- if (*ectx == NULL) {
- result = isc_entropy_create(mctx, ectx);
- if (result != ISC_R_SUCCESS)
- fatal("could not create entropy object: %s",
- isc_result_totext(result));
- ISC_LIST_INIT(sources);
- }
-
- if (randomfile == NULL) {
- isc_entropy_usehook(*ectx, ISC_TRUE);
- }
- if (randomfile != NULL && strcmp(randomfile, "keyboard") == 0) {
- usekeyboard = ISC_ENTROPY_KEYBOARDYES;
- randomfile = NULL;
- }
-
- result = isc_entropy_usebestsource(*ectx, &source, randomfile,
- usekeyboard);
-
- if (result != ISC_R_SUCCESS)
- fatal("could not initialize entropy source: %s",
- isc_result_totext(result));
-
- if (source != NULL) {
- elt = isc_mem_get(mctx, sizeof(*elt));
- if (elt == NULL)
- fatal("out of memory");
- elt->source = source;
- elt->mctx = mctx;
- ISC_LINK_INIT(elt, link);
- ISC_LIST_APPEND(sources, elt, link);
- }
-}
-
-void
-cleanup_entropy(isc_entropy_t **ectx) {
- entropysource_t *source;
- while (!ISC_LIST_EMPTY(sources)) {
- source = ISC_LIST_HEAD(sources);
- ISC_LIST_UNLINK(sources, source, link);
- isc_entropy_destroysource(&source->source);
- isc_mem_put(source->mctx, source, sizeof(*source));
- }
- isc_entropy_detach(ectx);
-}
-
static isc_stdtime_t
time_units(isc_stdtime_t offset, char *suffix, const char *str) {
switch (suffix[0]) {
void
cleanup_logging(isc_log_t **logp);
-void
-setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx);
-
-void
-cleanup_entropy(isc_entropy_t **ectx);
-
dns_ttl_t strtottl(const char *str);
isc_stdtime_t
nta-recheck 300;\n\
# pid-file \"" NAMED_LOCALSTATEDIR "/run/named/named.pid\"; \n\
port 53;\n\
- prefetch 2 9;\n"
-" random-device none;\n"
-" recursing-file \"named.recursing\";\n\
+ prefetch 2 9;\n\
+ recursing-file \"named.recursing\";\n\
recursive-clients 1000;\n\
request-nsid false;\n\
reserved-sockets 512;\n\
control_recvmessage(isc_task_t *task, isc_event_t *event) {
controlconnection_t *conn = NULL;
controllistener_t *listener = NULL;
- named_server_t *server = NULL;
controlkey_t *key = NULL;
isccc_sexpr_t *request = NULL;
isccc_sexpr_t *response = NULL;
conn = event->ev_arg;
listener = conn->listener;
- server = listener->controls->server;
algorithm = DST_ALG_UNKNOWN;
secret.rstart = NULL;
text = NULL;
*/
if (conn->nonce == 0) {
while (conn->nonce == 0) {
- isc_rng_randombytes(server->sctx->rngctx, &conn->nonce,
- sizeof(conn->nonce));
+ isc_random_buf(&conn->nonce, sizeof(conn->nonce));
}
eresult = ISC_R_SUCCESS;
} else
EXTERN unsigned int named_g_udpdisp INIT(0);
EXTERN isc_taskmgr_t * named_g_taskmgr INIT(NULL);
EXTERN dns_dispatchmgr_t * named_g_dispatchmgr INIT(NULL);
-EXTERN isc_entropy_t * named_g_entropy INIT(NULL);
-EXTERN isc_entropy_t * named_g_fallbackentropy INIT(NULL);
EXTERN unsigned int named_g_cpus_detected INIT(1);
#ifdef ENABLE_AFL
isc_result_t
named_tkeyctx_fromconfig(const cfg_obj_t *options, isc_mem_t *mctx,
- isc_entropy_t *ectx, dns_tkeyctx_t **tctxp);
+ dns_tkeyctx_t **tctxp);
/*%<
* Create a TKEY context and configure it, including the default DH key
* and default domain, according to 'options'.
* Requires:
*\li 'cfg' is a valid configuration options object.
*\li 'mctx' is not NULL
- *\li 'ectx' is not NULL
*\li 'tctx' is not NULL
*\li '*tctx' is NULL
*
#include <isc/backtrace.h>
#include <isc/commandline.h>
#include <isc/dir.h>
-#include <isc/entropy.h>
#include <isc/file.h>
#include <isc/hash.h>
#include <isc/httpd.h>
ISC_LOG_INFO, "using up to %u sockets", socks);
}
- result = isc_entropy_create(named_g_mctx, &named_g_entropy);
- if (result != ISC_R_SUCCESS) {
- UNEXPECTED_ERROR(__FILE__, __LINE__,
- "isc_entropy_create() failed: %s",
- isc_result_totext(result));
- return (ISC_R_UNEXPECTED);
- }
-
return (ISC_R_SUCCESS);
}
isc_mem_free(named_g_mctx, instance);
#endif /* HAVE_LIBSCF */
-#ifdef PATH_RANDOMDEV
- /*
- * Initialize system's random device as fallback entropy source
- * if running chroot'ed.
- */
- if (named_g_chrootdir != NULL) {
- result = isc_entropy_create(named_g_mctx,
- &named_g_fallbackentropy);
- if (result != ISC_R_SUCCESS)
- named_main_earlyfatal("isc_entropy_create() failed: %s",
- isc_result_totext(result));
-
- result = isc_entropy_createfilesource(named_g_fallbackentropy,
- PATH_RANDOMDEV);
- if (result != ISC_R_SUCCESS) {
- named_main_earlywarning("could not open pre-chroot "
- "entropy source %s: %s",
- PATH_RANDOMDEV,
- isc_result_totext(result));
- isc_entropy_detach(&named_g_fallbackentropy);
- }
- }
-#endif
-
#ifdef ISC_PLATFORM_USETHREADS
/*
* Check for the number of cpu's before named_os_chroot().
if (named_g_mapped != NULL)
dns_acl_detach(&named_g_mapped);
- isc_entropy_detach(&named_g_entropy);
- if (named_g_fallbackentropy != NULL)
- isc_entropy_detach(&named_g_fallbackentropy);
-
named_server_destroy(&named_g_server);
named_builtin_deinit();
#include <isc/base64.h>
#include <isc/commandline.h>
#include <isc/dir.h>
-#include <isc/entropy.h>
#include <isc/file.h>
#include <isc/hash.h>
#include <isc/hex.h>
if (result != ISC_R_SUCCESS)
return (result);
- result = isc_entropy_getdata(named_g_entropy, view->secret,
- sizeof(view->secret), NULL, 0);
- if (result != ISC_R_SUCCESS) {
- dns_view_detach(&view);
- return (result);
- }
+ isc_random_buf(view->secret, sizeof(view->secret));
ISC_LIST_APPEND(*viewlist, view, link);
dns_view_attach(view, viewp);
/* Load the TKEY information from the configuration. */
if (options != NULL) {
dns_tkeyctx_t *t = NULL;
- CHECKM(named_tkeyctx_fromconfig(options, named_g_mctx,
- named_g_entropy, &t),
+ CHECKM(named_tkeyctx_fromconfig(options, named_g_mctx, &t),
"configuring TKEY");
if (server->sctx->tkeyctx != NULL) {
dns_tkeyctx_destroy(&server->sctx->tkeyctx);
named_g_aclconfctx),
"binding control channel(s)");
- /*
- * Open the source of entropy.
- */
- if (first_time) {
- const char *randomdev = NULL;
- int level = ISC_LOG_ERROR;
- obj = NULL;
- result = named_config_get(maps, "random-device", &obj);
- if (result == ISC_R_SUCCESS) {
- if (!cfg_obj_isvoid(obj)) {
- level = ISC_LOG_INFO;
- randomdev = cfg_obj_asstring(obj);
- }
- }
- if (randomdev == NULL) {
- isc_entropy_usehook(named_g_entropy, ISC_TRUE);
- } else {
- result = isc_entropy_createfilesource(named_g_entropy,
- randomdev);
-#ifdef PATH_RANDOMDEV
- if (named_g_fallbackentropy != NULL) {
- level = ISC_LOG_INFO;
- }
-#endif
- if (result != ISC_R_SUCCESS) {
- isc_log_write(named_g_lctx,
- NAMED_LOGCATEGORY_GENERAL,
- NAMED_LOGMODULE_SERVER,
- level,
- "could not open "
- "entropy source %s: %s",
- randomdev,
- isc_result_totext(result));
- }
-#ifdef PATH_RANDOMDEV
- if (named_g_fallbackentropy != NULL) {
- if (result != ISC_R_SUCCESS) {
- isc_log_write(named_g_lctx,
- NAMED_LOGCATEGORY_GENERAL,
- NAMED_LOGMODULE_SERVER,
- ISC_LOG_INFO,
- "using pre-chroot "
- "entropy source %s",
- PATH_RANDOMDEV);
- isc_entropy_detach(&named_g_entropy);
- isc_entropy_attach(
- named_g_fallbackentropy,
- &named_g_entropy);
- }
- isc_entropy_detach(&named_g_fallbackentropy);
- }
-#endif
- }
- }
-
#ifdef HAVE_LMDB
/*
* If we're using LMDB, we may have created newzones databases
}
}
} else {
- result = isc_entropy_getdata(named_g_entropy,
- server->sctx->secret,
- sizeof(server->sctx->secret),
- NULL,
- 0);
- if (result != ISC_R_SUCCESS) {
- goto cleanup;
- }
+ isc_random_buf(server->sctx->secret,
+ sizeof(server->sctx->secret));
}
/*
isc_event_free(&event);
- CHECKFATAL(dns_dispatchmgr_create(named_g_mctx, named_g_entropy,
- &named_g_dispatchmgr),
+ CHECKFATAL(dns_dispatchmgr_create(named_g_mctx, &named_g_dispatchmgr),
"creating dispatch manager");
dns_dispatchmgr_setstats(named_g_dispatchmgr, server->resolverstats);
server->in_roothints = NULL;
/* Must be first. */
- CHECKFATAL(dst_lib_init(named_g_mctx, named_g_entropy,
- named_g_engine, ISC_ENTROPY_GOODONLY),
+ CHECKFATAL(dst_lib_init(named_g_mctx, named_g_engine),
"initializing DST");
CHECKFATAL(dns_rootns_create(mctx, dns_rdataclass_in, NULL,
isc_taskmgr_setexcltask(named_g_taskmgr, server->task);
server->sctx = NULL;
- CHECKFATAL(ns_server_create(mctx, named_g_entropy,
- get_matching_view,
+ CHECKFATAL(ns_server_create(mctx, get_matching_view,
&server->sctx),
"creating server context");
if (saltlen > 256U)
return (ISC_R_RANGE);
- isc_rng_randombytes(named_g_server->sctx->rngctx, salt, saltlen);
+ isc_random_buf(salt, saltlen);
r.base = salt;
r.length = (unsigned int) saltlen;
isc_result_t
named_tkeyctx_fromconfig(const cfg_obj_t *options, isc_mem_t *mctx,
- isc_entropy_t *ectx, dns_tkeyctx_t **tctxp)
+ dns_tkeyctx_t **tctxp)
{
isc_result_t result;
dns_tkeyctx_t *tctx = NULL;
const cfg_obj_t *obj;
int type;
- result = dns_tkeyctx_create(mctx, ectx, &tctx);
+ result = dns_tkeyctx_create(mctx, &tctx);
if (result != ISC_R_SUCCESS)
return (result);
#include <isc/base64.h>
#include <isc/buffer.h>
#include <isc/commandline.h>
-#include <isc/entropy.h>
#include <isc/event.h>
#include <isc/file.h>
#include <isc/hash.h>
static isc_sockaddr_t *localaddr6 = NULL;
static const char *keyfile = NULL;
static char *keystr = NULL;
-static isc_entropy_t *entropy = NULL;
static isc_boolean_t shuttingdown = ISC_FALSE;
static FILE *input;
static isc_boolean_t interactive = ISC_TRUE;
#define STATUS_QUIT (isc_uint16_t)2
#define STATUS_SYNTAX (isc_uint16_t)3
-typedef struct entropysource entropysource_t;
-
-struct entropysource {
- isc_entropysource_t *source;
- isc_mem_t *mctx;
- ISC_LINK(entropysource_t) link;
-};
-
-static ISC_LIST(entropysource_t) sources;
-
-static void
-setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) {
- isc_result_t result;
- isc_entropysource_t *source = NULL;
- entropysource_t *elt;
- int usekeyboard = ISC_ENTROPY_KEYBOARDMAYBE;
-
- REQUIRE(ectx != NULL);
-
- if (*ectx == NULL) {
- result = isc_entropy_create(mctx, ectx);
- if (result != ISC_R_SUCCESS)
- fatal("could not create entropy object: %s",
- isc_result_totext(result));
- ISC_LIST_INIT(sources);
- }
-
- if (randomfile != NULL && strcmp(randomfile, "keyboard") == 0) {
- usekeyboard = ISC_ENTROPY_KEYBOARDYES;
- randomfile = NULL;
- }
-
- if (randomfile == NULL) {
- isc_entropy_usehook(*ectx, ISC_TRUE);
- }
- result = isc_entropy_usebestsource(*ectx, &source, randomfile,
- usekeyboard);
-
- if (result != ISC_R_SUCCESS)
- fatal("could not initialize entropy source: %s",
- isc_result_totext(result));
-
- if (source != NULL) {
- elt = isc_mem_get(mctx, sizeof(*elt));
- if (elt == NULL)
- fatal("out of memory");
- elt->source = source;
- elt->mctx = mctx;
- ISC_LINK_INIT(elt, link);
- ISC_LIST_APPEND(sources, elt, link);
- }
-}
-
-static void
-cleanup_entropy(isc_entropy_t **ectx) {
- entropysource_t *source;
- while (!ISC_LIST_EMPTY(sources)) {
- source = ISC_LIST_HEAD(sources);
- ISC_LIST_UNLINK(sources, source, link);
- isc_entropy_destroysource(&source->source);
- isc_mem_put(source->mctx, source, sizeof(*source));
- }
- isc_entropy_detach(ectx);
-}
-
static void
master_from_servers(void) {
is_dst_up = ISC_FALSE;
}
- cleanup_entropy(&entropy);
-
ddebug("Destroying request manager");
dns_requestmgr_detach(&requestmgr);
irs_resconf_destroy(&resconf);
- if (entropy == NULL)
- setup_entropy(gmctx, NULL, &entropy);
-
- result = dns_dispatchmgr_create(gmctx, entropy, &dispatchmgr);
+ result = dns_dispatchmgr_create(gmctx, &dispatchmgr);
check_result(result, "dns_dispatchmgr_create");
result = isc_socketmgr_create(gmctx, &socketmgr);
result = isc_task_onshutdown(global_task, shutdown_program, NULL);
check_result(result, "isc_task_onshutdown");
- result = dst_lib_init(gmctx, entropy, NULL, 0);
+ result = dst_lib_init(gmctx, NULL);
check_result(result, "dst_lib_init");
is_dst_up = ISC_TRUE;
}
static void
-parse_args(int argc, char **argv, isc_mem_t *mctx, isc_entropy_t **ectx) {
+parse_args(int argc, char **argv) {
int ch;
isc_uint32_t i;
isc_result_t result;
break;
case 'R':
- setup_entropy(mctx, isc_commandline_argument, ectx);
+ fatal("The -R options has been deprecated.\n");
break;
default:
keyname = dns_fixedname_initname(&fkname);
- isc_random_get(&val);
+ val = isc_random();
result = snprintf(mykeystr, sizeof(mykeystr), "%u.sig-%s", val, namestr);
RUNTIME_CHECK(result <= sizeof(mykeystr));
result = isc_mem_create(0, 0, &gmctx);
check_result(result, "isc_mem_create");
- parse_args(argc, argv, gmctx, &entropy);
+ parse_args(argc, argv);
setup_system();
if (argc < 1)
usage(1);
- isc_random_get(&serial);
+ serial = isc_random();
DO("create memory context", isc_mem_create(0, 0, &rndc_mctx));
DO("create socket manager", isc_socketmgr_create(rndc_mctx, &socketmgr));
/*! \file */
#include <config.h>
-#include <isc/entropy.h>
#include <isc/hash.h>
#include <isc/log.h>
#include <isc/mem.h>
isc_mem_t *mctx = NULL;
isc_log_t *lctx = NULL;
-isc_entropy_t *ectx = NULL;
static isc_boolean_t dst_active = ISC_FALSE;
isc_mem_debugging |= ISC_MEM_DEBUGRECORD;
CHECK(isc_mem_create(0, 0, &mctx));
- CHECK(isc_entropy_create(mctx, &ectx));
- CHECK(dst_lib_init(mctx, ectx, NULL, ISC_ENTROPY_BLOCKING));
+ CHECK(dst_lib_init(mctx, NULL));
dst_active = ISC_TRUE;
CHECK(isc_log_create(mctx, &lctx, &logconfig));
dst_lib_destroy();
dst_active = ISC_FALSE;
}
- if (ectx != NULL)
- isc_entropy_detach(&ectx);
if (mctx != NULL)
isc_mem_destroy(&mctx);
byname_test@EXEEXT@ \
db_test@EXEEXT@ \
dst_test@EXEEXT@ \
- entropy_test@EXEEXT@ \
- entropy2_test@EXEEXT@ \
gsstest@EXEEXT@ \
hash_test@EXEEXT@ \
fsaccess_test@EXEEXT@ \
byname_test.c \
db_test.c \
dst_test.c \
- entropy_test.c \
- entropy2_test.c \
hash_test.c \
fsaccess_test.c \
gsstest.c \
#include <isc/app.h>
#include <isc/buffer.h>
-#include <isc/entropy.h>
#include <isc/hash.h>
#include <isc/print.h>
#include <isc/socket.h>
};
static isc_mem_t *mctx = NULL;
-static isc_entropy_t *ectx = NULL;
static isc_mempool_t *cmp;
static isc_log_t *lctx;
static isc_logconfig_t *lcfg;
check_result(result, "isc_socketmgr_create");
dispatchmgr = NULL;
- result = dns_dispatchmgr_create(mctx, NULL, &dispatchmgr);
+ result = dns_dispatchmgr_create(mctx, &dispatchmgr);
check_result(result, "dns_dispatchmgr_create");
}
== ISC_R_SUCCESS);
isc_mempool_setname(cmp, "adb test clients");
- result = isc_entropy_create(mctx, &ectx);
- check_result(result, "isc_entropy_create()");
result = isc_log_create(mctx, &lctx, &lcfg);
check_result(result, "isc_log_create()");
isc_log_setcontext(lctx);
isc_log_destroy(&lctx);
- isc_entropy_detach(&ectx);
-
isc_mempool_destroy(&cmp);
isc_mem_stats(mctx, stdout);
isc_mem_destroy(&mctx);
isc_task_setname(task, "byaddr", NULL);
dispatchmgr = NULL;
- RUNTIME_CHECK(dns_dispatchmgr_create(mctx, NULL, &dispatchmgr)
+ RUNTIME_CHECK(dns_dispatchmgr_create(mctx, &dispatchmgr)
== ISC_R_SUCCESS);
timermgr = NULL;
#include <isc/app.h>
#include <isc/commandline.h>
-#include <isc/entropy.h>
#include <isc/hash.h>
#include <isc/netaddr.h>
#include <isc/print.h>
#include <dns/result.h>
static isc_mem_t *mctx = NULL;
-static isc_entropy_t *ectx = NULL;
static isc_taskmgr_t *taskmgr;
static dns_view_t *view = NULL;
static dns_adbfind_t *find = NULL;
mctx = NULL;
RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
- RUNTIME_CHECK(isc_entropy_create(mctx, &ectx) == ISC_R_SUCCESS);
-
while ((ch = isc_commandline_parse(argc, argv, "d:vw:")) != -1) {
switch (ch) {
case 'd':
isc_task_setname(task, "byname", NULL);
dispatchmgr = NULL;
- RUNTIME_CHECK(dns_dispatchmgr_create(mctx, NULL, &dispatchmgr)
+ RUNTIME_CHECK(dns_dispatchmgr_create(mctx, &dispatchmgr)
== ISC_R_SUCCESS);
timermgr = NULL;
isc_log_destroy(&lctx);
- isc_entropy_detach(&ectx);
-
if (verbose)
isc_mem_stats(mctx, stdout);
isc_mem_destroy(&mctx);
#include <unistd.h> /* XXX */
#include <isc/buffer.h>
-#include <isc/entropy.h>
#include <isc/mem.h>
#include <isc/print.h>
#include <isc/region.h>
int
main(void) {
isc_mem_t *mctx = NULL;
- isc_entropy_t *ectx = NULL;
isc_buffer_t b;
dns_fixedname_t fname;
dns_name_t *name;
dns_result_register();
- result = isc_entropy_create(mctx, &ectx);
- if (result != ISC_R_SUCCESS)
- return (1);
- result = isc_entropy_createfilesource(ectx, "randomfile");
- if (result != ISC_R_SUCCESS)
- return (1);
- dst_lib_init(mctx, ectx, NULL,
- ISC_ENTROPY_BLOCKING|ISC_ENTROPY_GOODONLY);
+ dst_lib_init(mctx, NULL);
name = dns_fixedname_initname(&fname);
isc_buffer_constinit(&b, "test.", 5);
generate(DST_ALG_HMACMD5, mctx);
dst_lib_destroy();
- isc_entropy_detach(&ectx);
isc_mem_put(mctx, current, 256);
/* isc_mem_stats(mctx, stdout);*/
+++ /dev/null
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-/*! \file */
-
-#include <config.h>
-
-#include <stdio.h>
-#include <stdlib.h>
-
-#include <isc/entropy.h>
-#include <isc/keyboard.h>
-#include <isc/mem.h>
-#include <isc/print.h>
-#include <isc/string.h>
-#include <isc/time.h>
-#include <isc/util.h>
-
-static void
-hex_dump(const char *msg, void *data, unsigned int length) {
- unsigned int len;
- unsigned char *base;
- isc_boolean_t first = ISC_TRUE;
-
- base = data;
-
- printf("DUMP of %u bytes: %s\n\t", length, msg);
- for (len = 0; len < length; len++) {
- if (len % 16 == 0 && !first)
- printf("\n\t");
- printf("%02x ", base[len]);
- first = ISC_FALSE;
- }
- printf("\n");
-}
-
-static void
-CHECK(const char *msg, isc_result_t result) {
- if (result != ISC_R_SUCCESS) {
- printf("FAILURE: %s: %s\n", msg, isc_result_totext(result));
- exit(1);
- }
-}
-
-static isc_result_t
-start(isc_entropysource_t *source, void *arg, isc_boolean_t blocking) {
- isc_keyboard_t *kbd = (isc_keyboard_t *)arg;
-
- UNUSED(source);
-
- if (blocking)
- printf("start called, blocking mode.\n");
- else
- printf("start called, non-blocking mode.\n");
-
- return (isc_keyboard_open(kbd));
-}
-
-static void
-stop(isc_entropysource_t *source, void *arg) {
- isc_keyboard_t *kbd = (isc_keyboard_t *)arg;
-
- UNUSED(source);
-
- printf("ENOUGH! Stop typing, please.\r\n");
-
- (void)isc_keyboard_close(kbd, 3);
- printf("stop called\n");
-}
-
-static isc_result_t
-get(isc_entropysource_t *source, void *arg, isc_boolean_t blocking) {
- isc_keyboard_t *kbd = (isc_keyboard_t *)arg;
- isc_result_t result;
- isc_time_t t;
- isc_uint32_t sample;
- isc_uint32_t extra;
- unsigned char c;
-
- if (!blocking)
- return (ISC_R_NOENTROPY);
-
- result = isc_keyboard_getchar(kbd, &c);
- if (result != ISC_R_SUCCESS)
- return (result);
-
- TIME_NOW(&t);
-
- sample = isc_time_nanoseconds(&t);
- extra = c;
-
- result = isc_entropy_addcallbacksample(source, sample, extra);
- if (result != ISC_R_SUCCESS) {
- printf("\r\n");
- return (result);
- }
-
- printf(".");
- fflush(stdout);
-
- return (result);
-}
-
-int
-main(int argc, char **argv) {
- isc_mem_t *mctx;
- unsigned char buffer[512];
- isc_entropy_t *ent;
- isc_entropysource_t *source;
- unsigned int returned;
- unsigned int flags;
- isc_result_t result;
- isc_keyboard_t kbd;
-
- UNUSED(argc);
- UNUSED(argv);
-
- mctx = NULL;
- CHECK("isc_mem_create()",
- isc_mem_create(0, 0, &mctx));
-
- ent = NULL;
- CHECK("isc_entropy_create()",
- isc_entropy_create(mctx, &ent));
-
- isc_entropy_stats(ent, stderr);
-
- source = NULL;
- result = isc_entropy_createcallbacksource(ent, start, get, stop, &kbd,
- &source);
- CHECK("isc_entropy_createcallbacksource()", result);
-
- fprintf(stderr,
- "Reading 32 bytes of GOOD random data only, partial OK\n");
-
- flags = 0;
- flags |= ISC_ENTROPY_GOODONLY;
- flags |= ISC_ENTROPY_PARTIAL;
- flags |= ISC_ENTROPY_BLOCKING;
- returned = 0;
- result = isc_entropy_getdata(ent, buffer, 32, &returned, flags);
- if (result == ISC_R_NOENTROPY) {
- fprintf(stderr, "No entropy.\r\n");
- }
-
- isc_entropy_stopcallbacksources(ent);
-
- hex_dump("good data only:", buffer, returned);
-
- isc_entropy_stats(ent, stderr);
-
- isc_entropy_destroysource(&source);
- isc_entropy_detach(&ent);
-
- isc_mem_stats(mctx, stderr);
- isc_mem_destroy(&mctx);
-
- return (0);
-}
+++ /dev/null
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-/*! \file */
-
-#include <config.h>
-
-#include <stdio.h>
-#include <stdlib.h>
-
-#include <isc/entropy.h>
-#include <isc/mem.h>
-#include <isc/print.h>
-#include <isc/string.h>
-#include <isc/util.h>
-
-static void
-hex_dump(const char *msg, void *data, unsigned int length) {
- unsigned int len;
- unsigned char *base;
- isc_boolean_t first = ISC_TRUE;
-
- base = data;
-
- printf("DUMP of %u bytes: %s\n\t", length, msg);
- for (len = 0; len < length; len++) {
- if (len % 16 == 0 && !first)
- printf("\n\t");
- printf("%02x ", base[len]);
- first = ISC_FALSE;
- }
- printf("\n");
-}
-
-static void
-CHECK(const char *msg, isc_result_t result) {
- if (result != ISC_R_SUCCESS) {
- printf("FAILURE: %s: %s\n", msg, isc_result_totext(result));
- exit(1);
- }
-}
-
-int
-main(int argc, char **argv) {
- isc_mem_t *mctx;
- unsigned char buffer[512];
- isc_entropy_t *ent;
- unsigned int returned;
- unsigned int flags;
- isc_result_t result;
-
- UNUSED(argc);
- UNUSED(argv);
-
- mctx = NULL;
- CHECK("isc_mem_create()",
- isc_mem_create(0, 0, &mctx));
-
- ent = NULL;
- CHECK("isc_entropy_create()",
- isc_entropy_create(mctx, &ent));
-
- isc_entropy_stats(ent, stderr);
-
-#if 1
- CHECK("isc_entropy_createfilesource() 1",
- isc_entropy_createfilesource(ent, "/dev/random"));
- CHECK("isc_entropy_createfilesource() 2",
- isc_entropy_createfilesource(ent, "/dev/random"));
-#else
- CHECK("isc_entropy_createfilesource() 3",
- isc_entropy_createfilesource(ent, "/tmp/foo"));
-#endif
-
- fprintf(stderr,
- "Reading 32 bytes of GOOD random data only, partial OK\n");
-
- flags = 0;
- flags |= ISC_ENTROPY_GOODONLY;
- flags |= ISC_ENTROPY_PARTIAL;
- result = isc_entropy_getdata(ent, buffer, 32, &returned, flags);
- if (result == ISC_R_NOENTROPY) {
- fprintf(stderr, "No entropy.\n");
- goto any;
- }
- hex_dump("good data only:", buffer, returned);
-
- any:
- isc_entropy_stats(ent, stderr);
- CHECK("isc_entropy_getdata() pseudorandom",
- isc_entropy_getdata(ent, buffer, 128, NULL, 0));
- hex_dump("pseudorandom data", buffer, 128);
-
- isc_entropy_stats(ent, stderr);
- flags = 0;
- flags |= ISC_ENTROPY_GOODONLY;
- flags |= ISC_ENTROPY_BLOCKING;
- result = isc_entropy_getdata(ent, buffer, sizeof(buffer), &returned,
- flags);
- CHECK("good data only, blocking mode", result);
- hex_dump("blocking mode data", buffer, sizeof(buffer));
-
- {
- isc_entropy_t *entcopy1 = NULL;
- isc_entropy_t *entcopy2 = NULL;
- isc_entropy_t *entcopy3 = NULL;
-
- isc_entropy_attach(ent, &entcopy1);
- isc_entropy_attach(ent, &entcopy2);
- isc_entropy_attach(ent, &entcopy3);
-
- isc_entropy_stats(ent, stderr);
-
- isc_entropy_detach(&entcopy1);
- isc_entropy_detach(&entcopy2);
- isc_entropy_detach(&entcopy3);
- }
-
- isc_entropy_detach(&ent);
- isc_mem_stats(mctx, stderr);
- isc_mem_destroy(&mctx);
-
- return (0);
-}
#include <isc/app.h>
#include <isc/base64.h>
-#include <isc/entropy.h>
#include <isc/log.h>
#include <isc/mem.h>
#include <isc/print.h>
dns_dispatchmgr_t *dispatchmgr;
dns_dispatch_t *dispatchv4;
dns_view_t *view;
- isc_entropy_t *ectx;
isc_task_t *task;
isc_log_t *lctx = NULL;
isc_logconfig_t *lcfg = NULL;
isc_log_setdebuglevel(lctx, 9);
- ectx = NULL;
- RUNCHECK(isc_entropy_create(mctx, &ectx));
- RUNCHECK(isc_entropy_createfilesource(ectx, "/dev/urandom"));
-
- RUNCHECK(dst_lib_init(mctx, ectx, NULL, ISC_ENTROPY_GOODONLY));
+ RUNCHECK(dst_lib_init(mctx, NULL));
taskmgr = NULL;
RUNCHECK(isc_taskmgr_create(mctx, 1, 0, &taskmgr));
socketmgr = NULL;
RUNCHECK(isc_socketmgr_create(mctx, &socketmgr));
dispatchmgr = NULL;
- RUNCHECK(dns_dispatchmgr_create(mctx, ectx, &dispatchmgr));
+ RUNCHECK(dns_dispatchmgr_create(mctx, &dispatchmgr));
isc_sockaddr_any(&bind_any);
attrs = DNS_DISPATCHATTR_UDP |
DNS_DISPATCHATTR_MAKEQUERY |
dns_view_detach(&view);
dst_lib_destroy();
- isc_entropy_detach(&ectx);
isc_mem_stats(mctx, stdout);
isc_mem_destroy(&mctx);
#include <isc/boolean.h>
#include <isc/assertions.h>
#include <isc/commandline.h>
-#include <isc/entropy.h>
#include <isc/error.h>
#include <isc/log.h>
#include <isc/mem.h>
unsigned char qdata[1024], rdata[1024];
isc_buffer_t qbuffer, rbuffer;
isc_taskmgr_t *taskmgr;
-isc_entropy_t *ent = NULL;
isc_task_t *task1;
isc_log_t *lctx = NULL;
isc_logconfig_t *logconfig = NULL;
}
}
- RUNTIME_CHECK(isc_entropy_create(mctx, &ent) == ISC_R_SUCCESS);
- RUNTIME_CHECK(dst_lib_init(mctx, ent, NULL, 0) == ISC_R_SUCCESS);
+ RUNTIME_CHECK(dst_lib_init(mctx, NULL) == ISC_R_SUCCESS);
dns_result_register();
dst_result_register();
dst_lib_destroy();
- isc_entropy_detach(&ent);
-
isc_log_destroy(&lctx);
if (verbose)
#include <isc/app.h>
#include <isc/base64.h>
#include <isc/commandline.h>
-#include <isc/entropy.h>
#include <isc/hash.h>
#include <isc/log.h>
#include <isc/mem.h>
int
main(int argc, char *argv[]) {
- char *randomfile = NULL;
isc_sockaddr_t bind_any;
struct in_addr inaddr;
isc_result_t result;
isc_log_t *lctx;
isc_logconfig_t *lcfg;
- isc_entropy_t *ectx;
isc_taskmgr_t *taskmgr;
isc_task_t *task;
isc_timermgr_t *timermgr;
}
break;
case 'r':
- randomfile = isc_commandline_argument;
+ fprintf(stderr, "The -r option has been deprecated.\n");
break;
case '?':
fprintf(stderr, "%s: invalid argument '%c'",
lcfg = NULL;
RUNCHECK(isc_log_create(mctx, &lctx, &lcfg));
- ectx = NULL;
- RUNCHECK(isc_entropy_create(mctx, &ectx));
- if (randomfile == NULL) {
- isc_entropy_usehook(ectx, ISC_TRUE);
- }
- if (randomfile != NULL)
- RUNCHECK(isc_entropy_createfilesource(ectx, randomfile));
-
- RUNCHECK(dst_lib_init(mctx, ectx, NULL, ISC_ENTROPY_GOODONLY));
+ RUNCHECK(dst_lib_init(mctx, NULL));
taskmgr = NULL;
RUNCHECK(isc_taskmgr_create(mctx, 1, 0, &taskmgr));
socketmgr = NULL;
RUNCHECK(isc_socketmgr_create(mctx, &socketmgr));
dispatchmgr = NULL;
- RUNCHECK(dns_dispatchmgr_create(mctx, ectx, &dispatchmgr));
+ RUNCHECK(dns_dispatchmgr_create(mctx, &dispatchmgr));
attrs = DNS_DISPATCHATTR_UDP |
DNS_DISPATCHATTR_MAKEQUERY |
isc_taskmgr_destroy(&taskmgr);
dst_lib_destroy();
- isc_entropy_detach(&ectx);
isc_log_destroy(&lctx);
#include <stdlib.h>
#include <isc/buffer.h>
-#include <isc/entropy.h>
#include <isc/mem.h>
#include <isc/platform.h>
#include <isc/print.h>
dns_fixedname_t fname;
dns_name_t *name;
unsigned int bits = 1024U;
-isc_entropy_t *ectx;
-isc_entropysource_t *source;
isc_mem_t *mctx;
isc_log_t *log_;
isc_logconfig_t *logconfig;
dns_result_register();
CHECK(isc_mem_create(0, 0, &mctx), "isc_mem_create()");
- CHECK(isc_entropy_create(mctx, &ectx), "isc_entropy_create()");
- isc_entropy_usehook(ectx, ISC_TRUE);
- CHECK(isc_entropy_usebestsource(ectx, &source,
- "../random.data",
- ISC_ENTROPY_KEYBOARDNO),
- "isc_entropy_usebestsource(\"../random.data\")");
- CHECK(dst_lib_init(mctx, ectx, NULL, 0), "dst_lib_init()");
+ CHECK(dst_lib_init(mctx, NULL), "dst_lib_init()");
CHECK(isc_log_create(mctx, &log_, &logconfig), "isc_log_create()");
isc_log_setcontext(log_);
dns_log_init(log_);
isc_log_destroy(&log_);
isc_log_setcontext(NULL);
dns_log_setcontext(NULL);
- if (source != NULL)
- isc_entropy_destroysource(&source);
- isc_entropy_detach(&ectx);
dst_lib_destroy();
dns_name_destroy();
isc_mem_destroy(&mctx);
#include <isc/app.h>
#include <isc/base64.h>
-#include <isc/entropy.h>
#include <isc/hash.h>
#include <isc/log.h>
#include <isc/mem.h>
#include <isc/print.h>
+#include <isc/random.h>
#include <isc/sockaddr.h>
#include <isc/socket.h>
#include <isc/task.h>
int
main(int argc, char *argv[]) {
char *ourkeyname;
- char *randomfile;
isc_taskmgr_t *taskmgr;
isc_timermgr_t *timermgr;
isc_socketmgr_t *socketmgr;
dns_dispatchmgr_t *dispatchmgr;
dns_dispatch_t *dispatchv4;
dns_view_t *view;
- isc_entropy_t *ectx;
dns_tkeyctx_t *tctx;
isc_log_t *log;
isc_logconfig_t *logconfig;
RUNCHECK(isc_app_start());
- randomfile = NULL;
-
if (argc < 2) {
fprintf(stderr, "I:no DH key provided\n");
exit(-1);
}
if (strcmp(argv[1], "-r") == 0) {
- if (argc < 4) {
- fprintf(stderr, "I:no DH key provided\n");
- exit(-1);
- }
- randomfile = argv[2];
- argv += 2;
- argc -= 2;
+ fprintf(stderr, "I:the -r option has been deprecated\n");
+ exit(-1);
}
ourkeyname = argv[1];
isc_mem_debugging = ISC_MEM_DEBUGRECORD;
RUNCHECK(isc_mem_create(0, 0, &mctx));
- ectx = NULL;
- RUNCHECK(isc_entropy_create(mctx, &ectx));
- if (randomfile == NULL) {
- isc_entropy_usehook(ectx, ISC_TRUE);
- }
- if (randomfile != NULL) {
- RUNCHECK(isc_entropy_createfilesource(ectx, randomfile));
- }
-
log = NULL;
logconfig = NULL;
RUNCHECK(isc_log_create(mctx, &log, &logconfig));
- RUNCHECK(dst_lib_init(mctx, ectx, NULL, ISC_ENTROPY_GOODONLY));
+ RUNCHECK(dst_lib_init(mctx, NULL));
taskmgr = NULL;
RUNCHECK(isc_taskmgr_create(mctx, 1, 0, &taskmgr));
socketmgr = NULL;
RUNCHECK(isc_socketmgr_create(mctx, &socketmgr));
dispatchmgr = NULL;
- RUNCHECK(dns_dispatchmgr_create(mctx, NULL, &dispatchmgr));
+ RUNCHECK(dns_dispatchmgr_create(mctx, &dispatchmgr));
isc_sockaddr_any(&bind_any);
attrs = DNS_DISPATCHATTR_UDP |
DNS_DISPATCHATTR_MAKEQUERY |
ring = NULL;
RUNCHECK(dns_tsigkeyring_create(mctx, &ring));
tctx = NULL;
- RUNCHECK(dns_tkeyctx_create(mctx, ectx, &tctx));
+ RUNCHECK(dns_tkeyctx_create(mctx, &tctx));
view = NULL;
RUNCHECK(dns_view_create(mctx, 0, "_test", &view));
CHECK("dst_key_fromnamedfile", result);
isc_buffer_init(&nonce, noncedata, sizeof(noncedata));
- result = isc_entropy_getdata(ectx, noncedata, sizeof(noncedata),
- NULL, ISC_ENTROPY_BLOCKING);
- CHECK("isc_entropy_getdata", result);
+ isc_random_buf(noncedata, sizeof(noncedata));
isc_buffer_add(&nonce, sizeof(noncedata));
(void)isc_app_run();
isc_log_destroy(&log);
dst_lib_destroy();
- isc_entropy_detach(&ectx);
isc_mem_destroy(&mctx);
#include <isc/app.h>
#include <isc/base64.h>
-#include <isc/entropy.h>
#include <isc/hash.h>
#include <isc/log.h>
#include <isc/mem.h>
#include <isc/print.h>
+#include <isc/random.h>
#include <isc/sockaddr.h>
#include <isc/socket.h>
#include <isc/task.h>
int
main(int argc, char **argv) {
char *keyname;
- char *randomfile;
isc_taskmgr_t *taskmgr;
isc_timermgr_t *timermgr;
isc_socketmgr_t *socketmgr;
dns_dispatchmgr_t *dispatchmgr;
dns_dispatch_t *dispatchv4;
dns_view_t *view;
- isc_entropy_t *ectx;
dns_tkeyctx_t *tctx;
dst_key_t *dstkey;
isc_log_t *log;
RUNCHECK(isc_app_start());
- randomfile = NULL;
if (argc < 2) {
fprintf(stderr, "I:no key to delete\n");
exit(-1);
}
if (strcmp(argv[1], "-r") == 0) {
- if (argc < 4) {
- fprintf(stderr, "I:no DH key provided\n");
- exit(-1);
- }
- randomfile = argv[2];
- argv += 2;
- argc -= 2;
- POST(argc);
+ fprintf(stderr, "I:The -r options has been deprecated\n");
+ exit(-1);
}
keyname = argv[1];
mctx = NULL;
RUNCHECK(isc_mem_create(0, 0, &mctx));
- ectx = NULL;
- RUNCHECK(isc_entropy_create(mctx, &ectx));
- if (randomfile == NULL) {
- isc_entropy_usehook(ectx, ISC_TRUE);
- }
- if (randomfile != NULL) {
- RUNCHECK(isc_entropy_createfilesource(ectx, randomfile));
- }
-
log = NULL;
logconfig = NULL;
RUNCHECK(isc_log_create(mctx, &log, &logconfig));
- RUNCHECK(dst_lib_init(mctx, ectx, NULL, ISC_ENTROPY_GOODONLY));
+ RUNCHECK(dst_lib_init(mctx, NULL));
taskmgr = NULL;
RUNCHECK(isc_taskmgr_create(mctx, 1, 0, &taskmgr));
socketmgr = NULL;
RUNCHECK(isc_socketmgr_create(mctx, &socketmgr));
dispatchmgr = NULL;
- RUNCHECK(dns_dispatchmgr_create(mctx, NULL, &dispatchmgr));
+ RUNCHECK(dns_dispatchmgr_create(mctx, &dispatchmgr));
isc_sockaddr_any(&bind_any);
attrs = DNS_DISPATCHATTR_UDP |
DNS_DISPATCHATTR_MAKEQUERY |
ring = NULL;
RUNCHECK(dns_tsigkeyring_create(mctx, &ring));
tctx = NULL;
- RUNCHECK(dns_tkeyctx_create(mctx, ectx, &tctx));
+ RUNCHECK(dns_tkeyctx_create(mctx, &tctx));
view = NULL;
RUNCHECK(dns_view_create(mctx, 0, "_test", &view));
isc_log_destroy(&log);
dst_lib_destroy();
- isc_entropy_detach(&ectx);
isc_mem_destroy(&mctx);
#include <isc/app.h>
#include <isc/base64.h>
-#include <isc/entropy.h>
#include <isc/hash.h>
#include <isc/hex.h>
#include <isc/log.h>
#include <isc/net.h>
#include <isc/parseint.h>
#include <isc/print.h>
+#include <isc/random.h>
#include <isc/sockaddr.h>
#include <isc/socket.h>
#include <isc/string.h>
isc_sockaddr_t bind_any;
isc_log_t *lctx;
isc_logconfig_t *lcfg;
- isc_entropy_t *ectx;
isc_taskmgr_t *taskmgr;
isc_task_t *task;
isc_timermgr_t *timermgr;
lcfg = NULL;
RUNCHECK(isc_log_create(mctx, &lctx, &lcfg));
- ectx = NULL;
- RUNCHECK(isc_entropy_create(mctx, &ectx));
- RUNCHECK(dst_lib_init(mctx, ectx, NULL, ISC_ENTROPY_GOODONLY));
- RUNCHECK(isc_entropy_getdata(ectx, cookie_secret,
- sizeof(cookie_secret), NULL, 0));
+ RUNCHECK(dst_lib_init(mctx, NULL));
+ isc_random_buf(cookie_secret, sizeof(cookie_secret));
ISC_LIST_INIT(queries);
parse_args(ISC_FALSE, argc, argv);
socketmgr = NULL;
RUNCHECK(isc_socketmgr_create(mctx, &socketmgr));
dispatchmgr = NULL;
- RUNCHECK(dns_dispatchmgr_create(mctx, ectx, &dispatchmgr));
+ RUNCHECK(dns_dispatchmgr_create(mctx, &dispatchmgr));
attrs = DNS_DISPATCHATTR_UDP |
DNS_DISPATCHATTR_MAKEQUERY;
isc_taskmgr_destroy(&taskmgr);
dst_lib_destroy();
- isc_entropy_detach(&ectx);
isc_log_destroy(&lctx);
/* Define to 1 if you have the `arc4random' function. */
#undef HAVE_ARC4RANDOM
-/* Define to 1 if you have the `arc4random_addrandom' function. */
-#undef HAVE_ARC4RANDOM_ADDRANDOM
+/* Define to 1 if you have the `arc4random_buf' function. */
+#undef HAVE_ARC4RANDOM_BUF
-/* Define to 1 if you have the `arc4random_stir' function. */
-#undef HAVE_ARC4RANDOM_STIR
+/* Define to 1 if you have the `arc4random_uniform' function. */
+#undef HAVE_ARC4RANDOM_UNIFORM
/* Define to 1 if the compiler supports __builtin_clz. */
#undef HAVE_BUILTIN_CLZ
/* Build with GeoIP Country IPv6 support */
#undef HAVE_GEOIP_V6
+/* Define to 1 if you have the `getrandom' function. */
+#undef HAVE_GETRANDOM
+
/* Define to use gperftools CPU profiler. */
#undef HAVE_GPERFTOOLS_PROFILER
enable_devpoll
with_geoip
with_gssapi
-with_randomdev
enable_threads
with_locktype
with_libtool
--with-gssapi=PATH|/path/krb5-config
Specify path for system-supplied GSSAPI
[default=yes]
- --with-randomdev=PATH Specify path for random device
--with-locktype=ARG Specify mutex lock type (adaptive or standard)
--with-libtool use GNU libtool
--with-openssl=PATH Build with OpenSSL [yes|no|path]. (Crypto is
-#
-# was --with-randomdev specified?
-#
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for random device" >&5
-$as_echo_n "checking for random device... " >&6; }
-
-# Check whether --with-randomdev was given.
-if test "${with_randomdev+set}" = set; then :
- withval=$with_randomdev; use_randomdev="$withval"
-else
- use_randomdev="unspec"
-fi
-
-
-case "$use_randomdev" in
- unspec)
- case "$cross_compiling" in
- yes)
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: unspecified" >&5
-$as_echo "unspecified" >&6; }
- as_fn_error $? " need --with-randomdev=PATH or --with-randomdev=no" "$LINENO" 5
- esac
- case "$host" in
- *-openbsd*)
- devrandom=/dev/arandom
- ;;
- *)
- devrandom=/dev/random
- ;;
- esac
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $devrandom" >&5
-$as_echo "$devrandom" >&6; }
- as_ac_File=`$as_echo "ac_cv_file_$devrandom" | $as_tr_sh`
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $devrandom" >&5
-$as_echo_n "checking for $devrandom... " >&6; }
-if eval \${$as_ac_File+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- test "$cross_compiling" = yes &&
- as_fn_error $? "cannot check for file existence when cross compiling" "$LINENO" 5
-if test -r "$devrandom"; then
- eval "$as_ac_File=yes"
-else
- eval "$as_ac_File=no"
-fi
-fi
-eval ac_res=\$$as_ac_File
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
-$as_echo "$ac_res" >&6; }
-if eval test \"x\$"$as_ac_File"\" = x"yes"; then :
- cat >>confdefs.h <<_ACEOF
-#define PATH_RANDOMDEV "$devrandom"
-_ACEOF
-
-fi
-
-
- ;;
- yes)
- as_fn_error $? "--with-randomdev must specify a path" "$LINENO" 5
- ;;
- no)
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: disabled" >&5
-$as_echo "disabled" >&6; }
- ;;
- *)
- cat >>confdefs.h <<_ACEOF
-#define PATH_RANDOMDEV "$use_randomdev"
-_ACEOF
-
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: using \"$use_randomdev\"" >&5
-$as_echo "using \"$use_randomdev\"" >&6; }
- ;;
-esac
-
+# XXXOND: Change this to deterministic DSA generation
#
# Only check dsa signature generation on these platforms when performing
# system tests.
#
# Do we have arc4random(), etc ?
-# Will use stir and if not exist addrandom
#
-for ac_func in arc4random
+for ac_func in arc4random arc4random_buf arc4random_uniform getrandom
do :
- ac_fn_c_check_func "$LINENO" "arc4random" "ac_cv_func_arc4random"
-if test "x$ac_cv_func_arc4random" = xyes; then :
- cat >>confdefs.h <<_ACEOF
-#define HAVE_ARC4RANDOM 1
-_ACEOF
-
-fi
-done
-
-for ac_func in arc4random_stir
-do :
- ac_fn_c_check_func "$LINENO" "arc4random_stir" "ac_cv_func_arc4random_stir"
-if test "x$ac_cv_func_arc4random_stir" = xyes; then :
- cat >>confdefs.h <<_ACEOF
-#define HAVE_ARC4RANDOM_STIR 1
-_ACEOF
-
-fi
-done
-
-for ac_func in arc4random_addrandom
-do :
- ac_fn_c_check_func "$LINENO" "arc4random_addrandom" "ac_cv_func_arc4random_addrandom"
-if test "x$ac_cv_func_arc4random_addrandom" = xyes; then :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
cat >>confdefs.h <<_ACEOF
-#define HAVE_ARC4RANDOM_ADDRANDOM 1
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
_ACEOF
fi
AC_SUBST(DNS_CRYPTO_LIBS)
-#
-# was --with-randomdev specified?
-#
-AC_MSG_CHECKING(for random device)
-AC_ARG_WITH(randomdev,
- AS_HELP_STRING([--with-randomdev=PATH],
- [Specify path for random device]),
- use_randomdev="$withval", use_randomdev="unspec")
-
-case "$use_randomdev" in
- unspec)
- case "$cross_compiling" in
- yes)
- AC_MSG_RESULT(unspecified)
- AC_MSG_ERROR([ need --with-randomdev=PATH or --with-randomdev=no])
- esac
- case "$host" in
- *-openbsd*)
- devrandom=/dev/arandom
- ;;
- *)
- devrandom=/dev/random
- ;;
- esac
- AC_MSG_RESULT($devrandom)
- AC_CHECK_FILE($devrandom,
- AC_DEFINE_UNQUOTED(PATH_RANDOMDEV,
- "$devrandom"),)
-
- ;;
- yes)
- AC_MSG_ERROR([--with-randomdev must specify a path])
- ;;
- no)
- AC_MSG_RESULT(disabled)
- ;;
- *)
- AC_DEFINE_UNQUOTED(PATH_RANDOMDEV, "$use_randomdev")
- AC_MSG_RESULT(using "$use_randomdev")
- ;;
-esac
-
+# XXXOND: Change this to deterministic DSA generation
#
# Only check dsa signature generation on these platforms when performing
# system tests.
#
# Do we have arc4random(), etc ?
-# Will use stir and if not exist addrandom
#
-AC_CHECK_FUNCS(arc4random)
-AC_CHECK_FUNCS(arc4random_stir)
-AC_CHECK_FUNCS(arc4random_addrandom)
+AC_CHECK_FUNCS(arc4random arc4random_buf arc4random_uniform getrandom)
sinclude(config.threads.in)dnl
#include <getopt.h>
#include <isc/buffer.h>
-#include <isc/entropy.h>
#include <isc/hash.h>
#include <isc/mem.h>
#include <isc/print.h>
main (int argc, char **argv)
{
isc_mem_t *mctx = NULL;
- isc_entropy_t *ectx = NULL;
isc_result_t result;
char *basedn;
ldap_info *tmp;
result = isc_mem_create (0, 0, &mctx);
isc_result_check (result, "isc_mem_create");
- result = isc_entropy_create(mctx, &ectx);
- isc_result_check (result, "isc_entropy_create");
-
isc_buffer_init (&buff, argzone, strlen (argzone));
isc_buffer_add (&buff, strlen (argzone));
zone = dns_fixedname_initname(&fixedzone);
printf("Operation Complete.\n");
/* Cleanup */
- isc_entropy_detach(&ectx);
isc_mem_destroy(&mctx);
if (zonefile)
free(zonefile);
#include <string.h>
#include <isc/buffer.h>
-#include <isc/entropy.h>
#include <isc/hash.h>
#include <isc/mem.h>
#include <isc/print.h>
dns_rdataset_t rdataset;
dns_rdata_t rdata = DNS_RDATA_INIT;
isc_mem_t *mctx = NULL;
- isc_entropy_t *ectx = NULL;
isc_buffer_t b;
isc_result_t result;
PGresult *res;
result = isc_mem_create(0, 0, &mctx);
check_result(result, "isc_mem_create");
- result = isc_entropy_create(mctx, &ectx);
- check_result(result, "isc_entropy_create");
-
isc_buffer_init(&b, porigin, strlen(porigin));
isc_buffer_add(&b, strlen(porigin));
origin = dns_fixedname_initname(&forigin);
PQclear(res);
dns_dbiterator_destroy(&dbiter);
dns_db_detach(&db);
- isc_entropy_detach(&ectx);
isc_mem_destroy(&mctx);
closeandexit(0);
exit(0);
#include <dns/db.h>
#include <dns/dbiterator.h>
-#include <isc/entropy.h>
#include <dns/fixedname.h>
#include <isc/hash.h>
#include <dns/name.h>
dns_rdataset_t rdataset;
dns_rdata_t rdata = DNS_RDATA_INIT;
isc_mem_t *mctx = NULL;
- isc_entropy_t *ectx = NULL;
isc_buffer_t b;
isc_result_t result;
result = isc_mem_create(0, 0, &mctx);
check_result(result, "isc_mem_create");
- result = isc_entropy_create(mctx, &ectx);
- check_result(result, "isc_entropy_create");
isc_buffer_init(&b, porigin, strlen(porigin));
isc_buffer_add(&b, strlen(porigin));
dns_dbiterator_destroy(&dbiter);
dns_db_detach(&db);
- isc_entropy_detach(&ectx);
isc_mem_destroy(&mctx);
closeandexit(0);
static inline dns_adbentry_t *
new_adbentry(dns_adb_t *adb) {
dns_adbentry_t *e;
- isc_uint32_t r;
e = isc_mempool_get(adb->emp);
if (e == NULL)
e->to512 = 0;
e->cookie = NULL;
e->cookielen = 0;
- isc_random_get(&r);
- e->srtt = (r & 0x1f) + 1;
+ e->srtt = (isc_random() & 0x1f) + 1;
e->lastage = 0;
e->expires = 0;
e->active = 0;
if (result != ISC_R_SUCCESS)
goto cleanup;
- result = dns_dispatchmgr_create(mctx, NULL, &dispatchmgr);
+ result = dns_dispatchmgr_create(mctx, &dispatchmgr);
if (result != ISC_R_SUCCESS)
goto cleanup;
client->dispatchmgr = dispatchmgr;
#include <unistd.h>
#include <stdlib.h>
-#include <isc/entropy.h>
#include <isc/mem.h>
#include <isc/mutex.h>
#include <isc/portset.h>
dns_acl_t *blackhole;
dns_portlist_t *portlist;
isc_stats_t *stats;
- isc_entropy_t *entropy; /*%< entropy source */
/* Locked by "lock". */
isc_mutex_t lock;
unsigned int state;
ISC_LIST(dns_dispatch_t) list;
- /* Locked by rng_lock. */
- isc_mutex_t rng_lock;
- isc_rng_t *rngctx; /*%< RNG context for QID */
-
/* locked by buffer_lock */
dns_qid_t *qid;
isc_mutex_t buffer_lock;
unsigned int tcpbuffers; /*%< allocated buffers */
dns_tcpmsg_t tcpmsg; /*%< for tcp streams */
dns_qid_t *qid;
- isc_rng_t *rngctx; /*%< for QID/UDP port num */
dispportlist_t *port_table; /*%< hold ports 'owned' by us */
isc_mempool_t *portpool; /*%< port table entries */
};
#define DNS_QID(disp) ((disp)->socktype == isc_sockettype_tcp) ? \
(disp)->qid : (disp)->mgr->qid
-#define DISP_RNGCTX(disp) ((disp)->socktype == isc_sockettype_udp) ? \
- ((disp)->rngctx) : ((disp)->mgr->rngctx)
/*%
* Locking a query port buffer is a bit tricky. We access the buffer without
in_port_t *portp)
{
int i;
- isc_uint32_t r;
dns_dispatchmgr_t *mgr = disp->mgr;
isc_socket_t *sock = NULL;
isc_result_t result = ISC_R_FAILURE;
dispsock->disp = disp;
dispsock->resp = NULL;
dispsock->portentry = NULL;
- isc_random_get(&r);
dispsock->task = NULL;
- isc_task_attach(disp->task[r % disp->ntasks], &dispsock->task);
+ isc_task_attach(disp->task[isc_random() % disp->ntasks], &dispsock->task);
ISC_LINK_INIT(dispsock, link);
ISC_LINK_INIT(dispsock, blink);
dispsock->magic = DISPSOCK_MAGIC;
qid = DNS_QID(disp);
for (i = 0; i < 64; i++) {
- port = ports[isc_rng_uniformrandom(DISP_RNGCTX(disp), nports)];
+ port = ports[isc_random_uniform(nports)];
isc_sockaddr_setport(&localaddr, port);
LOCK(&qid->lock);
DESTROYLOCK(&mgr->lock);
mgr->state = 0;
- if (mgr->rngctx != NULL)
- isc_rng_detach(&mgr->rngctx);
- DESTROYLOCK(&mgr->rng_lock);
-
isc_mempool_destroy(&mgr->depool);
isc_mempool_destroy(&mgr->rpool);
isc_mempool_destroy(&mgr->dpool);
DESTROYLOCK(&mgr->rpool_lock);
DESTROYLOCK(&mgr->depool_lock);
- if (mgr->entropy != NULL)
- isc_entropy_detach(&mgr->entropy);
if (mgr->qid != NULL)
qid_destroy(mctx, &mgr->qid);
*/
isc_result_t
-dns_dispatchmgr_create(isc_mem_t *mctx, isc_entropy_t *entropy,
- dns_dispatchmgr_t **mgrp)
+dns_dispatchmgr_create(isc_mem_t *mctx, dns_dispatchmgr_t **mgrp)
{
dns_dispatchmgr_t *mgr;
isc_result_t result;
mgr->blackhole = NULL;
mgr->stats = NULL;
- mgr->rngctx = NULL;
result = isc_mutex_init(&mgr->lock);
if (result != ISC_R_SUCCESS)
goto deallocate;
- result = isc_mutex_init(&mgr->rng_lock);
- if (result != ISC_R_SUCCESS)
- goto kill_lock;
-
result = isc_mutex_init(&mgr->buffer_lock);
if (result != ISC_R_SUCCESS)
- goto kill_rng_lock;
+ goto kill_lock;
result = isc_mutex_init(&mgr->depool_lock);
if (result != ISC_R_SUCCESS)
mgr->maxbuffers = 0;
mgr->bpool = NULL;
mgr->spool = NULL;
- mgr->entropy = NULL;
mgr->qid = NULL;
mgr->state = 0;
ISC_LIST_INIT(mgr->list);
if (result != ISC_R_SUCCESS)
goto kill_dpool;
- if (entropy != NULL)
- isc_entropy_attach(entropy, &mgr->entropy);
-
- result = isc_rng_create(mctx, mgr->entropy, &mgr->rngctx);
- if (result != ISC_R_SUCCESS)
- goto kill_dpool;
-
*mgrp = mgr;
return (ISC_R_SUCCESS);
DESTROYLOCK(&mgr->depool_lock);
kill_buffer_lock:
DESTROYLOCK(&mgr->buffer_lock);
- kill_rng_lock:
- DESTROYLOCK(&mgr->rng_lock);
kill_lock:
DESTROYLOCK(&mgr->lock);
deallocate:
ISC_LIST_INIT(disp->activesockets);
ISC_LIST_INIT(disp->inactivesockets);
disp->nsockets = 0;
- disp->rngctx = NULL;
- isc_rng_attach(mgr->rngctx, &disp->rngctx);
disp->port_table = NULL;
disp->portpool = NULL;
disp->dscp = -1;
kill_lock:
DESTROYLOCK(&disp->lock);
deallocate:
- if (disp->rngctx != NULL)
- isc_rng_detach(&disp->rngctx);
isc_mempool_put(mgr->dpool, disp);
return (result);
if (disp->portpool != NULL)
isc_mempool_destroy(&disp->portpool);
- if (disp->rngctx != NULL)
- isc_rng_detach(&disp->rngctx);
-
disp->mgr = NULL;
DESTROYLOCK(&disp->lock);
disp->magic = 0;
for (i = 0; i < 1024; i++) {
in_port_t prt;
- prt = ports[isc_rng_uniformrandom(DISP_RNGCTX(disp),
- nports)];
+ prt = ports[isc_random_uniform(nports)];
isc_sockaddr_setport(&localaddr_bound, prt);
result = open_socket(sockmgr, &localaddr_bound,
0, &sock, NULL);
* in which case we use the id passed in via *idp.
*/
LOCK(&qid->lock);
- if ((options & DNS_DISPATCHOPT_FIXEDID) != 0)
+ if ((options & DNS_DISPATCHOPT_FIXEDID) != 0) {
id = *idp;
- else
- isc_rng_randombytes(DISP_RNGCTX(disp), &id, sizeof(id));
+ } else {
+ isc_random_buf(&id, sizeof(id));
+ }
ok = ISC_FALSE;
i = 0;
do {
#include <isc/buffer.h>
#include <isc/dir.h>
-#include <isc/entropy.h>
#include <isc/fsaccess.h>
#include <isc/hmacsha.h>
#include <isc/lex.h>
#define DST_AS_STR(t) ((t).value.as_textregion.base)
static dst_func_t *dst_t_func[DST_MAX_ALGS];
-static isc_entropy_t *dst_entropy_pool = NULL;
-static unsigned int dst_entropy_flags = 0;
static isc_boolean_t dst_initialized = ISC_FALSE;
#endif
isc_result_t
-dst_lib_init(isc_mem_t *mctx, isc_entropy_t *ectx,
- const char *engine, unsigned int eflags) {
+dst_lib_init(isc_mem_t *mctx, const char *engine) {
isc_result_t result;
REQUIRE(mctx != NULL);
#else /* OPENSSL */
isc_mem_attach(mctx, &dst__memory_pool);
#endif /* OPENSSL */
- if (ectx != NULL) {
- isc_entropy_attach(ectx, &dst_entropy_pool);
- dst_entropy_flags = eflags;
- }
dst_result_register();
#ifdef GSSAPI
RETERR(dst__gssapi_init(&dst_t_func[DST_ALG_GSSAPI]));
#endif
-#if defined(OPENSSL) || defined(PKCS11CRYPTO)
- if (dst_entropy_pool != NULL) {
- isc_entropy_sethook(dst_random_getdata);
- }
-#endif /* defined(OPENSSL) || defined(PKCS11CRYPTO) */
+
+#if !defined(OPENSSL) && !defined(PKCS11CRYPTO)
+#error Either OpenSSL or PKCS#11 cryptographic provider needed.
+#endif /* !defined(OPENSSL) && !defined(PKCS11CRYPTO) */
dst_initialized = ISC_TRUE;
return (ISC_R_SUCCESS);
if (dst_t_func[i] != NULL && dst_t_func[i]->cleanup != NULL)
dst_t_func[i]->cleanup();
#if defined(OPENSSL) || defined(PKCS11CRYPTO)
- if (dst_entropy_pool != NULL) {
- isc_entropy_usehook(dst_entropy_pool, ISC_FALSE);
- isc_entropy_sethook(NULL);
- }
#ifdef OPENSSL
dst__openssl_destroy();
#elif PKCS11CRYPTO
#endif /* defined(OPENSSL) || defined(PKCS11CRYPTO) */
if (dst__memory_pool != NULL)
isc_mem_detach(&dst__memory_pool);
- if (dst_entropy_pool != NULL)
- isc_entropy_detach(&dst_entropy_pool);
}
isc_boolean_t
return (ISC_R_SUCCESS);
}
-isc_result_t
-dst__entropy_getdata(void *buf, unsigned int len, isc_boolean_t pseudo) {
- unsigned int flags = dst_entropy_flags;
-
- if (dst_entropy_pool == NULL)
- return (ISC_R_FAILURE);
-
- if (len == 0)
- return (ISC_R_SUCCESS);
-
-#ifdef PKCS11CRYPTO
- UNUSED(pseudo);
- UNUSED(flags);
- return (pk11_rand_bytes(buf, len));
-#else /* PKCS11CRYPTO */
- if (pseudo)
- flags &= ~ISC_ENTROPY_GOODONLY;
- else
- flags |= ISC_ENTROPY_BLOCKING;
- /* get entropy directly from crypto provider */
- return (dst_random_getdata(buf, len, NULL, flags));
-#endif /* PKCS11CRYPTO */
-}
-
-unsigned int
-dst__entropy_status(void) {
- /* Doesn't matter as it is not used in this case. */
- return (0);
-}
-
isc_buffer_t *
dst_key_tkeytoken(const dst_key_t *key) {
REQUIRE(VALID_KEY(key));
void dst__mem_free(void *ptr);
void * dst__mem_realloc(void *ptr, size_t size);
-/*%
- * Entropy retriever using the DST entropy pool.
- */
-isc_result_t dst__entropy_getdata(void *buf, unsigned int len,
- isc_boolean_t pseudo);
-
-/*
- * Entropy status hook.
- */
-unsigned int dst__entropy_status(void);
-
ISC_LANG_ENDDECLS
#endif /* DST_DST_INTERNAL_H */
#include <isc/buffer.h>
#include <isc/dir.h>
-#include <isc/entropy.h>
#include <isc/file.h>
#include <isc/lex.h>
#include <isc/mem.h>
#include <isc/hmacmd5.h>
#include <isc/hmacsha.h>
#include <isc/md5.h>
+#include <isc/random.h>
#include <isc/sha1.h>
#include <isc/mem.h>
#include <isc/safe.h>
}
static isc_result_t
-hmacmd5_generate(dst_key_t *key, int pseudorandom_ok, void (*callback)(int)) {
+hmacmd5_generate(dst_key_t *key, int pseudorandom_ok, void (*callback)(int))
+{
isc_buffer_t b;
isc_result_t ret;
unsigned int bytes;
unsigned char data[ISC_MD5_BLOCK_LENGTH];
+ UNUSED(pseudorandom_ok);
UNUSED(callback);
bytes = (key->key_size + 7) / 8;
}
memset(data, 0, ISC_MD5_BLOCK_LENGTH);
- ret = dst__entropy_getdata(data, bytes, ISC_TF(pseudorandom_ok != 0));
-
- if (ret != ISC_R_SUCCESS)
- return (ret);
+ isc_random_buf(data, bytes);
isc_buffer_init(&b, data, bytes);
isc_buffer_add(&b, bytes);
}
static isc_result_t
-hmacsha1_generate(dst_key_t *key, int pseudorandom_ok, void (*callback)(int)) {
+hmacsha1_generate(dst_key_t *key, int pseudorandom_ok, void (*callback)(int))
+{
isc_buffer_t b;
isc_result_t ret;
unsigned int bytes;
unsigned char data[ISC_SHA1_BLOCK_LENGTH];
+ UNUSED(pseudorandom_ok);
UNUSED(callback);
bytes = (key->key_size + 7) / 8;
}
memset(data, 0, ISC_SHA1_BLOCK_LENGTH);
- ret = dst__entropy_getdata(data, bytes, ISC_TF(pseudorandom_ok != 0));
-
- if (ret != ISC_R_SUCCESS)
- return (ret);
+ isc_random_buf(data, bytes);
isc_buffer_init(&b, data, bytes);
isc_buffer_add(&b, bytes);
}
static isc_result_t
-hmacsha224_generate(dst_key_t *key, int pseudorandom_ok,
- void (*callback)(int))
+hmacsha224_generate(dst_key_t *key, int pseudorandom_ok, void (*callback)(int))
{
isc_buffer_t b;
isc_result_t ret;
unsigned int bytes;
unsigned char data[ISC_SHA224_BLOCK_LENGTH];
+ UNUSED(pseudorandom_ok);
UNUSED(callback);
bytes = (key->key_size + 7) / 8;
}
memset(data, 0, ISC_SHA224_BLOCK_LENGTH);
- ret = dst__entropy_getdata(data, bytes, ISC_TF(pseudorandom_ok != 0));
-
- if (ret != ISC_R_SUCCESS)
- return (ret);
+ isc_random_buf(data, bytes);
isc_buffer_init(&b, data, bytes);
isc_buffer_add(&b, bytes);
}
static isc_result_t
-hmacsha256_generate(dst_key_t *key, int pseudorandom_ok,
- void (*callback)(int))
+hmacsha256_generate(dst_key_t *key, int pseudorandom_ok, void (*callback)(int))
{
isc_buffer_t b;
isc_result_t ret;
unsigned int bytes;
unsigned char data[ISC_SHA256_BLOCK_LENGTH];
+ UNUSED(pseudorandom_ok);
UNUSED(callback);
bytes = (key->key_size + 7) / 8;
}
memset(data, 0, ISC_SHA256_BLOCK_LENGTH);
- ret = dst__entropy_getdata(data, bytes, ISC_TF(pseudorandom_ok != 0));
-
- if (ret != ISC_R_SUCCESS)
- return (ret);
+ isc_random_buf(data, bytes);
isc_buffer_init(&b, data, bytes);
isc_buffer_add(&b, bytes);
}
static isc_result_t
-hmacsha384_generate(dst_key_t *key, int pseudorandom_ok,
- void (*callback)(int))
+hmacsha384_generate(dst_key_t *key, int pseudorandom_ok, void (*callback)(int))
{
isc_buffer_t b;
isc_result_t ret;
unsigned int bytes;
unsigned char data[ISC_SHA384_BLOCK_LENGTH];
+ UNUSED(pseudorandom_ok);
UNUSED(callback);
bytes = (key->key_size + 7) / 8;
}
memset(data, 0, ISC_SHA384_BLOCK_LENGTH);
- ret = dst__entropy_getdata(data, bytes, ISC_TF(pseudorandom_ok != 0));
-
- if (ret != ISC_R_SUCCESS)
- return (ret);
+ isc_random_buf(data, bytes);
isc_buffer_init(&b, data, bytes);
isc_buffer_add(&b, bytes);
}
static isc_result_t
-hmacsha512_generate(dst_key_t *key, int pseudorandom_ok,
- void (*callback)(int))
+hmacsha512_generate(dst_key_t *key, int pseudorandom_ok, void (*callback)(int))
{
isc_buffer_t b;
isc_result_t ret;
unsigned int bytes;
unsigned char data[ISC_SHA512_BLOCK_LENGTH];
+ UNUSED(pseudorandom_ok);
UNUSED(callback);
bytes = (key->key_size + 7) / 8;
}
memset(data, 0, ISC_SHA512_BLOCK_LENGTH);
- ret = dst__entropy_getdata(data, bytes, ISC_TF(pseudorandom_ok != 0));
-
- if (ret != ISC_R_SUCCESS)
- return (ret);
+ isc_random_buf(data, bytes);
isc_buffer_init(&b, data, bytes);
isc_buffer_add(&b, bytes);
#define DNS_DISPATCHOPT_FIXEDID 0x00000001U
isc_result_t
-dns_dispatchmgr_create(isc_mem_t *mctx, isc_entropy_t *entropy,
- dns_dispatchmgr_t **mgrp);
+dns_dispatchmgr_create(isc_mem_t *mctx, dns_dispatchmgr_t **mgrp);
/*%<
* Creates a new dispatchmgr object.
*
*
*\li mgrp != NULL && *mgrp == NULL
*
- *\li "entropy" may be NULL, in which case an insecure random generator
- * will be used. If it is non-NULL, it must be a valid entropy
- * source.
- *
* Returns:
*\li ISC_R_SUCCESS -- all ok
*
dns_name_t *domain;
gss_cred_id_t gsscred;
isc_mem_t *mctx;
- isc_entropy_t *ectx;
char *gssapi_keytab;
};
isc_result_t
-dns_tkeyctx_create(isc_mem_t *mctx, isc_entropy_t *ectx,
- dns_tkeyctx_t **tctxp);
+dns_tkeyctx_create(isc_mem_t *mctx, dns_tkeyctx_t **tctxp);
/*%<
* Create an empty TKEY context.
*
*** Functions
***/
isc_result_t
-dst_lib_init(isc_mem_t *mctx, isc_entropy_t *ectx,
- const char *engine, unsigned int eflags);
+dst_lib_init(isc_mem_t *mctx, const char *engine);
/*%<
* Initializes the DST subsystem.
*
* Requires:
* \li "mctx" is a valid memory context
- * \li "ectx" is a valid entropy context
*
* Returns:
* \li ISC_R_SUCCESS
* Releases all resources allocated by DST.
*/
-isc_result_t
-dst_random_getdata(void *data, unsigned int length,
- unsigned int *returned, unsigned int flags);
-/*%<
- * Gets random data from the random generator provided by the
- * crypto library.
- *
- * See isc_entropy_getdata() for parameter usage. Normally when
- * this function is available, it will be set up as a hook in the
- * entropy context, so that isc_entropy_getdata() is a front-end to
- * this function.
- *
- * Returns:
- * \li ISC_R_SUCCESS on success
- * \li DST_R_OPENSSLFAILURE, DST_R_CRYPTOFAILURE, or other codes on error
- */
-
isc_boolean_t
dst_algorithm_supported(unsigned int alg);
/*%<
#include <stddef.h>
-#include <isc/entropy.h>
#include <isc/hash.h>
#include <isc/mem.h>
#include <isc/msgcat.h>
static void
initialize(void) {
isc_result_t result;
- isc_entropy_t *ectx = NULL;
REQUIRE(initialize_done == ISC_FALSE);
result = dns_ecdb_register(dns_g_mctx, &dbimp);
if (result != ISC_R_SUCCESS)
goto cleanup_mctx;
- result = isc_entropy_create(dns_g_mctx, &ectx);
- if (result != ISC_R_SUCCESS)
- goto cleanup_db;
- result = dst_lib_init(dns_g_mctx, ectx, NULL, 0);
+ result = dst_lib_init(dns_g_mctx, NULL);
if (result != ISC_R_SUCCESS)
- goto cleanup_ectx;
+ goto cleanup_db;
result = isc_mutex_init(&reflock);
if (result != ISC_R_SUCCESS)
goto cleanup_dst;
- isc_entropy_detach(&ectx);
-
initialize_done = ISC_TRUE;
return;
cleanup_dst:
dst_lib_destroy();
- cleanup_ectx:
- if (ectx != NULL)
- isc_entropy_detach(&ectx);
cleanup_db:
if (dbimp != NULL)
dns_ecdb_unregister(&dbimp);
#include <config.h>
-#include <isc/entropy.h>
#include <isc/mem.h>
#include <isc/mutex.h>
#include <isc/mutexblock.h>
}
#endif
-isc_result_t
-dst_random_getdata(void *data, unsigned int length,
- unsigned int *returned, unsigned int flags)
-{
-#ifndef DONT_REQUIRE_DST_LIB_INIT
- INSIST(dst__memory_pool != NULL);
-#endif
- REQUIRE(data != NULL);
- REQUIRE(length > 0);
-
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- if ((flags & ISC_ENTROPY_GOODONLY) == 0) {
- if (RAND_pseudo_bytes((unsigned char *)data, (int)length) < 0)
- return (dst__openssl_toresult2("RAND_pseudo_bytes",
- DST_R_OPENSSLFAILURE));
- } else {
- if (RAND_bytes((unsigned char *)data, (int)length) != 1)
- return (dst__openssl_toresult2("RAND_bytes",
- DST_R_OPENSSLFAILURE));
- }
-#else
- UNUSED(flags);
-
- if (RAND_bytes((unsigned char *)data, (int)length) != 1)
- return (dst__openssl_toresult2("RAND_bytes",
- DST_R_OPENSSLFAILURE));
-#endif
- if (returned != NULL)
- *returned = length;
- return (ISC_R_SUCCESS);
-}
-
#endif /* OPENSSL */
/*! \file */
#include <string.h>
-#include <isc/entropy.h>
#include <isc/mem.h>
+#include <isc/random.h>
#include <isc/safe.h>
#include <isc/sha1.h>
#include <isc/util.h>
openssldsa_generate(dst_key_t *key, int unused, void (*callback)(int)) {
DSA *dsa;
unsigned char rand_array[ISC_SHA1_DIGESTLENGTH];
- isc_result_t result;
BN_GENCB *cb;
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
BN_GENCB _cb;
UNUSED(unused);
- result = dst__entropy_getdata(rand_array, sizeof(rand_array),
- ISC_FALSE);
- if (result != ISC_R_SUCCESS)
- return (result);
+ isc_random_buf(rand_array, sizeof(rand_array));
dsa = DSA_new();
if (dsa == NULL)
#if defined(OPENSSL) && defined(HAVE_OPENSSL_ECDSA)
-#include <isc/entropy.h>
#include <isc/mem.h>
#include <isc/safe.h>
#include <isc/sha2.h>
#if defined(OPENSSL) && \
(defined(HAVE_OPENSSL_ED25519) || defined(HAVE_OPENSSL_ED448))
-#include <isc/entropy.h>
#include <isc/mem.h>
#include <isc/safe.h>
#include <isc/sha2.h>
#if defined(OPENSSL) && defined(HAVE_OPENSSL_GOST)
-#include <isc/entropy.h>
#include <isc/mem.h>
#include <isc/safe.h>
#include <isc/string.h>
#ifdef OPENSSL
#include <config.h>
-#include <isc/entropy.h>
#include <isc/md5.h>
#include <isc/mem.h>
#include <isc/safe.h>
return (fallback);
}
-isc_result_t
-dst_random_getdata(void *data, unsigned int length,
- unsigned int *returned, unsigned int flags) {
- isc_result_t ret;
-
-#ifndef DONT_REQUIRE_DST_LIB_INIT
- INSIST(dst__memory_pool != NULL);
-#endif
- REQUIRE(data != NULL);
- REQUIRE(length > 0);
- UNUSED(flags);
-
- ret = pk11_rand_bytes(data, (int) length);
- if ((ret == ISC_R_SUCCESS) && (returned != NULL))
- *returned = length;
- return (ret);
-}
-
#endif /* PKCS11CRYPTO */
/*! \file */
#include <string.h>
-#include <isc/entropy.h>
#include <isc/mem.h>
#include <isc/safe.h>
#include <isc/sha1.h>
#if defined(PKCS11CRYPTO) && defined(HAVE_PKCS11_ECDSA)
-#include <isc/entropy.h>
#include <isc/mem.h>
#include <isc/safe.h>
#include <isc/sha2.h>
#if defined(PKCS11CRYPTO) && \
defined(HAVE_PKCS11_ED25519) || defined(HAVE_PKCS11_ED448)
-#include <isc/entropy.h>
#include <isc/mem.h>
#include <isc/safe.h>
#include <isc/sha2.h>
#if defined(PKCS11CRYPTO) && defined(HAVE_PKCS11_GOST)
-#include <isc/entropy.h>
#include <isc/mem.h>
#include <isc/safe.h>
#include <isc/sha2.h>
#include <config.h>
-#include <isc/entropy.h>
#include <isc/md5.h>
#include <isc/sha1.h>
#include <isc/sha2.h>
isc_stdtime_get(&now);
if (isc_mem_isovermem(rbtdb->common.mctx)) {
- isc_uint32_t val;
+ isc_uint32_t val = isc_random();
- isc_random_get(&val);
/*
* XXXDCL Could stand to have a better policy, like LRU.
*/
* 'Random' order.
*/
for (i = 0; i < count; i++) {
- isc_uint32_t val;
+ isc_uint32_t val = isc_random();
- isc_random_get(&val);
choice = i + (val % (count - i));
rdata = in[i];
in[i] = in[choice];
unsigned int j;
val = rdataset->count;
- if (val == ISC_UINT32_MAX)
- isc_random_get(&val);
+ if (val == ISC_UINT32_MAX) {
+ val = isc_random();
+ }
j = val % count;
for (i = 0; i < count; i++) {
if (order != NULL)
* slow. We don't know. Increase the RTT.
*/
INSIST(no_response);
- isc_random_get(&value);
+ value = isc_random();
if (query->addrinfo->srtt > 800000)
mask = 0x3fff;
else if (query->addrinfo->srtt > 400000)
#include <isc/buffer.h>
#include <isc/dir.h>
-#include <isc/entropy.h>
#include <isc/lex.h>
#include <isc/mem.h>
#include <isc/once.h>
atf_test_program{name='dispatch_test'}
atf_test_program{name='dnstap_test'}
atf_test_program{name='dst_test'}
-atf_test_program{name='dstrandom_test'}
atf_test_program{name='geoip_test'}
atf_test_program{name='gost_test'}
atf_test_program{name='keytable_test'}
dnstap_test.c \
dst_test.c \
dnstest.c \
- dstrandom_test.c \
geoip_test.c \
gost_test.c \
keytable_test.c \
dispatch_test@EXEEXT@ \
dnstap_test@EXEEXT@ \
dst_test@EXEEXT@ \
- dstrandom_test@EXEEXT@ \
geoip_test@EXEEXT@ \
gost_test@EXEEXT@ \
keytable_test@EXEEXT@ \
zt_test.@O@ dnstest.@O@ ${DNSLIBS} \
${ISCLIBS} ${LIBS}
-dstrandom_test@EXEEXT@: dstrandom_test.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
- ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
- dstrandom_test.@O@ ${DNSLIBS} \
- ${ISCLIBS} ${ISCPK11LIBS} ${LIBS}
-
unit::
sh ${top_builddir}/unit/unittest.sh
unsigned int attrs;
dns_dispatch_t *disp = NULL;
- result = dns_dispatchmgr_create(mctx, NULL, &dispatchmgr);
+ result = dns_dispatchmgr_create(mctx, &dispatchmgr);
if (result != ISC_R_SUCCESS)
return (result);
result = isc_task_create(taskmgr, 0, &task);
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
- result = dns_dispatchmgr_create(mctx, NULL, &dispatchmgr);
+ result = dns_dispatchmgr_create(mctx, &dispatchmgr);
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
ina.s_addr = htonl(INADDR_LOOPBACK);
#include <isc/app.h>
#include <isc/buffer.h>
-#include <isc/entropy.h>
#include <isc/file.h>
#include <isc/hash.h>
#include <isc/hex.h>
#include "dnstest.h"
isc_mem_t *mctx = NULL;
-isc_entropy_t *ectx = NULL;
isc_log_t *lctx = NULL;
isc_taskmgr_t *taskmgr = NULL;
isc_task_t *maintask = NULL;
if (debug_mem_record)
isc_mem_debugging |= ISC_MEM_DEBUGRECORD;
CHECK(isc_mem_create(0, 0, &mctx));
- CHECK(isc_entropy_create(mctx, &ectx));
- CHECK(dst_lib_init(mctx, ectx, NULL, ISC_ENTROPY_BLOCKING));
+ CHECK(dst_lib_init(mctx, NULL));
dst_active = ISC_TRUE;
if (logfile != NULL) {
dst_lib_destroy();
dst_active = ISC_FALSE;
}
- if (ectx != NULL)
- isc_entropy_detach(&ectx);
cleanup_managers();
#include <config.h>
#include <isc/buffer.h>
-#include <isc/entropy.h>
#include <isc/hash.h>
#include <isc/log.h>
#include <isc/mem.h>
#define ZONECHANGE_SENTINEL { 0, NULL, 0, NULL, NULL }
extern isc_mem_t *mctx;
-extern isc_entropy_t *ectx;
extern isc_log_t *lctx;
extern isc_taskmgr_t *taskmgr;
extern isc_task_t *maintask;
+++ /dev/null
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-/*! \file */
-
-#include <config.h>
-
-#include <atf-c.h>
-
-#include <stdio.h>
-#include <string.h>
-#include <unistd.h>
-
-#include <isc/entropy.h>
-#include <isc/mem.h>
-#include <isc/platform.h>
-#include <isc/util.h>
-
-#include <dst/dst.h>
-
-isc_mem_t *mctx = NULL;
-isc_entropy_t *ectx = NULL;
-unsigned char buffer[128];
-
-ATF_TC(isc_entropy_getdata);
-ATF_TC_HEAD(isc_entropy_getdata, tc) {
- atf_tc_set_md_var(tc, "descr",
- "isc_entropy_getdata() examples");
- atf_tc_set_md_var(tc, "X-randomfile",
- "testdata/dstrandom/random.data");
-}
-ATF_TC_BODY(isc_entropy_getdata, tc) {
- isc_result_t result;
- unsigned int returned, status;
- int ret;
- const char *randomfile = atf_tc_get_md_var(tc, "X-randomfile");
-
- isc_mem_debugging |= ISC_MEM_DEBUGRECORD;
- result = isc_mem_create(0, 0, &mctx);
- ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
- result = isc_entropy_create(mctx, &ectx);
- ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
- result = dst_lib_init(mctx, ectx, NULL, 0);
- ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
-
- isc_entropy_usehook(ectx, ISC_TRUE);
-
- returned = 0;
- result = isc_entropy_getdata(ectx, buffer, sizeof(buffer),
- &returned, 0);
- ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
- ATF_REQUIRE(returned == sizeof(buffer));
-
- status = isc_entropy_status(ectx);
- ATF_REQUIRE_EQ(status, 0);
-
- isc_entropy_usehook(ectx, ISC_FALSE);
-
- ret = chdir(TESTS);
- ATF_REQUIRE_EQ(ret, 0);
-
- result = isc_entropy_createfilesource(ectx, randomfile);
- ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
-
- returned = 0;
- result = isc_entropy_getdata(ectx, buffer, sizeof(buffer),
- &returned, 0);
- ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
- ATF_REQUIRE(returned == sizeof(buffer));
-
- status = isc_entropy_status(ectx);
- ATF_REQUIRE(status > 0);
-
- dst_lib_destroy();
- isc_entropy_detach(&ectx);
- ATF_REQUIRE(ectx == NULL);
- isc_mem_destroy(&mctx);
- ATF_REQUIRE(mctx == NULL);
-}
-
-/*
- * Main
- */
-ATF_TP_ADD_TCS(tp) {
- ATF_TP_ADD_TC(tp, isc_entropy_getdata);
-
- return (atf_no_error());
-}
-
#include <isc/app.h>
#include <isc/buffer.h>
-#include <isc/entropy.h>
#include <isc/file.h>
#include <isc/hash.h>
#include <isc/mem.h>
int fd;
off_t filesize = 0;
char *base, *p, *q;
- isc_uint32_t r;
int i;
UNUSED(tc);
close(fd);
/* Randomly fuzz a portion of the memory */
- isc_random_get(&r);
- p = base + (r % filesize);
+ p = base + (isc_random() % filesize);
q = base + filesize;
- isc_random_get(&r);
- q -= (r % (q - p));
+ q -= (isc_random() % (q - p));
while (p++ < q) {
- isc_random_get(&r);
- *p = r & 0xff;
+ *p = isc_random() & 0xff;
}
result = dns_rbt_deserialize_tree(base, filesize, 0, mctx,
#include <isc/app.h>
#include <isc/buffer.h>
-#include <isc/entropy.h>
#include <isc/file.h>
#include <isc/hash.h>
#include <isc/mem.h>
dns_name_t *name;
for (j = 0; j < 32; j++) {
- isc_uint32_t v;
- isc_random_get(&v);
+ isc_uint32_t v = isc_random();
namebuf[j] = 'a' + (v % 26);
}
namebuf[32] = '.';
isc_result_t result;
for (j = 0; j < 32; j++) {
- isc_uint32_t v;
- isc_random_get(&v);
+ isc_uint32_t v = isc_random();
namebuf[j] = 'a' + (v % 26);
}
namebuf[32] = '.';
dns_name_t *name;
isc_result_t result;
- isc_random_get(&node);
-
- node %= *names_count;
+ node = isc_random_uniform(*names_count);
dns_test_namefromstring(names[node], &fname);
name = dns_fixedname_name(&fname);
/* Repeat the insert/remove test some 4096 times */
for (i = 0; i < 4096; i++) {
isc_uint32_t num_names;
- isc_random_get(&num_names);
+ num_names = isc_random();
if (names_count < 1024) {
num_names %= 1024 - names_count;
num_names++;
insert_nodes(mytree, names, &names_count, num_names);
check_tree(mytree, names, names_count, __LINE__);
- isc_random_get(&num_names);
+ num_names = isc_random();
if (names_count > 0) {
num_names %= names_count;
num_names++;
result = dns_test_begin(NULL, ISC_TRUE);
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
- result = dns_dispatchmgr_create(mctx, NULL, &dispatchmgr);
+ result = dns_dispatchmgr_create(mctx, &dispatchmgr);
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
result = dns_test_makeview("view", &view);
#include <config.h>
#include <isc/buffer.h>
-#include <isc/entropy.h>
#include <isc/md5.h>
#include <isc/mem.h>
#include <isc/print.h>
+#include <isc/random.h>
#include <isc/string.h>
#include <isc/util.h>
}
isc_result_t
-dns_tkeyctx_create(isc_mem_t *mctx, isc_entropy_t *ectx, dns_tkeyctx_t **tctxp)
+dns_tkeyctx_create(isc_mem_t *mctx, dns_tkeyctx_t **tctxp)
{
dns_tkeyctx_t *tctx;
REQUIRE(mctx != NULL);
- REQUIRE(ectx != NULL);
REQUIRE(tctxp != NULL && *tctxp == NULL);
tctx = isc_mem_get(mctx, sizeof(dns_tkeyctx_t));
return (ISC_R_NOMEMORY);
tctx->mctx = NULL;
isc_mem_attach(mctx, &tctx->mctx);
- tctx->ectx = NULL;
- isc_entropy_attach(ectx, &tctx->ectx);
tctx->dhkey = NULL;
tctx->domain = NULL;
tctx->gsscred = NULL;
}
if (tctx->gsscred != NULL)
dst_gssapi_releasecred(&tctx->gsscred);
- isc_entropy_detach(&tctx->ectx);
isc_mem_put(mctx, tctx, sizeof(dns_tkeyctx_t));
isc_mem_detach(&mctx);
*tctxp = NULL;
if (randomdata == NULL)
goto failure;
- result = dst__entropy_getdata(randomdata, TKEY_RANDOM_AMOUNT,
- ISC_FALSE);
- if (result != ISC_R_SUCCESS) {
- tkey_log("process_dhtkey: failed to obtain entropy: %s",
- isc_result_totext(result));
- goto failure;
- }
+ isc_random_buf(randomdata, TKEY_RANDOM_AMOUNT);
r.base = randomdata;
r.length = TKEY_RANDOM_AMOUNT;
isc_buffer_t b;
unsigned int i, j;
- result = isc_entropy_getdata(tctx->ectx,
- randomdata,
- sizeof(randomdata),
- NULL, 0);
- if (result != ISC_R_SUCCESS)
- goto failure;
+ isc_random_buf(randomdata, sizeof(randomdata));
for (i = 0, j = 0; i < sizeof(randomdata); i++) {
unsigned char val = randomdata[i];
dst_lib_destroy
dst_lib_init
dst_lib_initmsgcat
-@IF PKCS11
-dst_random_getdata
-@ELSE PKCS11
-@IF OPENSSL
-dst_random_getdata
-@END OPENSSL
-@END PKCS11
dst_region_computeid
dst_region_computerid
dst_result_register
{
dns_xfrin_ctx_t *xfr = NULL;
isc_result_t result;
- isc_uint32_t tmp;
xfr = isc_mem_get(mctx, sizeof(*xfr));
if (xfr == NULL)
dns_name_init(&xfr->name, NULL);
xfr->rdclass = rdclass;
- isc_random_get(&tmp);
xfr->checkid = ISC_TRUE;
- xfr->id = (isc_uint16_t)(tmp & 0xffff);
+ xfr->id = (isc_uint16_t)(isc_random() & 0xffff);
xfr->reqtype = reqtype;
xfr->dscp = dscp;
do { \
isc_interval_t _i; \
isc_uint32_t _j; \
- _j = isc_random_jitter((b), (b)/4); \
+ _j = (b) - isc_random_uniform((b)/4); \
isc_interval_set(&_i, _j, 0); \
if (isc_time_add((a), &_i, (c)) != ISC_R_SUCCESS) { \
dns_zone_log(zone, ISC_LOG_WARNING, \
resign = rdataset.resign - zone->sigresigninginterval;
dns_rdataset_disassociate(&rdataset);
- isc_random_get(&nanosecs);
+ nanosecs = isc_random();
nanosecs %= 1000000000;
isc_time_set(&zone->resigntime, resign, nanosecs);
cleanup:
DNS_ZONE_TIME_ADD(&now, zone->retry,
&zone->expiretime);
- delay = isc_random_jitter(zone->retry,
- (zone->retry * 3) / 4);
+ delay = zone->retry - isc_random_uniform((zone->retry * 3) / 4);
DNS_ZONE_TIME_ADD(&now, delay, &zone->refreshtime);
if (isc_time_compare(&zone->refreshtime,
&zone->expiretime) >= 0)
isc_boolean_t check_ksk, keyset_kskonly = ISC_FALSE;
isc_result_t result;
isc_stdtime_t now, inception, soaexpire, expire, stop;
- isc_uint32_t jitter;
unsigned int i;
unsigned int nkeys = 0;
unsigned int resign;
* clumped. We don't do this for each add_sigs() call as
* we still want some clustering to occur.
*/
- isc_random_get(&jitter);
- expire = soaexpire - jitter % 3600 - 1;
+ expire = soaexpire - isc_random_uniform(3600) - 1;
stop = now + 5;
check_ksk = DNS_ZONE_OPTION(zone, DNS_ZONEOPT_UPDATECHECKKSK);
isc_boolean_t first;
isc_result_t result;
isc_stdtime_t now, inception, soaexpire, expire;
- isc_uint32_t jitter;
unsigned int i;
unsigned int nkeys = 0;
isc_uint32_t nodes;
* clumped. We don't do this for each add_sigs() call as
* we still want some clustering to occur.
*/
- isc_random_get(&jitter);
- expire = soaexpire - jitter % 3600;
+ expire = soaexpire - isc_random_uniform(3600);
check_ksk = DNS_ZONE_OPTION(zone, DNS_ZONEOPT_UPDATECHECKKSK);
keyset_kskonly = DNS_ZONE_OPTION(zone, DNS_ZONEOPT_DNSKEYKSKONLY);
isc_boolean_t first;
isc_result_t result;
isc_stdtime_t now, inception, soaexpire, expire;
- isc_uint32_t jitter;
unsigned int i, j;
unsigned int nkeys = 0;
isc_uint32_t nodes;
* clumped. We don't do this for each add_sigs() call as
* we still want some clustering to occur.
*/
- isc_random_get(&jitter);
- expire = soaexpire - jitter % 3600;
+ expire = soaexpire - isc_random_uniform(3600);
/*
* We keep pulling nodes off each iterator in turn until
* Setting this to the retry time will do that. XXXMLG
* If we are successful it will be reset using zone->refresh.
*/
- isc_interval_set(&i, isc_random_jitter(zone->retry, zone->retry / 4),
+ isc_interval_set(&i, zone->retry - isc_random_uniform(zone->retry / 4),
0);
result = isc_time_nowplusinterval(&zone->refreshtime, &i);
if (result != ISC_R_SUCCESS)
# Alphabetically
UNIXOBJS = @ISC_ISCIPV6_O@ @ISC_ISCPK11_API_O@ \
- unix/app.@O@ unix/dir.@O@ unix/entropy.@O@ unix/errno.@O@ \
+ unix/app.@O@ unix/dir.@O@ unix/errno.@O@ \
unix/errno2result.@O@ unix/file.@O@ unix/fsaccess.@O@ \
unix/interfaceiter.@O@ unix/keyboard.@O@ unix/meminfo.@O@ \
unix/net.@O@ unix/os.@O@ unix/resource.@O@ unix/socket.@O@ \
${UNIXOBJS} ${NLSOBJS} ${THREADOBJS}
SYMTBLOBJS = backtrace-emptytbl.@O@
-CHACHASRCS = chacha_private.h
-
# Alphabetically
SRCS = @ISC_EXTRA_SRCS@ @ISC_PK11_C@ @ISC_PK11_RESULT_C@ \
aes.c assertions.c backtrace.c base32.c base64.c bind9.c \
lex.c lfsr.c lib.c log.c \
md5.c mem.c mutexblock.c \
netaddr.c netscope.c pool.c \
- parseint.c portset.c quota.c radix.c random.c ${CHACHASRCS} \
+ parseint.c portset.c quota.c radix.c random.c \
ratelimiter.c refcount.c region.c regex.c result.c rwlock.c \
safe.c serial.c sha1.c sha2.c sockaddr.c stats.c string.c \
strtoul.c symtab.c task.c taskpool.c timer.c \
+++ /dev/null
-/*
- * Taken from OpenBSD CVS src/lib/libc/crypt/chacha_private.h on
- * May 12, 2014.
- */
-
-/*
-chacha-merged.c version 20080118
-D. J. Bernstein
-Public domain.
-*/
-
-typedef unsigned char u8;
-typedef unsigned int u32;
-
-typedef struct
-{
- u32 input[16]; /* could be compressed */
-} chacha_ctx;
-
-#define U8C(v) (v##U)
-#define U32C(v) (v##U)
-
-#define U8V(v) ((u8)(v) & U8C(0xFF))
-#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF))
-
-#define ROTL32(v, n) \
- (U32V((v) << (n)) | ((v) >> (32 - (n))))
-
-#define U8TO32_LITTLE(p) \
- (((u32)((p)[0]) ) | \
- ((u32)((p)[1]) << 8) | \
- ((u32)((p)[2]) << 16) | \
- ((u32)((p)[3]) << 24))
-
-#define U32TO8_LITTLE(p, v) \
- do { \
- (p)[0] = U8V((v) ); \
- (p)[1] = U8V((v) >> 8); \
- (p)[2] = U8V((v) >> 16); \
- (p)[3] = U8V((v) >> 24); \
- } while (0)
-
-#define ROTATE(v,c) (ROTL32(v,c))
-#define XOR(v,w) ((v) ^ (w))
-#define PLUS(v,w) (U32V((v) + (w)))
-#define PLUSONE(v) (PLUS((v),1))
-
-#define QUARTERROUND(a,b,c,d) \
- a = PLUS(a,b); d = ROTATE(XOR(d,a),16); \
- c = PLUS(c,d); b = ROTATE(XOR(b,c),12); \
- a = PLUS(a,b); d = ROTATE(XOR(d,a), 8); \
- c = PLUS(c,d); b = ROTATE(XOR(b,c), 7);
-
-static const char sigma[16] = { 'e', 'x', 'p', 'a', 'n', 'd', ' ', '3',
- '2', '-', 'b', 'y', 't', 'e', ' ', 'k' };
-static const char tau[16] = { 'e', 'x', 'p', 'a', 'n', 'd', ' ', '1',
- '6', '-', 'b', 'y', 't', 'e', ' ', 'k' };
-
-static void
-chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits,u32 ivbits)
-{
- const char *constants;
-
- UNUSED(ivbits);
-
- x->input[4] = U8TO32_LITTLE(k + 0);
- x->input[5] = U8TO32_LITTLE(k + 4);
- x->input[6] = U8TO32_LITTLE(k + 8);
- x->input[7] = U8TO32_LITTLE(k + 12);
- if (kbits == 256) { /* recommended */
- k += 16;
- constants = sigma;
- } else { /* kbits == 128 */
- constants = tau;
- }
- x->input[8] = U8TO32_LITTLE(k + 0);
- x->input[9] = U8TO32_LITTLE(k + 4);
- x->input[10] = U8TO32_LITTLE(k + 8);
- x->input[11] = U8TO32_LITTLE(k + 12);
- x->input[0] = U8TO32_LITTLE(constants + 0);
- x->input[1] = U8TO32_LITTLE(constants + 4);
- x->input[2] = U8TO32_LITTLE(constants + 8);
- x->input[3] = U8TO32_LITTLE(constants + 12);
-}
-
-static void
-chacha_ivsetup(chacha_ctx *x,const u8 *iv)
-{
- x->input[12] = 0;
- x->input[13] = 0;
- x->input[14] = U8TO32_LITTLE(iv + 0);
- x->input[15] = U8TO32_LITTLE(iv + 4);
-}
-
-static void
-chacha_encrypt_bytes(chacha_ctx *x,const u8 *m,u8 *c,u32 bytes)
-{
- u32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15;
- u32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15;
- u8 *ctarget = NULL;
- u8 tmp[64];
- u_int i;
-
- if (!bytes) return;
-
- j0 = x->input[0];
- j1 = x->input[1];
- j2 = x->input[2];
- j3 = x->input[3];
- j4 = x->input[4];
- j5 = x->input[5];
- j6 = x->input[6];
- j7 = x->input[7];
- j8 = x->input[8];
- j9 = x->input[9];
- j10 = x->input[10];
- j11 = x->input[11];
- j12 = x->input[12];
- j13 = x->input[13];
- j14 = x->input[14];
- j15 = x->input[15];
-
- for (;;) {
- if (bytes < 64) {
- for (i = 0;i < bytes;++i) tmp[i] = m[i];
- m = tmp;
- ctarget = c;
- c = tmp;
- }
- x0 = j0;
- x1 = j1;
- x2 = j2;
- x3 = j3;
- x4 = j4;
- x5 = j5;
- x6 = j6;
- x7 = j7;
- x8 = j8;
- x9 = j9;
- x10 = j10;
- x11 = j11;
- x12 = j12;
- x13 = j13;
- x14 = j14;
- x15 = j15;
- for (i = 20;i > 0;i -= 2) {
- QUARTERROUND( x0, x4, x8,x12)
- QUARTERROUND( x1, x5, x9,x13)
- QUARTERROUND( x2, x6,x10,x14)
- QUARTERROUND( x3, x7,x11,x15)
- QUARTERROUND( x0, x5,x10,x15)
- QUARTERROUND( x1, x6,x11,x12)
- QUARTERROUND( x2, x7, x8,x13)
- QUARTERROUND( x3, x4, x9,x14)
- }
- x0 = PLUS(x0,j0);
- x1 = PLUS(x1,j1);
- x2 = PLUS(x2,j2);
- x3 = PLUS(x3,j3);
- x4 = PLUS(x4,j4);
- x5 = PLUS(x5,j5);
- x6 = PLUS(x6,j6);
- x7 = PLUS(x7,j7);
- x8 = PLUS(x8,j8);
- x9 = PLUS(x9,j9);
- x10 = PLUS(x10,j10);
- x11 = PLUS(x11,j11);
- x12 = PLUS(x12,j12);
- x13 = PLUS(x13,j13);
- x14 = PLUS(x14,j14);
- x15 = PLUS(x15,j15);
-
-#ifndef KEYSTREAM_ONLY
- x0 = XOR(x0,U8TO32_LITTLE(m + 0));
- x1 = XOR(x1,U8TO32_LITTLE(m + 4));
- x2 = XOR(x2,U8TO32_LITTLE(m + 8));
- x3 = XOR(x3,U8TO32_LITTLE(m + 12));
- x4 = XOR(x4,U8TO32_LITTLE(m + 16));
- x5 = XOR(x5,U8TO32_LITTLE(m + 20));
- x6 = XOR(x6,U8TO32_LITTLE(m + 24));
- x7 = XOR(x7,U8TO32_LITTLE(m + 28));
- x8 = XOR(x8,U8TO32_LITTLE(m + 32));
- x9 = XOR(x9,U8TO32_LITTLE(m + 36));
- x10 = XOR(x10,U8TO32_LITTLE(m + 40));
- x11 = XOR(x11,U8TO32_LITTLE(m + 44));
- x12 = XOR(x12,U8TO32_LITTLE(m + 48));
- x13 = XOR(x13,U8TO32_LITTLE(m + 52));
- x14 = XOR(x14,U8TO32_LITTLE(m + 56));
- x15 = XOR(x15,U8TO32_LITTLE(m + 60));
-#endif
-
- j12 = PLUSONE(j12);
- if (!j12) {
- j13 = PLUSONE(j13);
- /* stopping at 2^70 bytes per nonce is user's responsibility */
- }
-
- U32TO8_LITTLE(c + 0,x0);
- U32TO8_LITTLE(c + 4,x1);
- U32TO8_LITTLE(c + 8,x2);
- U32TO8_LITTLE(c + 12,x3);
- U32TO8_LITTLE(c + 16,x4);
- U32TO8_LITTLE(c + 20,x5);
- U32TO8_LITTLE(c + 24,x6);
- U32TO8_LITTLE(c + 28,x7);
- U32TO8_LITTLE(c + 32,x8);
- U32TO8_LITTLE(c + 36,x9);
- U32TO8_LITTLE(c + 40,x10);
- U32TO8_LITTLE(c + 44,x11);
- U32TO8_LITTLE(c + 48,x12);
- U32TO8_LITTLE(c + 52,x13);
- U32TO8_LITTLE(c + 56,x14);
- U32TO8_LITTLE(c + 60,x15);
-
- if (bytes <= 64) {
- if (bytes < 64) {
- for (i = 0;i < bytes;++i) ctarget[i] = c[i];
- }
- x->input[12] = j12;
- x->input[13] = j13;
- return;
- }
- bytes -= 64;
- c += 64;
-#ifndef KEYSTREAM_ONLY
- m += 64;
-#endif
- }
-}
+++ /dev/null
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-
-/*! \file
- * \brief
- * This is the system independent part of the entropy module. It is
- * compiled via inclusion from the relevant OS source file, ie,
- * \link unix/entropy.c unix/entropy.c \endlink or win32/entropy.c.
- *
- * \author Much of this code is modeled after the NetBSD /dev/random implementation,
- * written by Michael Graff <explorer@netbsd.org>.
- */
-
-#include <errno.h>
-#include <fcntl.h>
-#include <stdio.h>
-
-#include <isc/buffer.h>
-#include <isc/entropy.h>
-#include <isc/keyboard.h>
-#include <isc/list.h>
-#include <isc/magic.h>
-#include <isc/mem.h>
-#include <isc/msgs.h>
-#include <isc/mutex.h>
-#include <isc/platform.h>
-#include <isc/print.h>
-#include <isc/region.h>
-#include <isc/safe.h>
-#include <isc/sha1.h>
-#include <isc/string.h>
-#include <isc/time.h>
-#include <isc/util.h>
-
-#ifdef PKCS11CRYPTO
-#include <pk11/pk11.h>
-#endif
-
-#define ENTROPY_MAGIC ISC_MAGIC('E', 'n', 't', 'e')
-#define SOURCE_MAGIC ISC_MAGIC('E', 'n', 't', 's')
-
-#define VALID_ENTROPY(e) ISC_MAGIC_VALID(e, ENTROPY_MAGIC)
-#define VALID_SOURCE(s) ISC_MAGIC_VALID(s, SOURCE_MAGIC)
-
-/***
- *** "constants." Do not change these unless you _really_ know what
- *** you are doing.
- ***/
-
-/*%
- * Size of entropy pool in 32-bit words. This _MUST_ be a power of 2.
- */
-#define RND_POOLWORDS 128
-/*% Pool in bytes. */
-#define RND_POOLBYTES (RND_POOLWORDS * 4)
-/*% Pool in bits. */
-#define RND_POOLBITS (RND_POOLWORDS * 32)
-
-/*%
- * Number of bytes returned per hash. This must be true:
- * threshold * 2 <= digest_size_in_bytes
- */
-#define RND_ENTROPY_THRESHOLD 10
-#define THRESHOLD_BITS (RND_ENTROPY_THRESHOLD * 8)
-
-/*%
- * Size of the input event queue in samples.
- */
-#define RND_EVENTQSIZE 32
-
-/*%
- * The number of times we'll "reseed" for pseudorandom seeds. This is an
- * extremely weak pseudorandom seed. If the caller is using lots of
- * pseudorandom data and they cannot provide a stronger random source,
- * there is little we can do other than hope they're smart enough to
- * call _adddata() with something better than we can come up with.
- */
-#define RND_INITIALIZE 128
-
-/*% Entropy Pool */
-typedef struct {
- isc_uint32_t cursor; /*%< current add point in the pool */
- isc_uint32_t entropy; /*%< current entropy estimate in bits */
- isc_uint32_t pseudo; /*%< bits extracted in pseudorandom */
- isc_uint32_t rotate; /*%< how many bits to rotate by */
- isc_uint32_t pool[RND_POOLWORDS]; /*%< random pool data */
-} isc_entropypool_t;
-
-struct isc_entropy {
- unsigned int magic;
- isc_mem_t *mctx;
- isc_mutex_t lock;
- unsigned int refcnt;
- isc_uint32_t initialized;
- isc_uint32_t initcount;
- isc_entropypool_t pool;
- isc_boolean_t usehook;
- unsigned int nsources;
- isc_entropysource_t *nextsource;
- ISC_LIST(isc_entropysource_t) sources;
-};
-
-/*% Global Hook */
-static isc_entropy_getdata_t hook;
-
-/*% Sample Queue */
-typedef struct {
- isc_uint32_t last_time; /*%< last time recorded */
- isc_uint32_t last_delta; /*%< last delta value */
- isc_uint32_t last_delta2; /*%< last delta2 value */
- isc_uint32_t nsamples; /*%< number of samples filled in */
- isc_uint32_t *samples; /*%< the samples */
- isc_uint32_t *extra; /*%< extra samples added in */
-} sample_queue_t;
-
-typedef struct {
- sample_queue_t samplequeue;
-} isc_entropysamplesource_t;
-
-typedef struct {
- isc_boolean_t start_called;
- isc_entropystart_t startfunc;
- isc_entropyget_t getfunc;
- isc_entropystop_t stopfunc;
- void *arg;
- sample_queue_t samplequeue;
-} isc_cbsource_t;
-
-typedef struct {
- FILESOURCE_HANDLE_TYPE handle;
-} isc_entropyfilesource_t;
-
-struct isc_entropysource {
- unsigned int magic;
- unsigned int type;
- isc_entropy_t *ent;
- isc_uint32_t total; /*%< entropy from this source */
- ISC_LINK(isc_entropysource_t) link;
- char name[32];
- isc_boolean_t bad;
- isc_boolean_t warn_keyboard;
- isc_keyboard_t kbd;
- union {
- isc_entropysamplesource_t sample;
- isc_entropyfilesource_t file;
- isc_cbsource_t callback;
- isc_entropyusocketsource_t usocket;
- } sources;
-};
-
-#define ENTROPY_SOURCETYPE_SAMPLE 1 /*%< Type is a sample source */
-#define ENTROPY_SOURCETYPE_FILE 2 /*%< Type is a file source */
-#define ENTROPY_SOURCETYPE_CALLBACK 3 /*%< Type is a callback source */
-#define ENTROPY_SOURCETYPE_USOCKET 4 /*%< Type is a Unix socket source */
-
-/*@{*/
-/*%
- * The random pool "taps"
- */
-#define TAP1 99
-#define TAP2 59
-#define TAP3 31
-#define TAP4 9
-#define TAP5 7
-/*@}*/
-
-/*@{*/
-/*%
- * Declarations for function provided by the system dependent sources that
- * include this file.
- */
-static void
-fillpool(isc_entropy_t *, unsigned int, isc_boolean_t);
-
-static int
-wait_for_sources(isc_entropy_t *);
-
-static void
-destroyfilesource(isc_entropyfilesource_t *source);
-
-static void
-destroyusocketsource(isc_entropyusocketsource_t *source);
-
-/*@}*/
-
-static void
-samplequeue_release(isc_entropy_t *ent, sample_queue_t *sq) {
- REQUIRE(sq->samples != NULL);
- REQUIRE(sq->extra != NULL);
-
- isc_mem_put(ent->mctx, sq->samples, RND_EVENTQSIZE * 4);
- isc_mem_put(ent->mctx, sq->extra, RND_EVENTQSIZE * 4);
- sq->samples = NULL;
- sq->extra = NULL;
-}
-
-static isc_result_t
-samplesource_allocate(isc_entropy_t *ent, sample_queue_t *sq) {
- sq->samples = isc_mem_get(ent->mctx, RND_EVENTQSIZE * 4);
- if (sq->samples == NULL)
- return (ISC_R_NOMEMORY);
-
- sq->extra = isc_mem_get(ent->mctx, RND_EVENTQSIZE * 4);
- if (sq->extra == NULL) {
- isc_mem_put(ent->mctx, sq->samples, RND_EVENTQSIZE * 4);
- sq->samples = NULL;
- return (ISC_R_NOMEMORY);
- }
-
- sq->nsamples = 0;
-
- return (ISC_R_SUCCESS);
-}
-
-/*%
- * Add in entropy, even when the value we're adding in could be
- * very large.
- */
-static inline void
-add_entropy(isc_entropy_t *ent, isc_uint32_t entropy) {
- /* clamp input. Yes, this must be done. */
- entropy = ISC_MIN(entropy, RND_POOLBITS);
- /* Add in the entropy we already have. */
- entropy += ent->pool.entropy;
- /* Clamp. */
- ent->pool.entropy = ISC_MIN(entropy, RND_POOLBITS);
-}
-
-/*%
- * Decrement the amount of entropy the pool has.
- */
-static inline void
-subtract_entropy(isc_entropy_t *ent, isc_uint32_t entropy) {
- entropy = ISC_MIN(entropy, ent->pool.entropy);
- ent->pool.entropy -= entropy;
-}
-
-/*!
- * Add in entropy, even when the value we're adding in could be
- * very large.
- */
-static inline void
-add_pseudo(isc_entropy_t *ent, isc_uint32_t pseudo) {
- /* clamp input. Yes, this must be done. */
- pseudo = ISC_MIN(pseudo, RND_POOLBITS * 8);
- /* Add in the pseudo we already have. */
- pseudo += ent->pool.pseudo;
- /* Clamp. */
- ent->pool.pseudo = ISC_MIN(pseudo, RND_POOLBITS * 8);
-}
-
-/*!
- * Decrement the amount of pseudo the pool has.
- */
-static inline void
-subtract_pseudo(isc_entropy_t *ent, isc_uint32_t pseudo) {
- pseudo = ISC_MIN(pseudo, ent->pool.pseudo);
- ent->pool.pseudo -= pseudo;
-}
-
-/*!
- * Add one word to the pool, rotating the input as needed.
- */
-static inline void
-entropypool_add_word(isc_entropypool_t *rp, isc_uint32_t val) {
- /*
- * Steal some values out of the pool, and xor them into the
- * word we were given.
- *
- * Mix the new value into the pool using xor. This will
- * prevent the actual values from being known to the caller
- * since the previous values are assumed to be unknown as well.
- */
- val ^= rp->pool[(rp->cursor + TAP1) & (RND_POOLWORDS - 1)];
- val ^= rp->pool[(rp->cursor + TAP2) & (RND_POOLWORDS - 1)];
- val ^= rp->pool[(rp->cursor + TAP3) & (RND_POOLWORDS - 1)];
- val ^= rp->pool[(rp->cursor + TAP4) & (RND_POOLWORDS - 1)];
- val ^= rp->pool[(rp->cursor + TAP5) & (RND_POOLWORDS - 1)];
- if (rp->rotate == 0)
- rp->pool[rp->cursor++] ^= val;
- else
- rp->pool[rp->cursor++] ^=
- ((val << rp->rotate) | (val >> (32 - rp->rotate)));
-
- /*
- * If we have looped around the pool, increment the rotate
- * variable so the next value will get xored in rotated to
- * a different position.
- * Increment by a value that is relatively prime to the word size
- * to try to spread the bits throughout the pool quickly when the
- * pool is empty.
- */
- if (rp->cursor == RND_POOLWORDS) {
- rp->cursor = 0;
- rp->rotate = (rp->rotate + 7) & 31;
- }
-}
-
-/*!
- * Add a buffer's worth of data to the pool.
- *
- * Requires that the lock is held on the entropy pool.
- */
-static void
-entropypool_adddata(isc_entropy_t *ent, void *p, unsigned int len,
- isc_uint32_t entropy)
-{
- isc_uint32_t val;
- unsigned long addr;
- isc_uint8_t *buf;
-
- /* Silly MSVC in 64 bit mode complains here... */
-#ifdef _WIN64
- addr = (unsigned long)((unsigned long long)p);
-#else
- addr = (unsigned long)p;
-#endif
- buf = p;
-
- if ((addr & 0x03U) != 0U) {
- val = 0;
- switch (len) {
- case 3:
- val = *buf++;
- len--;
- /* FALLTHROUGH */
- case 2:
- val = val << 8 | *buf++;
- len--;
- /* FALLTHROUGH */
- case 1:
- val = val << 8 | *buf++;
- len--;
- }
-
- entropypool_add_word(&ent->pool, val);
- }
-
- for (; len > 3; len -= 4) {
- val = *((isc_uint32_t *)buf);
-
- entropypool_add_word(&ent->pool, val);
- buf += 4;
- }
-
- if (len != 0) {
- val = 0;
- switch (len) {
- case 3:
- val = *buf++;
- /* FALLTHROUGH */
- case 2:
- val = val << 8 | *buf++;
- /* FALLTHROUGH */
- case 1:
- val = val << 8 | *buf++;
- }
-
- entropypool_add_word(&ent->pool, val);
- }
-
- add_entropy(ent, entropy);
- subtract_pseudo(ent, entropy);
-}
-
-static inline void
-reseed(isc_entropy_t *ent) {
- isc_time_t t;
- pid_t pid;
-
- if (ent->initcount == 0) {
- pid = getpid();
- entropypool_adddata(ent, &pid, sizeof(pid), 0);
- pid = getppid();
- entropypool_adddata(ent, &pid, sizeof(pid), 0);
- }
-
- /*!
- * After we've reseeded 100 times, only add new timing info every
- * 50 requests. This will keep us from using lots and lots of
- * CPU just to return bad pseudorandom data anyway.
- */
- if (ent->initcount > 100)
- if ((ent->initcount % 50) != 0)
- return;
-
- TIME_NOW(&t);
- entropypool_adddata(ent, &t, sizeof(t), 0);
- ent->initcount++;
-}
-
-static inline unsigned int
-estimate_entropy(sample_queue_t *sq, isc_uint32_t t) {
- isc_int32_t delta;
- isc_int32_t delta2;
- isc_int32_t delta3;
-
- /*!
- * If the time counter has overflowed, calculate the real difference.
- * If it has not, it is simpler.
- */
- if (t < sq->last_time)
- delta = UINT_MAX - sq->last_time + t;
- else
- delta = sq->last_time - t;
-
- if (delta < 0)
- delta = -delta;
-
- /*
- * Calculate the second and third order differentials
- */
- delta2 = sq->last_delta - delta;
- if (delta2 < 0)
- delta2 = -delta2;
-
- delta3 = sq->last_delta2 - delta2;
- if (delta3 < 0)
- delta3 = -delta3;
-
- sq->last_time = t;
- sq->last_delta = delta;
- sq->last_delta2 = delta2;
-
- /*
- * If any delta is 0, we got no entropy. If all are non-zero, we
- * might have something.
- */
- if (delta == 0 || delta2 == 0 || delta3 == 0)
- return 0;
-
- /*
- * We could find the smallest delta and claim we got log2(delta)
- * bits, but for now return that we found 1 bit.
- */
- return 1;
-}
-
-static unsigned int
-crunchsamples(isc_entropy_t *ent, sample_queue_t *sq) {
- unsigned int ns;
- unsigned int added;
-
- if (sq->nsamples < 6)
- return (0);
-
- added = 0;
- sq->last_time = sq->samples[0];
- sq->last_delta = 0;
- sq->last_delta2 = 0;
-
- /*
- * Prime the values by adding in the first 4 samples in. This
- * should completely initialize the delta calculations.
- */
- for (ns = 0; ns < 4; ns++)
- (void)estimate_entropy(sq, sq->samples[ns]);
-
- for (ns = 4; ns < sq->nsamples; ns++)
- added += estimate_entropy(sq, sq->samples[ns]);
-
- entropypool_adddata(ent, sq->samples, sq->nsamples * 4, added);
- entropypool_adddata(ent, sq->extra, sq->nsamples * 4, 0);
-
- /*
- * Move the last 4 samples into the first 4 positions, and start
- * adding new samples from that point.
- */
- for (ns = 0; ns < 4; ns++) {
- sq->samples[ns] = sq->samples[sq->nsamples - 4 + ns];
- sq->extra[ns] = sq->extra[sq->nsamples - 4 + ns];
- }
-
- sq->nsamples = 4;
-
- return (added);
-}
-
-static unsigned int
-get_from_callback(isc_entropysource_t *source, unsigned int desired,
- isc_boolean_t blocking)
-{
- isc_entropy_t *ent = source->ent;
- isc_cbsource_t *cbs = &source->sources.callback;
- unsigned int added;
- unsigned int got;
- isc_result_t result;
-
- if (desired == 0)
- return (0);
-
- if (source->bad)
- return (0);
-
- if (!cbs->start_called && cbs->startfunc != NULL) {
- result = cbs->startfunc(source, cbs->arg, blocking);
- if (result != ISC_R_SUCCESS)
- return (0);
- cbs->start_called = ISC_TRUE;
- }
-
- added = 0;
- result = ISC_R_SUCCESS;
- while (desired > 0 && result == ISC_R_SUCCESS) {
- result = cbs->getfunc(source, cbs->arg, blocking);
- if (result == ISC_R_QUEUEFULL) {
- got = crunchsamples(ent, &cbs->samplequeue);
- added += got;
- desired -= ISC_MIN(got, desired);
- result = ISC_R_SUCCESS;
- } else if (result != ISC_R_SUCCESS &&
- result != ISC_R_NOTBLOCKING)
- source->bad = ISC_TRUE;
-
- }
-
- return (added);
-}
-
-/*
- * Extract some number of bytes from the random pool, decreasing the
- * estimate of randomness as each byte is extracted.
- *
- * Do this by stiring the pool and returning a part of hash as randomness.
- * Note that no secrets are given away here since parts of the hash are
- * xored together before returned.
- *
- * Honor the request from the caller to only return good data, any data,
- * etc.
- */
-isc_result_t
-isc_entropy_getdata(isc_entropy_t *ent, void *data, unsigned int length,
- unsigned int *returned, unsigned int flags)
-{
- unsigned int i;
- isc_sha1_t hash;
- unsigned char digest[ISC_SHA1_DIGESTLENGTH];
- isc_uint32_t remain, deltae, count, total;
- isc_uint8_t *buf;
- isc_boolean_t goodonly, partial, blocking;
-
- REQUIRE(VALID_ENTROPY(ent));
- REQUIRE(data != NULL);
- REQUIRE(length > 0);
-
- goodonly = ISC_TF((flags & ISC_ENTROPY_GOODONLY) != 0);
- partial = ISC_TF((flags & ISC_ENTROPY_PARTIAL) != 0);
- blocking = ISC_TF((flags & ISC_ENTROPY_BLOCKING) != 0);
-
- REQUIRE(!partial || returned != NULL);
-
- LOCK(&ent->lock);
-
- if (ent->usehook && (hook != NULL)) {
- UNLOCK(&ent->lock);
- return (hook(data, length, returned, flags));
- }
-
- remain = length;
- buf = data;
- total = 0;
- while (remain != 0) {
- count = ISC_MIN(remain, RND_ENTROPY_THRESHOLD);
-
- /*
- * If we are extracting good data only, make certain we
- * have enough data in our pool for this pass. If we don't,
- * get some, and fail if we can't, and partial returns
- * are not ok.
- */
- if (goodonly) {
- unsigned int fillcount;
-
- fillcount = ISC_MAX(remain * 8, count * 8);
-
- /*
- * If, however, we have at least THRESHOLD_BITS
- * of entropy in the pool, don't block here. It is
- * better to drain the pool once in a while and
- * then refill it than it is to constantly keep the
- * pool full.
- */
- if (ent->pool.entropy >= THRESHOLD_BITS)
- fillpool(ent, fillcount, ISC_FALSE);
- else
- fillpool(ent, fillcount, blocking);
-
- /*
- * Verify that we got enough entropy to do one
- * extraction. If we didn't, bail.
- */
- if (ent->pool.entropy < THRESHOLD_BITS) {
- if (!partial)
- goto zeroize;
- else
- goto partial_output;
- }
- } else {
- /*
- * If we've extracted half our pool size in bits
- * since the last refresh, try to refresh here.
- */
- if (ent->initialized < THRESHOLD_BITS)
- fillpool(ent, THRESHOLD_BITS, blocking);
- else
- fillpool(ent, 0, ISC_FALSE);
-
- /*
- * If we've not initialized with enough good random
- * data, seed with our crappy code.
- */
- if (ent->initialized < THRESHOLD_BITS)
- reseed(ent);
- }
-
- isc_sha1_init(&hash);
- isc_sha1_update(&hash, (void *)(ent->pool.pool),
- RND_POOLBYTES);
- isc_sha1_final(&hash, digest);
-
- /*
- * Stir the extracted data (all of it) back into the pool.
- */
- entropypool_adddata(ent, digest, ISC_SHA1_DIGESTLENGTH, 0);
-
- for (i = 0; i < count; i++)
- buf[i] = digest[i] ^ digest[i + RND_ENTROPY_THRESHOLD];
-
- buf += count;
- remain -= count;
-
- deltae = count * 8;
- deltae = ISC_MIN(deltae, ent->pool.entropy);
- total += deltae;
- subtract_entropy(ent, deltae);
- add_pseudo(ent, count * 8);
- }
-
- partial_output:
- isc_safe_memwipe(digest, sizeof(digest));
-
- if (returned != NULL)
- *returned = (length - remain);
-
- UNLOCK(&ent->lock);
-
- return (ISC_R_SUCCESS);
-
- zeroize:
- /* put the entropy we almost extracted back */
- add_entropy(ent, total);
- isc_safe_memwipe(data, length);
- isc_safe_memwipe(digest, sizeof(digest));
- if (returned != NULL)
- *returned = 0;
-
- UNLOCK(&ent->lock);
-
- return (ISC_R_NOENTROPY);
-}
-
-static void
-isc_entropypool_init(isc_entropypool_t *pool) {
- pool->cursor = RND_POOLWORDS - 1;
- pool->entropy = 0;
- pool->pseudo = 0;
- pool->rotate = 0;
- memset(pool->pool, 0, RND_POOLBYTES);
-}
-
-static void
-isc_entropypool_invalidate(isc_entropypool_t *pool) {
- pool->cursor = 0;
- pool->entropy = 0;
- pool->pseudo = 0;
- pool->rotate = 0;
- memset(pool->pool, 0, RND_POOLBYTES);
-}
-
-isc_result_t
-isc_entropy_create(isc_mem_t *mctx, isc_entropy_t **entp) {
- isc_result_t result;
- isc_entropy_t *ent;
-
- REQUIRE(mctx != NULL);
- REQUIRE(entp != NULL && *entp == NULL);
-
- ent = isc_mem_get(mctx, sizeof(isc_entropy_t));
- if (ent == NULL)
- return (ISC_R_NOMEMORY);
-
- /*
- * We need a lock.
- */
- result = isc_mutex_init(&ent->lock);
- if (result != ISC_R_SUCCESS)
- goto errout;
-
- /*
- * From here down, no failures will/can occur.
- */
- ISC_LIST_INIT(ent->sources);
- ent->nextsource = NULL;
- ent->nsources = 0;
- ent->mctx = NULL;
- isc_mem_attach(mctx, &ent->mctx);
- ent->refcnt = 1;
- ent->initialized = 0;
- ent->initcount = 0;
- ent->usehook = ISC_FALSE;
- ent->magic = ENTROPY_MAGIC;
-
- isc_entropypool_init(&ent->pool);
-
- *entp = ent;
- return (ISC_R_SUCCESS);
-
- errout:
- isc_mem_put(mctx, ent, sizeof(isc_entropy_t));
-
- return (result);
-}
-
-/*!
- * Requires "ent" be locked.
- */
-static void
-destroysource(isc_entropysource_t **sourcep) {
- isc_entropysource_t *source;
- isc_entropy_t *ent;
- isc_cbsource_t *cbs;
-
- source = *sourcep;
- *sourcep = NULL;
- ent = source->ent;
-
- ISC_LIST_UNLINK(ent->sources, source, link);
- ent->nextsource = NULL;
- REQUIRE(ent->nsources > 0);
- ent->nsources--;
-
- switch (source->type) {
- case ENTROPY_SOURCETYPE_FILE:
- if (! source->bad)
- destroyfilesource(&source->sources.file);
- break;
- case ENTROPY_SOURCETYPE_USOCKET:
- if (! source->bad)
- destroyusocketsource(&source->sources.usocket);
- break;
- case ENTROPY_SOURCETYPE_SAMPLE:
- samplequeue_release(ent, &source->sources.sample.samplequeue);
- break;
- case ENTROPY_SOURCETYPE_CALLBACK:
- cbs = &source->sources.callback;
- if (cbs->start_called && cbs->stopfunc != NULL) {
- cbs->stopfunc(source, cbs->arg);
- cbs->start_called = ISC_FALSE;
- }
- samplequeue_release(ent, &cbs->samplequeue);
- break;
- }
-
- isc_safe_memwipe(source, sizeof(*source));
- isc_mem_put(ent->mctx, source, sizeof(*source));
-}
-
-static inline isc_boolean_t
-destroy_check(isc_entropy_t *ent) {
- isc_entropysource_t *source;
-
- if (ent->refcnt > 0)
- return (ISC_FALSE);
-
- source = ISC_LIST_HEAD(ent->sources);
- while (source != NULL) {
- switch (source->type) {
- case ENTROPY_SOURCETYPE_FILE:
- case ENTROPY_SOURCETYPE_USOCKET:
- break;
- default:
- return (ISC_FALSE);
- }
- source = ISC_LIST_NEXT(source, link);
- }
-
- return (ISC_TRUE);
-}
-
-static void
-destroy(isc_entropy_t **entp) {
- isc_entropy_t *ent;
- isc_entropysource_t *source;
- isc_mem_t *mctx;
-
- REQUIRE(entp != NULL && *entp != NULL);
- ent = *entp;
- *entp = NULL;
-
- LOCK(&ent->lock);
-
- REQUIRE(ent->refcnt == 0);
-
- /*
- * Here, detach non-sample sources.
- */
- source = ISC_LIST_HEAD(ent->sources);
- while (source != NULL) {
- switch(source->type) {
- case ENTROPY_SOURCETYPE_FILE:
- case ENTROPY_SOURCETYPE_USOCKET:
- destroysource(&source);
- break;
- }
- source = ISC_LIST_HEAD(ent->sources);
- }
-
- /*
- * If there are other types of sources, we've found a bug.
- */
- REQUIRE(ISC_LIST_EMPTY(ent->sources));
-
- mctx = ent->mctx;
-
- isc_entropypool_invalidate(&ent->pool);
-
- UNLOCK(&ent->lock);
-
- DESTROYLOCK(&ent->lock);
-
- isc_safe_memwipe(ent, sizeof(*ent));
- isc_mem_put(mctx, ent, sizeof(*ent));
- isc_mem_detach(&mctx);
-}
-
-void
-isc_entropy_destroysource(isc_entropysource_t **sourcep) {
- isc_entropysource_t *source;
- isc_entropy_t *ent;
- isc_boolean_t killit;
-
- REQUIRE(sourcep != NULL);
- REQUIRE(VALID_SOURCE(*sourcep));
-
- source = *sourcep;
- *sourcep = NULL;
-
- ent = source->ent;
- REQUIRE(VALID_ENTROPY(ent));
-
- LOCK(&ent->lock);
-
- destroysource(&source);
-
- killit = destroy_check(ent);
-
- UNLOCK(&ent->lock);
-
- if (killit)
- destroy(&ent);
-}
-
-isc_result_t
-isc_entropy_createcallbacksource(isc_entropy_t *ent,
- isc_entropystart_t start,
- isc_entropyget_t get,
- isc_entropystop_t stop,
- void *arg,
- isc_entropysource_t **sourcep)
-{
- isc_result_t result;
- isc_entropysource_t *source;
- isc_cbsource_t *cbs;
-
- REQUIRE(VALID_ENTROPY(ent));
- REQUIRE(get != NULL);
- REQUIRE(sourcep != NULL && *sourcep == NULL);
-
- LOCK(&ent->lock);
-
- source = isc_mem_get(ent->mctx, sizeof(isc_entropysource_t));
- if (source == NULL) {
- result = ISC_R_NOMEMORY;
- goto errout;
- }
- source->bad = ISC_FALSE;
-
- cbs = &source->sources.callback;
-
- result = samplesource_allocate(ent, &cbs->samplequeue);
- if (result != ISC_R_SUCCESS)
- goto errout;
-
- cbs->start_called = ISC_FALSE;
- cbs->startfunc = start;
- cbs->getfunc = get;
- cbs->stopfunc = stop;
- cbs->arg = arg;
-
- /*
- * From here down, no failures can occur.
- */
- source->magic = SOURCE_MAGIC;
- source->type = ENTROPY_SOURCETYPE_CALLBACK;
- source->ent = ent;
- source->total = 0;
- memset(source->name, 0, sizeof(source->name));
- ISC_LINK_INIT(source, link);
-
- /*
- * Hook it into the entropy system.
- */
- ISC_LIST_APPEND(ent->sources, source, link);
- ent->nsources++;
-
- *sourcep = source;
-
- UNLOCK(&ent->lock);
- return (ISC_R_SUCCESS);
-
- errout:
- if (source != NULL)
- isc_mem_put(ent->mctx, source, sizeof(isc_entropysource_t));
-
- UNLOCK(&ent->lock);
-
- return (result);
-}
-
-void
-isc_entropy_stopcallbacksources(isc_entropy_t *ent) {
- isc_entropysource_t *source;
- isc_cbsource_t *cbs;
-
- REQUIRE(VALID_ENTROPY(ent));
-
- LOCK(&ent->lock);
-
- source = ISC_LIST_HEAD(ent->sources);
- while (source != NULL) {
- if (source->type == ENTROPY_SOURCETYPE_CALLBACK) {
- cbs = &source->sources.callback;
- if (cbs->start_called && cbs->stopfunc != NULL) {
- cbs->stopfunc(source, cbs->arg);
- cbs->start_called = ISC_FALSE;
- }
- }
-
- source = ISC_LIST_NEXT(source, link);
- }
-
- UNLOCK(&ent->lock);
-}
-
-isc_result_t
-isc_entropy_createsamplesource(isc_entropy_t *ent,
- isc_entropysource_t **sourcep)
-{
- isc_result_t result;
- isc_entropysource_t *source;
- sample_queue_t *sq;
-
- REQUIRE(VALID_ENTROPY(ent));
- REQUIRE(sourcep != NULL && *sourcep == NULL);
-
- LOCK(&ent->lock);
-
- source = isc_mem_get(ent->mctx, sizeof(isc_entropysource_t));
- if (source == NULL) {
- result = ISC_R_NOMEMORY;
- goto errout;
- }
-
- sq = &source->sources.sample.samplequeue;
- result = samplesource_allocate(ent, sq);
- if (result != ISC_R_SUCCESS)
- goto errout;
-
- /*
- * From here down, no failures can occur.
- */
- source->magic = SOURCE_MAGIC;
- source->type = ENTROPY_SOURCETYPE_SAMPLE;
- source->ent = ent;
- source->total = 0;
- memset(source->name, 0, sizeof(source->name));
- ISC_LINK_INIT(source, link);
-
- /*
- * Hook it into the entropy system.
- */
- ISC_LIST_APPEND(ent->sources, source, link);
- ent->nsources++;
-
- *sourcep = source;
-
- UNLOCK(&ent->lock);
- return (ISC_R_SUCCESS);
-
- errout:
- if (source != NULL)
- isc_mem_put(ent->mctx, source, sizeof(isc_entropysource_t));
-
- UNLOCK(&ent->lock);
-
- return (result);
-}
-
-/*!
- * Add a sample, and return ISC_R_SUCCESS if the queue has become full,
- * ISC_R_NOENTROPY if it has space remaining, and ISC_R_NOMORE if the
- * queue was full when this function was called.
- */
-static isc_result_t
-addsample(sample_queue_t *sq, isc_uint32_t sample, isc_uint32_t extra) {
- if (sq->nsamples >= RND_EVENTQSIZE)
- return (ISC_R_NOMORE);
-
- sq->samples[sq->nsamples] = sample;
- sq->extra[sq->nsamples] = extra;
- sq->nsamples++;
-
- if (sq->nsamples >= RND_EVENTQSIZE)
- return (ISC_R_QUEUEFULL);
-
- return (ISC_R_SUCCESS);
-}
-
-isc_result_t
-isc_entropy_addsample(isc_entropysource_t *source, isc_uint32_t sample,
- isc_uint32_t extra)
-{
- isc_entropy_t *ent;
- sample_queue_t *sq;
- unsigned int entropy;
- isc_result_t result;
-
- REQUIRE(VALID_SOURCE(source));
-
- ent = source->ent;
-
- LOCK(&ent->lock);
-
- sq = &source->sources.sample.samplequeue;
- result = addsample(sq, sample, extra);
- if (result == ISC_R_QUEUEFULL) {
- entropy = crunchsamples(ent, sq);
- add_entropy(ent, entropy);
- }
-
- UNLOCK(&ent->lock);
-
- return (result);
-}
-
-isc_result_t
-isc_entropy_addcallbacksample(isc_entropysource_t *source, isc_uint32_t sample,
- isc_uint32_t extra)
-{
- sample_queue_t *sq;
- isc_result_t result;
-
- REQUIRE(VALID_SOURCE(source));
- REQUIRE(source->type == ENTROPY_SOURCETYPE_CALLBACK);
-
- sq = &source->sources.callback.samplequeue;
- result = addsample(sq, sample, extra);
-
- return (result);
-}
-
-void
-isc_entropy_putdata(isc_entropy_t *ent, void *data, unsigned int length,
- isc_uint32_t entropy)
-{
- REQUIRE(VALID_ENTROPY(ent));
-
- LOCK(&ent->lock);
-
- entropypool_adddata(ent, data, length, entropy);
-
- if (ent->initialized < THRESHOLD_BITS)
- ent->initialized = THRESHOLD_BITS;
-
- UNLOCK(&ent->lock);
-}
-
-static void
-dumpstats(isc_entropy_t *ent, FILE *out) {
- fprintf(out,
- isc_msgcat_get(isc_msgcat, ISC_MSGSET_ENTROPY,
- ISC_MSG_ENTROPYSTATS,
- "Entropy pool %p: refcnt %u cursor %u,"
- " rotate %u entropy %u pseudo %u nsources %u"
- " nextsource %p initialized %u initcount %u\n"),
- ent, ent->refcnt,
- ent->pool.cursor, ent->pool.rotate,
- ent->pool.entropy, ent->pool.pseudo,
- ent->nsources, ent->nextsource, ent->initialized,
- ent->initcount);
-}
-
-/*
- * This function ignores locking. Use at your own risk.
- */
-void
-isc_entropy_stats(isc_entropy_t *ent, FILE *out) {
- REQUIRE(VALID_ENTROPY(ent));
-
- LOCK(&ent->lock);
- dumpstats(ent, out);
- UNLOCK(&ent->lock);
-}
-
-unsigned int
-isc_entropy_status(isc_entropy_t *ent) {
- unsigned int estimate;
-
- LOCK(&ent->lock);
- estimate = ent->pool.entropy;
- UNLOCK(&ent->lock);
-
- return estimate;
-}
-
-void
-isc_entropy_attach(isc_entropy_t *ent, isc_entropy_t **entp) {
- REQUIRE(VALID_ENTROPY(ent));
- REQUIRE(entp != NULL && *entp == NULL);
-
- LOCK(&ent->lock);
-
- ent->refcnt++;
- *entp = ent;
-
- UNLOCK(&ent->lock);
-}
-
-void
-isc_entropy_detach(isc_entropy_t **entp) {
- isc_entropy_t *ent;
- isc_boolean_t killit;
-
- REQUIRE(entp != NULL && VALID_ENTROPY(*entp));
- ent = *entp;
- *entp = NULL;
-
- LOCK(&ent->lock);
-
- REQUIRE(ent->refcnt > 0);
- ent->refcnt--;
-
- killit = destroy_check(ent);
-
- UNLOCK(&ent->lock);
-
- if (killit)
- destroy(&ent);
-}
-
-static isc_result_t
-kbdstart(isc_entropysource_t *source, void *arg, isc_boolean_t blocking) {
- /*
- * The intent of "first" is to provide a warning message only once
- * during the run of a program that might try to gather keyboard
- * entropy multiple times.
- */
- static isc_boolean_t first = ISC_TRUE;
-
- UNUSED(arg);
-
- if (! blocking)
- return (ISC_R_NOENTROPY);
-
- if (first) {
- if (source->warn_keyboard)
- fprintf(stderr, "You must use the keyboard to create "
- "entropy, since your system is lacking\n"
- "/dev/random (or equivalent)\n\n");
- first = ISC_FALSE;
- }
- fprintf(stderr, "start typing:\n");
-
- return (isc_keyboard_open(&source->kbd));
-}
-
-static void
-kbdstop(isc_entropysource_t *source, void *arg) {
-
- UNUSED(arg);
-
- if (! isc_keyboard_canceled(&source->kbd))
- fprintf(stderr, "stop typing.\r\n");
-
- (void)isc_keyboard_close(&source->kbd, 3);
-}
-
-static isc_result_t
-kbdget(isc_entropysource_t *source, void *arg, isc_boolean_t blocking) {
- isc_result_t result;
- isc_time_t t;
- isc_uint32_t sample;
- isc_uint32_t extra;
- unsigned char c;
-
- UNUSED(arg);
-
- if (!blocking)
- return (ISC_R_NOTBLOCKING);
-
- result = isc_keyboard_getchar(&source->kbd, &c);
- if (result != ISC_R_SUCCESS)
- return (result);
-
- TIME_NOW(&t);
-
- sample = isc_time_nanoseconds(&t);
- extra = c;
-
- result = isc_entropy_addcallbacksample(source, sample, extra);
- if (result != ISC_R_SUCCESS) {
- fprintf(stderr, "\r\n");
- return (result);
- }
-
- fprintf(stderr, ".");
- fflush(stderr);
-
- return (result);
-}
-
-isc_result_t
-isc_entropy_usebestsource(isc_entropy_t *ectx, isc_entropysource_t **source,
- const char *randomfile, int use_keyboard)
-{
- isc_result_t result;
- isc_result_t final_result = ISC_R_NOENTROPY;
- isc_boolean_t userfile = ISC_TRUE;
-
- REQUIRE(VALID_ENTROPY(ectx));
- REQUIRE(source != NULL && *source == NULL);
- REQUIRE(use_keyboard == ISC_ENTROPY_KEYBOARDYES ||
- use_keyboard == ISC_ENTROPY_KEYBOARDNO ||
- use_keyboard == ISC_ENTROPY_KEYBOARDMAYBE);
-
-#ifdef PKCS11CRYPTO
- if (randomfile != NULL)
- pk11_rand_seed_fromfile(randomfile);
-#endif
-
-#ifdef PATH_RANDOMDEV
- if (randomfile == NULL) {
- randomfile = PATH_RANDOMDEV;
- userfile = ISC_FALSE;
- }
-#endif
-
- if (randomfile != NULL && use_keyboard != ISC_ENTROPY_KEYBOARDYES) {
- result = isc_entropy_createfilesource(ectx, randomfile);
- if (result == ISC_R_SUCCESS &&
- use_keyboard == ISC_ENTROPY_KEYBOARDMAYBE)
- use_keyboard = ISC_ENTROPY_KEYBOARDNO;
- if (result != ISC_R_SUCCESS && userfile)
- return (result);
-
- final_result = result;
- }
-
- if (use_keyboard != ISC_ENTROPY_KEYBOARDNO) {
- result = isc_entropy_createcallbacksource(ectx, kbdstart,
- kbdget, kbdstop,
- NULL, source);
- if (result == ISC_R_SUCCESS)
- (*source)->warn_keyboard =
- ISC_TF(use_keyboard ==
- ISC_ENTROPY_KEYBOARDMAYBE);
-
- if (final_result != ISC_R_SUCCESS)
- final_result = result;
- }
-
- /*
- * final_result is ISC_R_SUCCESS if at least one source of entropy
- * could be started, otherwise it is the error from the most recently
- * failed operation (or ISC_R_NOENTROPY if PATH_RANDOMDEV is not
- * defined and use_keyboard is ISC_ENTROPY_KEYBOARDNO).
- */
- return (final_result);
-}
-
-void
-isc_entropy_usehook(isc_entropy_t *ectx, isc_boolean_t onoff) {
- REQUIRE(VALID_ENTROPY(ectx));
-
- LOCK(&ectx->lock);
- ectx->usehook = onoff;
- UNLOCK(&ectx->lock);
-}
-
-void
-isc_entropy_sethook(isc_entropy_getdata_t myhook) {
- hook = myhook;
-}
* again, it should not change fnv_offset_basis.
*/
while (fnv_offset_basis == 0) {
- isc_random_get(&fnv_offset_basis);
+ fnv_offset_basis = isc_random();
}
fnv_initialized = ISC_TRUE;
+++ /dev/null
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-#ifndef ISC_ENTROPY_H
-#define ISC_ENTROPY_H 1
-
-/*****
- ***** Module Info
- *****/
-
-/*! \file isc/entropy.h
- * \brief The entropy API
- *
- * \li MP:
- * The entropy object is locked internally. All callbacks into
- * application-provided functions (for setup, gathering, and
- * shutdown of sources) are guaranteed to be called with the
- * entropy API lock held. This means these functions are
- * not permitted to call back into the entropy API.
- *
- * \li Reliability:
- * No anticipated impact.
- *
- * \li Resources:
- * A buffer, used as an entropy pool.
- *
- * \li Security:
- * While this code is believed to implement good entropy gathering
- * and distribution, it has not been reviewed by a cryptographic
- * expert.
- * Since the added entropy is only as good as the sources used,
- * this module could hand out bad data and never know it.
- *
- * \li Standards:
- * None.
- */
-
-/***
- *** Imports
- ***/
-
-#include <stdio.h>
-
-#include <isc/lang.h>
-#include <isc/types.h>
-
-/*@{*/
-/*% Entropy callback function. */
-typedef isc_result_t (*isc_entropystart_t)(isc_entropysource_t *source,
- void *arg, isc_boolean_t blocking);
-typedef isc_result_t (*isc_entropyget_t)(isc_entropysource_t *source,
- void *arg, isc_boolean_t blocking);
-typedef void (*isc_entropystop_t)(isc_entropysource_t *source, void *arg);
-/*@}*/
-
-/***
- *** Flags.
- ***/
-
-/*!
- * \brief
- * Extract only "good" data; return failure if there is not enough
- * data available and there are no sources which we can poll to get
- * data, or those sources are empty.
- *
- *
- */
-#define ISC_ENTROPY_GOODONLY 0x00000001U
-/*!
- * \brief
- * Extract as much good data as possible, but if there isn't enough
- * at hand, return what is available. This flag only makes sense
- * when used with _GOODONLY.
- */
-#define ISC_ENTROPY_PARTIAL 0x00000002U
-/*!
- * \brief
- * Block the task until data is available. This is contrary to the
- * ISC task system, where tasks should never block. However, if
- * this is a special purpose application where blocking a task is
- * acceptable (say, an offline zone signer) this flag may be set.
- * This flag only makes sense when used with _GOODONLY, and will
- * block regardless of the setting for _PARTIAL.
- */
-#define ISC_ENTROPY_BLOCKING 0x00000004U
-
-/*!
- * \brief
- * Estimate the amount of entropy contained in the sample pool.
- * If this is not set, the source will be gathered and periodically
- * mixed into the entropy pool, but no increment in contained entropy
- * will be assumed. This flag only makes sense on sample sources.
- */
-#define ISC_ENTROPYSOURCE_ESTIMATE 0x00000001U
-
-/*
- * For use with isc_entropy_usebestsource().
- */
-/*!
- * \brief
- * Use the keyboard as the only entropy source.
- */
-#define ISC_ENTROPY_KEYBOARDYES 1
-/*!
- * \brief
- * Never use the keyboard as an entropy source.
- */
-#define ISC_ENTROPY_KEYBOARDNO 2
-/*!
- * \brief
- * Use the keyboard as an entropy source only if opening the
- * random device fails.
- */
-#define ISC_ENTROPY_KEYBOARDMAYBE 3
-
-ISC_LANG_BEGINDECLS
-
-/***
- *** Functions
- ***/
-
-isc_result_t
-isc_entropy_create(isc_mem_t *mctx, isc_entropy_t **entp);
-/*!<
- * \brief Create a new entropy object.
- */
-
-void
-isc_entropy_attach(isc_entropy_t *ent, isc_entropy_t **entp);
-/*!<
- * Attaches to an entropy object.
- */
-
-void
-isc_entropy_detach(isc_entropy_t **entp);
-/*!<
- * \brief Detaches from an entropy object.
- */
-
-isc_result_t
-isc_entropy_createfilesource(isc_entropy_t *ent, const char *fname);
-/*!<
- * \brief Create a new entropy source from a file.
- *
- * The file is assumed to contain good randomness, and will be mixed directly
- * into the pool with every byte adding 8 bits of entropy.
- *
- * The file will be put into non-blocking mode, so it may be a device file,
- * such as /dev/random. /dev/urandom should not be used here if it can
- * be avoided, since it will always provide data even if it isn't good.
- * We will make as much pseudorandom data as we need internally if our
- * caller asks for it.
- *
- * If we hit end-of-file, we will stop reading from this source. Callers
- * who require strong random data will get failure when our pool drains.
- * The file will never be opened/read again once EOF is reached.
- */
-
-void
-isc_entropy_destroysource(isc_entropysource_t **sourcep);
-/*!<
- * \brief Removes an entropy source from the entropy system.
- */
-
-isc_result_t
-isc_entropy_createsamplesource(isc_entropy_t *ent,
- isc_entropysource_t **sourcep);
-/*!<
- * \brief Create an entropy source that consists of samples. Each sample is
- * added to the source via isc_entropy_addsamples(), below.
- */
-
-isc_result_t
-isc_entropy_createcallbacksource(isc_entropy_t *ent,
- isc_entropystart_t start,
- isc_entropyget_t get,
- isc_entropystop_t stop,
- void *arg,
- isc_entropysource_t **sourcep);
-/*!<
- * \brief Create an entropy source that is polled via a callback.
- *
- * This would be used when keyboard input is used, or a GUI input method.
- * It can also be used to hook in any external entropy source.
- *
- * Samples are added via isc_entropy_addcallbacksample(), below.
- * _addcallbacksample() is the only function which may be called from
- * within an entropy API callback function.
- */
-
-void
-isc_entropy_stopcallbacksources(isc_entropy_t *ent);
-/*!<
- * \brief Call the stop functions for callback sources that have had their
- * start functions called.
- */
-
-/*@{*/
-isc_result_t
-isc_entropy_addcallbacksample(isc_entropysource_t *source, isc_uint32_t sample,
- isc_uint32_t extra);
-isc_result_t
-isc_entropy_addsample(isc_entropysource_t *source, isc_uint32_t sample,
- isc_uint32_t extra);
-/*!<
- * \brief Add a sample to the sample source.
- *
- * The sample MUST be a timestamp
- * that increases over time, with the exception of wrap-around for
- * extremely high resolution timers which will quickly wrap-around
- * a 32-bit integer.
- *
- * The "extra" parameter is used only to add a bit more unpredictable
- * data. It is not used other than included in the hash of samples.
- *
- * When in an entropy API callback function, _addcallbacksource() must be
- * used. At all other times, _addsample() must be used.
- */
-/*@}*/
-
-isc_result_t
-isc_entropy_getdata(isc_entropy_t *ent, void *data, unsigned int length,
- unsigned int *returned, unsigned int flags);
-/*!<
- * \brief Get random data from entropy pool 'ent'.
- *
- * If a hook has been set up using isc_entropy_sethook() and
- * isc_entropy_usehook(), then the hook function will be called to get
- * random data.
- *
- * Otherwise, randomness is extracted from the entropy pool set up in BIND.
- * This may cause the pool to be loaded from various sources. Ths is done
- * by stirring the pool and returning a part of hash as randomness.
- * (Note that no secrets are given away here since parts of the hash are
- * XORed together before returning.)
- *
- * 'flags' may contain ISC_ENTROPY_GOODONLY, ISC_ENTROPY_PARTIAL, or
- * ISC_ENTROPY_BLOCKING. These will be honored if the hook function is
- * not in use. If it is, the flags will be passed to the hook function
- * but it may ignore them.
- *
- * Up to 'length' bytes of randomness are retrieved and copied into 'data'.
- * (If 'returned' is not NULL, and the number of bytes copied is less than
- * 'length' - which may happen if ISC_ENTROPY_PARTIAL was used - then the
- * number of bytes copied will be stored in *returned.)
- *
- * Returns:
- * \li ISC_R_SUCCESS on success
- * \li ISC_R_NOENTROPY if entropy pool is empty
- * \li other error codes are possible when a hook is in use
- */
-
-void
-isc_entropy_putdata(isc_entropy_t *ent, void *data, unsigned int length,
- isc_uint32_t entropy);
-/*!<
- * \brief Add "length" bytes in "data" to the entropy pool, incrementing the
- * pool's entropy count by "entropy."
- *
- * These bytes will prime the pseudorandom portion even if no entropy is
- * actually added.
- */
-
-void
-isc_entropy_stats(isc_entropy_t *ent, FILE *out);
-/*!<
- * \brief Dump some (trivial) stats to the stdio stream "out".
- */
-
-unsigned int
-isc_entropy_status(isc_entropy_t *end);
-/*
- * Returns the number of bits the pool currently contains. This is just
- * an estimate.
- */
-
-isc_result_t
-isc_entropy_usebestsource(isc_entropy_t *ectx, isc_entropysource_t **source,
- const char *randomfile, int use_keyboard);
-/*!<
- * \brief Use whatever source of entropy is best.
- *
- * Notes:
- *\li If "randomfile" is not NULL, open it with
- * isc_entropy_createfilesource().
- *
- *\li If "randomfile" is NULL and the system's random device was detected
- * when the program was configured and built, open that device with
- * isc_entropy_createfilesource().
- *
- *\li If "use_keyboard" is #ISC_ENTROPY_KEYBOARDYES, then always open
- * the keyboard as an entropy source (possibly in addition to
- * "randomfile" or the random device).
- *
- *\li If "use_keyboard" is #ISC_ENTROPY_KEYBOARDMAYBE, open the keyboard only
- * if opening the random file/device fails. A message will be
- * printed describing the need for keyboard input.
- *
- *\li If "use_keyboard" is #ISC_ENTROPY_KEYBOARDNO, the keyboard will
- * never be opened.
- *
- * Returns:
- *\li #ISC_R_SUCCESS if at least one source of entropy could be started.
- *
- *\li #ISC_R_NOENTROPY if use_keyboard is #ISC_ENTROPY_KEYBOARDNO and
- * there is no random device pathname compiled into the program.
- *
- *\li A return code from isc_entropy_createfilesource() or
- * isc_entropy_createcallbacksource().
- */
-
-void
-isc_entropy_usehook(isc_entropy_t *ectx, isc_boolean_t onoff);
-/*!<
- * \brief Configure entropy context 'ectx' to use the hook function
- *
- * Sets the entropy context to call the hook function for random number
- * generation, if such a function has been configured via
- * isc_entropy_sethook(), whenever isc_entropy_getdata() is called.
- */
-
-void
-isc_entropy_sethook(isc_entropy_getdata_t myhook);
-/*!<
- * \brief Set the hook function.
- *
- * The hook function is a global value: only one hook function
- * can be set in the system. Individual entropy contexts may be
- * configured to use it, or not, by calling isc_entropy_usehook().
- */
-
-ISC_LANG_ENDDECLS
-
-#endif /* ISC_ENTROPY_H */
* information regarding copyright ownership.
*/
-#ifndef ISC_RANDOM_H
-#define ISC_RANDOM_H 1
+#pragma once
+
+#include <stdint.h>
+#include <stdlib.h>
#include <isc/lang.h>
-#include <isc/types.h>
-#include <isc/entropy.h>
-#include <isc/mem.h>
-#include <isc/mutex.h>
-#include <isc/deprecated.h>
/*! \file isc/random.h
- * \brief Implements pseudo random number generators.
+ * \brief Implements wrapper around system provider pseudo-random data
+ * generators.
*
- * Two pseudo-random number generators are implemented, in isc_random_*
- * and isc_rng_*. Neither one is very strong; they should not be used
- * in cryptography functions.
+ * The system providers used:
+ * - On Linux - getrandom() glibc call or syscall
+ * - On BSDs - arc4random()
*
- * isc_random_* is based on arc4random if it is available on the system.
- * Otherwise it is based on the posix srand() and rand() functions.
- * It is useful for jittering values a bit here and there, such as
- * timeouts, etc, but should not be relied upon to generate
- * unpredictable sequences (for example, when choosing transaction IDs).
+ * If neither is available, the crypto library provider is used:
+ * - If OpenSSL is used - RAND_bytes()
+ * - If PKCS#11 is used - pkcs_C_GenerateRandom()
*
- * isc_rng_* is based on ChaCha20, and is seeded and stirred from the
- * system entropy source. It is stronger than isc_random_* and can
- * be used for generating unpredictable sequences. It is still not as
- * good as using system entropy directly (see entropy.h) and should not
- * be used for cryptographic functions such as key generation.
*/
ISC_LANG_BEGINDECLS
-typedef struct isc_rng isc_rng_t;
-/*%<
- * Opaque type
- */
-
-void
-isc_random_seed(isc_uint32_t seed);
-/*%<
- * Set the initial seed of the random state.
- */
+uint32_t
+isc_random(void);
void
-isc_random_get(isc_uint32_t *val);
-/*%<
- * Get a random value.
- *
- * Requires:
- * val != NULL.
- */
-
-isc_uint32_t
-isc_random_jitter(isc_uint32_t max, isc_uint32_t jitter);
-/*%<
- * Get a random value between (max - jitter) and (max).
- * This is useful for jittering timer values.
+isc_random_buf(void *buf, size_t buflen);
+/*!<
+ * \brief Get random data.
*/
-isc_result_t
-isc_rng_create(isc_mem_t *mctx, isc_entropy_t *entropy, isc_rng_t **rngp);
-/*%<
- * Creates and initializes a pseudo random number generator. The
- * returned RNG can be used to generate pseudo random numbers.
- *
- * The reference count of the returned RNG is set to 1.
- *
- * Requires:
- * \li mctx is a pointer to a valid memory context.
- * \li entropy is an optional entopy source (can be NULL)
- * \li rngp != NULL && *rngp == NULL is where a pointer to the RNG is
- * returned.
- *
- * Ensures:
- *\li If result is ISC_R_SUCCESS:
- * *rngp points to a valid RNG.
- *
- *\li If result is failure:
- * *rngp does not point to a valid RNG.
- *
- * Returns:
- *\li #ISC_R_SUCCESS Success
- *\li #ISC_R_NOMEMORY Resource limit: Out of Memory
- */
-
-void
-isc_rng_attach(isc_rng_t *source, isc_rng_t **targetp);
-/*%<
- * Increments a reference count on the passed RNG.
- *
- * Requires:
- * \li source the RNG struct to attach to (is refcount is incremented)
- * \li targetp != NULL && *targetp == NULL where a pointer to the
- * reference incremented RNG is returned.
- */
-
-void
-isc_rng_detach(isc_rng_t **rngp);
-/*%<
- * Decrements a reference count on the passed RNG. If the reference
- * count reaches 0, the RNG is destroyed.
- *
- * Requires:
- * \li rngp != NULL the RNG struct to decrement reference for
- */
-
-void
-isc_rng_randombytes(isc_rng_t *rngctx, void *output, size_t length);
-/*%<
- * Returns a pseudo random sequence of length octets in output.
- */
-
-isc_uint16_t
-isc_rng_random(isc_rng_t *rngctx) ISC_DEPRECATED;
-/*%<
- * Returns a pseudo random 16-bit unsigned integer.
- *
- * This function is deprecated. You should use `isc_rng_randombytes()`
- * instead.
- */
-
-isc_uint16_t
-isc_rng_uniformrandom(isc_rng_t *rngctx, isc_uint16_t upper_bound);
-/*%<
- * Returns a uniformly distributed pseudo-random 16-bit unsigned integer
- * less than 'upper_bound'.
- */
+uint32_t
+isc_random_uniform(uint32_t upper_bound);
ISC_LANG_ENDDECLS
-
-#endif /* ISC_RANDOM_H */
typedef struct isc_consttextregion isc_consttextregion_t; /*%< Const Text Region */
typedef struct isc_counter isc_counter_t; /*%< Counter */
typedef isc_int16_t isc_dscp_t; /*%< Diffserv code point */
-typedef struct isc_entropy isc_entropy_t; /*%< Entropy */
-typedef struct isc_entropysource isc_entropysource_t; /*%< Entropy Source */
typedef struct isc_event isc_event_t; /*%< Event */
typedef ISC_LIST(isc_event_t) isc_eventlist_t; /*%< Event List */
typedef unsigned int isc_eventtype_t; /*%< Event Type */
typedef struct isc_netaddr isc_netaddr_t; /*%< Net Address */
typedef struct isc_portset isc_portset_t; /*%< Port Set */
typedef struct isc_quota isc_quota_t; /*%< Quota */
-typedef struct isc_random isc_random_t; /*%< Random */
typedef struct isc_ratelimiter isc_ratelimiter_t; /*%< Rate Limiter */
typedef struct isc_region isc_region_t; /*%< Region */
typedef isc_uint64_t isc_resourcevalue_t; /*%< Resource Value */
typedef struct isc_timer isc_timer_t; /*%< Timer */
typedef struct isc_timermgr isc_timermgr_t; /*%< Timer Manager */
-typedef isc_result_t (*isc_entropy_getdata_t)(void *, unsigned int,
- unsigned int *, unsigned int);
typedef void (*isc_taskaction_t)(isc_task_t *, isc_event_t *);
typedef int (*isc_sockfdwatch_t)(isc_task_t *, isc_socket_t *, void *, int);
void *
isc_pool_get(isc_pool_t *pool) {
- isc_uint32_t i;
- isc_random_get(&i);
+ isc_uint32_t i = isc_random();
return (pool->pool[i % pool->count]);
}
* information regarding copyright ownership.
*/
-/*%
- * ChaCha based random number generator derived from OpenBSD.
+/*
+ * Portions of isc_random_uniform():
*
- * The original copyright follows:
* Copyright (c) 1996, David Mazieres <dm@uun.org>
* Copyright (c) 2008, Damien Miller <djm@openbsd.org>
- * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/*! \file */
-
#include <config.h>
+#include <stdint.h>
#include <stdlib.h>
-#include <time.h> /* Required for time(). */
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_UNISTD_H
#include <unistd.h>
-#endif
-
-#include <isc/magic.h>
-#include <isc/mutex.h>
-#include <isc/once.h>
-#include <isc/mem.h>
-#include <isc/entropy.h>
-#include <isc/random.h>
-#include <isc/safe.h>
-#include <isc/string.h>
-#include <isc/util.h>
-#define RNG_MAGIC ISC_MAGIC('R', 'N', 'G', 'x')
-#define VALID_RNG(r) ISC_MAGIC_VALID(r, RNG_MAGIC)
+#ifdef OPENSSL
+#include <openssl/rand.h>
+#endif /* ifdef OPENSSL */
-#define KEYSTREAM_ONLY
-#include "chacha_private.h"
+#ifdef PKCS11CRYPTO
+#include <pk11/pk11.h>
+#endif /* ifdef PKCS11CRYPTO */
-#define CHACHA_KEYSIZE 32U
-#define CHACHA_IVSIZE 8U
-#define CHACHA_BLOCKSIZE 64
-#define CHACHA_BUFFERSIZE (16 * CHACHA_BLOCKSIZE)
-#define CHACHA_MAXHAVE (CHACHA_BUFFERSIZE - CHACHA_KEYSIZE - CHACHA_IVSIZE)
-/*
- * Derived from OpenBSD's implementation. The rationale is not clear,
- * but should be conservative enough in safety, and reasonably large for
- * efficiency.
- */
-#define CHACHA_MAXLENGTH 1600000
-
-/* ChaCha RNG state */
-struct isc_rng {
- unsigned int magic;
- isc_mem_t *mctx;
- chacha_ctx cpctx;
- isc_uint8_t buffer[CHACHA_BUFFERSIZE];
- size_t have;
- unsigned int references;
- int count;
- isc_entropy_t *entropy; /*%< entropy source */
- isc_mutex_t lock;
-};
-
-static isc_once_t once = ISC_ONCE_INIT;
-
-static void
-initialize_rand(void) {
-#ifndef HAVE_ARC4RANDOM
- unsigned int pid = getpid();
+#if defined(__linux__)
+# include <errno.h>
+# ifdef HAVE_GETRANDOM
+# include <sys/random.h>
+# else /* HAVE_GETRANDOM */
+# include <sys/syscall.h>
+# endif /* HAVE_GETRANDOM */
+#endif /* defined(__linux__) */
- /*
- * The low bits of pid generally change faster.
- * Xor them with the high bits of time which change slowly.
- */
- pid = ((pid << 16) & 0xffff0000) | ((pid >> 16) & 0xffff);
-
- srand((unsigned)time(NULL) ^ pid);
-#endif
-}
-
-static void
-initialize(void) {
- RUNTIME_CHECK(isc_once_do(&once, initialize_rand) == ISC_R_SUCCESS);
-}
-
-void
-isc_random_seed(isc_uint32_t seed) {
- initialize();
-
-#ifndef HAVE_ARC4RANDOM
- srand(seed);
-#elif defined(HAVE_ARC4RANDOM_STIR)
- /* Formally not necessary... */
- UNUSED(seed);
- arc4random_stir();
-#elif defined(HAVE_ARC4RANDOM_ADDRANDOM)
- arc4random_addrandom((u_char *) &seed, sizeof(isc_uint32_t));
-#else
- /*
- * If arc4random() is available and no corresponding seeding
- * function arc4random_addrandom() is available, no seeding is
- * done on such platforms (e.g., OpenBSD 5.5). This is because
- * the OS itself is supposed to seed the RNG and it is assumed
- * that no explicit seeding is required.
- */
- UNUSED(seed);
-#endif
-}
-
-void
-isc_random_get(isc_uint32_t *val) {
- REQUIRE(val != NULL);
-
- initialize();
-
-#ifndef HAVE_ARC4RANDOM
- /*
- * rand()'s lower bits are not random.
- * rand()'s upper bit is zero.
- */
-#if RAND_MAX >= 0xfffff
- /* We have at least 20 bits. Use lower 16 excluding lower most 4 */
- *val = ((((unsigned int)rand()) & 0xffff0) >> 4) |
- ((((unsigned int)rand()) & 0xffff0) << 12);
-#elif RAND_MAX >= 0x7fff
- /* We have at least 15 bits. Use lower 10/11 excluding lower most 4 */
- *val = ((rand() >> 4) & 0x000007ff) | ((rand() << 7) & 0x003ff800) |
- ((rand() << 18) & 0xffc00000);
-#else
-#error RAND_MAX is too small
-#endif
-#else
- *val = arc4random();
-#endif
-}
-
-isc_uint32_t
-isc_random_jitter(isc_uint32_t max, isc_uint32_t jitter) {
- isc_uint32_t rnd;
-
- REQUIRE(jitter < max || (jitter == 0 && max == 0));
-
- if (jitter == 0)
- return (max);
-
- isc_random_get(&rnd);
- return (max - rnd % jitter);
-}
-
-static void
-chacha_reinit(isc_rng_t *rng, isc_uint8_t *buffer, size_t n) {
- REQUIRE(rng != NULL);
-
- if (n < CHACHA_KEYSIZE + CHACHA_IVSIZE)
- return;
-
- chacha_keysetup(&rng->cpctx, buffer, CHACHA_KEYSIZE * 8, 0);
- chacha_ivsetup(&rng->cpctx, buffer + CHACHA_KEYSIZE);
-}
-
-isc_result_t
-isc_rng_create(isc_mem_t *mctx, isc_entropy_t *entropy, isc_rng_t **rngp) {
- union {
- unsigned char rnd[128];
- isc_uint32_t rnd32[32];
- } rnd;
- isc_result_t result;
- isc_rng_t *rng;
-
- REQUIRE(mctx != NULL);
- REQUIRE(rngp != NULL && *rngp == NULL);
-
- if (entropy != NULL) {
- /*
- * We accept any quality of random data to avoid blocking.
- */
- result = isc_entropy_getdata(entropy, rnd.rnd,
- sizeof(rnd), NULL, 0);
- RUNTIME_CHECK(result == ISC_R_SUCCESS);
- } else {
- int i;
- for (i = 0; i < 32; i++)
- isc_random_get(&rnd.rnd32[i]);
- }
-
- rng = isc_mem_get(mctx, sizeof(*rng));
- if (rng == NULL)
- return (ISC_R_NOMEMORY);
-
- chacha_reinit(rng, rnd.rnd, sizeof(rnd.rnd));
-
- rng->have = 0;
- memset(rng->buffer, 0, CHACHA_BUFFERSIZE);
+#include <isc/random.h>
+#include <isc/result.h>
+#include <isc/types.h>
+#include <isc/util.h>
- /* Create lock */
- result = isc_mutex_init(&rng->lock);
- if (result != ISC_R_SUCCESS) {
- isc_mem_put(mctx, rng, sizeof(*rng));
- return (result);
+#if defined(__linux__)
+# ifdef HAVE_GETRANDOM
+# define have_getrandom() 1
+# else /* ifdef HAVE_GETRANDOM */
+# undef getrandom
+# if defined(SYS_getrandom)
+# define getrandom(dst,s,flags) syscall(SYS_getrandom, \
+ (void*)dst, \
+ (size_t)s, \
+ (unsigned int)flags)
+
+static unsigned
+have_getrandom(void)
+{
+ uint16_t buf;
+ ssize_t ret;
+ ret = getrandom(&buf, sizeof(buf), 1 /*GRND_NONBLOCK*/);
+ return (ret == sizeof(buf) ||
+ (ret == -1 && errno == EAGAIN));
+}
+
+# else /* defined(SYS_getrandom) */
+# define have_getrandom() 0
+# define getrandom(dst,s,flags) -1
+# endif /* defined(SYS_getrandom) */
+# endif /* ifdef HAVE_GETRANDOM */
+
+static int
+getrandom_buf(void *buf, size_t buflen)
+{
+ size_t left = buflen;
+ ssize_t ret;
+ uint8_t *p = buf;
+
+ while (left > 0) {
+ ret = getrandom(p, left, 0);
+ if (ret == -1 && errno == EINTR) {
+ continue;
+ }
+
+ RUNTIME_CHECK(ret >= 0);
+
+ if (ret > 0) {
+ left -= ret;
+ p += ret;
+ }
}
- /* Attach to memory context */
- rng->mctx = NULL;
- isc_mem_attach(mctx, &rng->mctx);
-
- /* Local non-algorithm initializations. */
- rng->count = 0;
- rng->entropy = entropy; /* don't have to attach */
- rng->references = 1;
- rng->magic = RNG_MAGIC;
-
- *rngp = rng;
-
- return (ISC_R_SUCCESS);
+ return(0);
}
+#endif /* __linux__ */
-void
-isc_rng_attach(isc_rng_t *source, isc_rng_t **targetp) {
+#if defined(_WIN32) || defined(_WIN64)
- REQUIRE(VALID_RNG(source));
- REQUIRE(targetp != NULL && *targetp == NULL);
+static isc_once_t isc_random_once = ISC_ONCE_INIT;
- LOCK(&source->lock);
- source->references++;
- UNLOCK(&source->lock);
+static HCRYPTPROV isc_random_hcryptprov;
- *targetp = (isc_rng_t *)source;
+static void isc_random_initialize(void) {
+ RUNTIME_CHECK(CryptAcquireContext(&hcryptprov, NULL, NULL, PROV_RSA_FULL,
+ CRYPT_VERIFYCONTEXT|CRYPT_SILENT));
}
-static void
-destroy(isc_rng_t *rng) {
+#endif /* defined(_WIN32) || defined(_WIN64) */
- REQUIRE(VALID_RNG(rng));
-
- rng->magic = 0;
- isc_mutex_destroy(&rng->lock);
- isc_mem_putanddetach(&rng->mctx, rng, sizeof(isc_rng_t));
+uint32_t
+isc_random(void)
+{
+#if defined(HAVE_ARC4RANDOM)
+ return(arc4random());
+#else /* HAVE_ARC4RANDOM */
+ uint32_t ret;
+ isc_random_buf(&ret, sizeof(ret));
+ return (ret);
+#endif /* HAVE_ARC4RANDOM */
}
+/*
+ * Fill the region buf of length buflen with random data.
+ */
void
-isc_rng_detach(isc_rng_t **rngp) {
- isc_rng_t *rng;
- isc_boolean_t dest = ISC_FALSE;
-
- REQUIRE(rngp != NULL && VALID_RNG(*rngp));
-
- rng = *rngp;
- *rngp = NULL;
-
- LOCK(&rng->lock);
-
- INSIST(rng->references > 0);
- rng->references--;
- if (rng->references == 0)
- dest = ISC_TRUE;
- UNLOCK(&rng->lock);
-
- if (dest)
- destroy(rng);
-}
-
-static void
-chacha_rekey(isc_rng_t *rng, u_char *dat, size_t datlen) {
- REQUIRE(VALID_RNG(rng));
-
-#ifndef KEYSTREAM_ONLY
- memset(rng->buffer, 0, CHACHA_BUFFERSIZE);
-#endif
-
- /* Fill buffer with the keystream. */
- chacha_encrypt_bytes(&rng->cpctx, rng->buffer, rng->buffer,
- CHACHA_BUFFERSIZE);
-
- /* Mix in optional user provided data. */
- if (dat != NULL) {
- size_t i, m;
-
- m = ISC_MIN(datlen, CHACHA_KEYSIZE + CHACHA_IVSIZE);
- for (i = 0; i < m; i++)
- rng->buffer[i] ^= dat[i];
- }
-
- /* Immediately reinit for backtracking resistance. */
- chacha_reinit(rng, rng->buffer,
- CHACHA_KEYSIZE + CHACHA_IVSIZE);
- memset(rng->buffer, 0, CHACHA_KEYSIZE + CHACHA_IVSIZE);
- rng->have = CHACHA_MAXHAVE;
-}
-
-static void
-chacha_getbytes(isc_rng_t *rng, isc_uint8_t *output, size_t length) {
- REQUIRE(VALID_RNG(rng));
-
- while (ISC_UNLIKELY(length > CHACHA_MAXHAVE)) {
- chacha_rekey(rng, NULL, 0);
- memmove(output, rng->buffer + CHACHA_BUFFERSIZE - rng->have,
- CHACHA_MAXHAVE);
- output += CHACHA_MAXHAVE;
- length -= CHACHA_MAXHAVE;
- rng->have = 0;
- }
-
- if (rng->have < length)
- chacha_rekey(rng, NULL, 0);
-
- memmove(output, rng->buffer + CHACHA_BUFFERSIZE - rng->have, length);
- /* Clear the copied region. */
- memset(rng->buffer + CHACHA_BUFFERSIZE - rng->have, 0, length);
- rng->have -= length;
-}
-
-static void
-chacha_stir(isc_rng_t *rng) {
- union {
- unsigned char rnd[128];
- isc_uint32_t rnd32[32];
- } rnd;
- isc_result_t result;
-
- REQUIRE(VALID_RNG(rng));
-
- if (rng->entropy != NULL) {
- /*
- * We accept any quality of random data to avoid blocking.
- */
- result = isc_entropy_getdata(rng->entropy, rnd.rnd,
- sizeof(rnd), NULL, 0);
- RUNTIME_CHECK(result == ISC_R_SUCCESS);
- } else {
- int i;
- for (i = 0; i < 32; i++)
- isc_random_get(&rnd.rnd32[i]);
- }
-
- chacha_rekey(rng, rnd.rnd, sizeof(rnd.rnd));
-
- isc_safe_memwipe(rnd.rnd, sizeof(rnd.rnd));
+isc_random_buf(void *buf, size_t buflen)
+{
+ REQUIRE(buf);
+ REQUIRE(buflen > 0);
- /* Invalidate the buffer too. */
- rng->have = 0;
- memset(rng->buffer, 0, CHACHA_BUFFERSIZE);
+#if defined(_WIN32) || defined(_WIN64)
+ RUNTIME_CHECK(isc_once_do(&once, initialize_rand) == ISC_R_SUCCESS);
+ RUNTIME_CHECK(CryptGenRandom(isc_random_hcryptprov, (DWORD)buflen, buf));
+ return;
+#elif defined(HAVE_ARC4RANDOM_BUF)
+ arc4random_buf(buf, buflen);
+ return;
+#else
- /*
- * Derived from OpenBSD's implementation. The rationale is not clear,
- * but should be conservative enough in safety, and reasonably large
- * for efficiency.
+# if defined(__linux__)
+ /* We need to check the availability of the SYS_getrandom syscall at runtime
+ * and fall back to crypto library provider if not available
*/
- rng->count = CHACHA_MAXLENGTH;
-}
-
-void
-isc_rng_randombytes(isc_rng_t *rng, void *output, size_t length) {
- isc_uint8_t *ptr = output;
-
- REQUIRE(VALID_RNG(rng));
- REQUIRE(output != NULL && length > 0);
-
- LOCK(&rng->lock);
-
- while (ISC_UNLIKELY(length > CHACHA_MAXLENGTH)) {
- chacha_stir(rng);
- chacha_getbytes(rng, ptr, CHACHA_MAXLENGTH);
- ptr += CHACHA_MAXLENGTH;
- length -= CHACHA_MAXLENGTH;
- rng->count = 0;
+ if (have_getrandom()) {
+ getrandom_buf(buf, buflen);
+ return;
}
- rng->count -= length;
- if (rng->count <= 0)
- chacha_stir(rng);
-
- chacha_getbytes(rng, ptr, length);
-
- UNLOCK(&rng->lock);
-}
+# endif /* defined(__linux__) */
-isc_uint16_t
-isc_rng_random(isc_rng_t *rng) {
- isc_uint16_t result;
+/* Use crypto library as fallback when no other CSPRNG is available */
+# if defined(OPENSSL)
+ RUNTIME_CHECK(RAND_bytes(buf, buflen) < 1);
+# elif defined(PKCS11CRYPTO)
+ RUNTIME_CHECK(pk11_rand_bytes(buf, buflen) == ISC_R_SUCCESS);
+# endif /* if defined(HAVE_ARC4RANDOM_BUF) */
- isc_rng_randombytes(rng, &result, sizeof(result));
-
- return (result);
+#endif
}
-isc_uint16_t
-isc_rng_uniformrandom(isc_rng_t *rng, isc_uint16_t upper_bound) {
- isc_uint16_t min, r;
-
- REQUIRE(VALID_RNG(rng));
+uint32_t
+isc_random_uniform(uint32_t upper_bound)
+{
+#if defined(HAVE_ARC4RANDOM_UNIFORM)
+ return(arc4random_uniform(upper_bound));
+#else /* if defined(HAVE_ARC4RANDOM_UNIFORM) */
+ /* Copy of arc4random_uniform from OpenBSD */
+ u_int32_t r, min;
- if (upper_bound < 2)
+ if (upper_bound < 2) {
return (0);
+ }
- /*
- * Ensure the range of random numbers [min, 0xffff] be a multiple of
- * upper_bound and contain at least a half of the 16 bit range.
- */
-
- if (upper_bound > 0x8000)
- min = 1 + ~upper_bound; /* 0x8000 - upper_bound */
- else
- min = (isc_uint16_t)(0x10000 % (isc_uint32_t)upper_bound);
+#if (ULONG_MAX > 0xffffffffUL)
+ min = 0x100000000UL % upper_bound;
+#else /* if (ULONG_MAX > 0xffffffffUL) */
+ /* Calculate (2**32 % upper_bound) avoiding 64-bit math */
+ if (upper_bound > 0x80000000) {
+ min = 1 + ~upper_bound; /* 2**32 - upper_bound */
+ } else {
+ /* (2**32 - (x * 2)) % x == 2**32 % x when x <= 2**31 */
+ min = ((0xffffffff - (upper_bound * 2)) + 1) % upper_bound;
+ }
+#endif /* if (ULONG_MAX > 0xffffffffUL) */
/*
* This could theoretically loop forever but each retry has
* to re-roll.
*/
for (;;) {
- isc_rng_randombytes(rng, &r, sizeof(r));
- if (r >= min)
+ r = isc_random();
+ if (r >= min) {
break;
+ }
}
return (r % upper_bound);
+#endif /* if defined(HAVE_ARC4RANDOM_UNIFORM) */
}
void
isc_taskpool_gettask(isc_taskpool_t *pool, isc_task_t **targetp) {
- isc_uint32_t i;
- isc_random_get(&i);
+ isc_uint32_t i = isc_random();
isc_task_attach(pool->tasks[i % pool->ntasks], targetp);
}
#include <isc/app.h>
#include <isc/buffer.h>
-#include <isc/entropy.h>
#include <isc/hash.h>
#include <isc/mem.h>
#include <isc/os.h>
#include "isctest.h"
isc_mem_t *mctx = NULL;
-isc_entropy_t *ectx = NULL;
isc_log_t *lctx = NULL;
isc_taskmgr_t *taskmgr = NULL;
isc_timermgr_t *timermgr = NULL;
isc_mem_debugging |= ISC_MEM_DEBUGRECORD;
CHECK(isc_mem_create(0, 0, &mctx));
- CHECK(isc_entropy_create(mctx, &ectx));
if (logfile != NULL) {
isc_logdestination_t destination;
isc_task_detach(&maintask);
if (taskmgr != NULL)
isc_taskmgr_destroy(&taskmgr);
- if (ectx != NULL)
- isc_entropy_detach(&ectx);
cleanup_managers();
#include <config.h>
#include <isc/buffer.h>
-#include <isc/entropy.h>
#include <isc/hash.h>
#include <isc/log.h>
#include <isc/mem.h>
} while (0)
extern isc_mem_t *mctx;
-extern isc_entropy_t *ectx;
extern isc_log_t *lctx;
extern isc_taskmgr_t *taskmgr;
extern isc_timermgr_t *timermgr;
random_test(pvalue_func_t *func, isc_boolean_t word_sized) {
isc_mem_t *mctx = NULL;
isc_result_t result;
- isc_rng_t *rng;
isc_uint32_t m;
isc_uint32_t j;
isc_uint32_t histogram[11] = { 0 };
result = isc_mem_create(0, 0, &mctx);
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
- rng = NULL;
- result = isc_rng_create(mctx, NULL, &rng);
- ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
-
m = 1000;
passed = 0;
if (word_sized) {
for (i = 0; i < REPS; i++) {
- isc_rng_randombytes(rng, &values[i],
- sizeof(values[i]));
+ isc_random_buf(&values[i], sizeof(values[i]));
}
} else {
- isc_rng_randombytes(rng, values, sizeof(values));
+ isc_random_buf(values, sizeof(values));
}
p_value = (*func)(mctx, values, REPS);
histogram[i]++;
}
- isc_rng_detach(&rng);
-
/*
* Check proportion of sequences passing a test (see section
* 4.2.1 in NIST SP 800-22).
/*
* This is a frequency (monobits) test taken from the NIST SP 800-22
- * RNG test suite.
+ * RANDOM test suite.
*/
static double
monobit(isc_mem_t *mctx, isc_uint16_t *values, size_t length) {
return (p_value);
}
-ATF_TC(isc_rng_monobit_16);
-ATF_TC_HEAD(isc_rng_monobit_16, tc) {
- atf_tc_set_md_var(tc, "descr", "Monobit test for the RNG");
+ATF_TC(isc_random_monobit_16);
+ATF_TC_HEAD(isc_random_monobit_16, tc) {
+ atf_tc_set_md_var(tc, "descr", "Monobit test for the RANDOM");
}
-ATF_TC_BODY(isc_rng_monobit_16, tc) {
+ATF_TC_BODY(isc_random_monobit_16, tc) {
UNUSED(tc);
random_test(monobit, ISC_TRUE);
}
-ATF_TC(isc_rng_runs_16);
-ATF_TC_HEAD(isc_rng_runs_16, tc) {
- atf_tc_set_md_var(tc, "descr", "Runs test for the RNG");
+ATF_TC(isc_random_runs_16);
+ATF_TC_HEAD(isc_random_runs_16, tc) {
+ atf_tc_set_md_var(tc, "descr", "Runs test for the RANDOM");
}
-ATF_TC_BODY(isc_rng_runs_16, tc) {
+ATF_TC_BODY(isc_random_runs_16, tc) {
UNUSED(tc);
random_test(runs, ISC_TRUE);
}
-ATF_TC(isc_rng_blockfrequency_16);
-ATF_TC_HEAD(isc_rng_blockfrequency_16, tc) {
- atf_tc_set_md_var(tc, "descr", "Block frequency test for the RNG");
+ATF_TC(isc_random_blockfrequency_16);
+ATF_TC_HEAD(isc_random_blockfrequency_16, tc) {
+ atf_tc_set_md_var(tc, "descr", "Block frequency test for the RANDOM");
}
-ATF_TC_BODY(isc_rng_blockfrequency_16, tc) {
+ATF_TC_BODY(isc_random_blockfrequency_16, tc) {
UNUSED(tc);
random_test(blockfrequency, ISC_TRUE);
}
-ATF_TC(isc_rng_binarymatrixrank_16);
-ATF_TC_HEAD(isc_rng_binarymatrixrank_16, tc) {
- atf_tc_set_md_var(tc, "descr", "Binary matrix rank test for the RNG");
+ATF_TC(isc_random_binarymatrixrank_16);
+ATF_TC_HEAD(isc_random_binarymatrixrank_16, tc) {
+ atf_tc_set_md_var(tc, "descr", "Binary matrix rank test for the RANDOM");
}
/*
* This is the binary matrix rank test taken from the NIST SP 800-22 RNG
* test suite.
*/
-ATF_TC_BODY(isc_rng_binarymatrixrank_16, tc) {
+ATF_TC_BODY(isc_random_binarymatrixrank_16, tc) {
UNUSED(tc);
random_test(binarymatrixrank, ISC_TRUE);
}
-ATF_TC(isc_rng_monobit_bytes);
-ATF_TC_HEAD(isc_rng_monobit_bytes, tc) {
- atf_tc_set_md_var(tc, "descr", "Monobit test for the RNG");
+ATF_TC(isc_random_monobit_bytes);
+ATF_TC_HEAD(isc_random_monobit_bytes, tc) {
+ atf_tc_set_md_var(tc, "descr", "Monobit test for the RANDOM");
}
-ATF_TC_BODY(isc_rng_monobit_bytes, tc) {
+ATF_TC_BODY(isc_random_monobit_bytes, tc) {
UNUSED(tc);
random_test(monobit, ISC_FALSE);
}
-ATF_TC(isc_rng_runs_bytes);
-ATF_TC_HEAD(isc_rng_runs_bytes, tc) {
- atf_tc_set_md_var(tc, "descr", "Runs test for the RNG");
+ATF_TC(isc_random_runs_bytes);
+ATF_TC_HEAD(isc_random_runs_bytes, tc) {
+ atf_tc_set_md_var(tc, "descr", "Runs test for the RANDOM");
}
-ATF_TC_BODY(isc_rng_runs_bytes, tc) {
+ATF_TC_BODY(isc_random_runs_bytes, tc) {
UNUSED(tc);
random_test(runs, ISC_FALSE);
}
-ATF_TC(isc_rng_blockfrequency_bytes);
-ATF_TC_HEAD(isc_rng_blockfrequency_bytes, tc) {
- atf_tc_set_md_var(tc, "descr", "Block frequency test for the RNG");
+ATF_TC(isc_random_blockfrequency_bytes);
+ATF_TC_HEAD(isc_random_blockfrequency_bytes, tc) {
+ atf_tc_set_md_var(tc, "descr", "Block frequency test for the RANDOM");
}
-ATF_TC_BODY(isc_rng_blockfrequency_bytes, tc) {
+ATF_TC_BODY(isc_random_blockfrequency_bytes, tc) {
UNUSED(tc);
random_test(blockfrequency, ISC_FALSE);
}
-ATF_TC(isc_rng_binarymatrixrank_bytes);
-ATF_TC_HEAD(isc_rng_binarymatrixrank_bytes, tc) {
- atf_tc_set_md_var(tc, "descr", "Binary matrix rank test for the RNG");
+ATF_TC(isc_random_binarymatrixrank_bytes);
+ATF_TC_HEAD(isc_random_binarymatrixrank_bytes, tc) {
+ atf_tc_set_md_var(tc, "descr", "Binary matrix rank test for the RANDOM");
}
/*
* This is the binary matrix rank test taken from the NIST SP 800-22 RNG
* test suite.
*/
-ATF_TC_BODY(isc_rng_binarymatrixrank_bytes, tc) {
+ATF_TC_BODY(isc_random_binarymatrixrank_bytes, tc) {
UNUSED(tc);
random_test(binarymatrixrank, ISC_FALSE);
* Main
*/
ATF_TP_ADD_TCS(tp) {
- ATF_TP_ADD_TC(tp, isc_rng_monobit_16);
- ATF_TP_ADD_TC(tp, isc_rng_runs_16);
- ATF_TP_ADD_TC(tp, isc_rng_blockfrequency_16);
- ATF_TP_ADD_TC(tp, isc_rng_binarymatrixrank_16);
- ATF_TP_ADD_TC(tp, isc_rng_monobit_bytes);
- ATF_TP_ADD_TC(tp, isc_rng_runs_bytes);
- ATF_TP_ADD_TC(tp, isc_rng_blockfrequency_bytes);
- ATF_TP_ADD_TC(tp, isc_rng_binarymatrixrank_bytes);
+ ATF_TP_ADD_TC(tp, isc_random_monobit_16);
+ ATF_TP_ADD_TC(tp, isc_random_runs_16);
+ ATF_TP_ADD_TC(tp, isc_random_blockfrequency_16);
+ ATF_TP_ADD_TC(tp, isc_random_binarymatrixrank_16);
+ ATF_TP_ADD_TC(tp, isc_random_monobit_bytes);
+ ATF_TP_ADD_TC(tp, isc_random_runs_bytes);
+ ATF_TP_ADD_TC(tp, isc_random_blockfrequency_bytes);
+ ATF_TP_ADD_TC(tp, isc_random_binarymatrixrank_bytes);
return (atf_no_error());
}
# Alphabetically
OBJS = @ISC_IPV6_O@ @ISC_PK11_API_O@ \
- app.@O@ dir.@O@ entropy.@O@ errno.@O@ errno2result.@O@ \
+ app.@O@ dir.@O@ errno.@O@ errno2result.@O@ \
file.@O@ fsaccess.@O@ interfaceiter.@O@ \
keyboard.@O@ meminfo.@O@ \
net.@O@ os.@O@ resource.@O@ socket.@O@ stdio.@O@ stdtime.@O@ \
# Alphabetically
SRCS = @ISC_IPV6_C@ @ISC_PK11_API_C@ \
- app.c dir.c entropy.c errno.c errno2result.c \
+ app.c dir.c errno.c errno2result.c \
file.c fsaccess.c interfaceiter.c keyboard.c meminfo.c \
net.c os.c resource.c socket.c stdio.c stdtime.c \
strerror.c syslog.c time.c
+++ /dev/null
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-/* \file unix/entropy.c
- * \brief
- * This is the system dependent part of the ISC entropy API.
- */
-
-#include <config.h>
-
-#include <sys/param.h> /* Openserver 5.0.6A and FD_SETSIZE */
-#include <sys/types.h>
-#include <sys/time.h>
-#include <sys/stat.h>
-#include <sys/socket.h>
-#include <sys/un.h>
-
-#ifdef HAVE_NANOSLEEP
-#include <time.h>
-#endif
-#include <unistd.h>
-
-#include <isc/platform.h>
-#include <isc/print.h>
-#include <isc/strerror.h>
-#include <isc/string.h>
-
-#ifdef ISC_PLATFORM_NEEDSYSSELECTH
-#include <sys/select.h>
-#endif
-
-#include "errno2result.h"
-
-/*%
- * There is only one variable in the entropy data structures that is not
- * system independent, but pulling the structure that uses it into this file
- * ultimately means pulling several other independent structures here also to
- * resolve their interdependencies. Thus only the problem variable's type
- * is defined here.
- */
-#define FILESOURCE_HANDLE_TYPE int
-
-typedef struct {
- int handle;
- enum {
- isc_usocketsource_disconnected,
- isc_usocketsource_connecting,
- isc_usocketsource_connected,
- isc_usocketsource_ndesired,
- isc_usocketsource_wrote,
- isc_usocketsource_reading
- } status;
- size_t sz_to_recv;
-} isc_entropyusocketsource_t;
-
-#include "../entropy.c"
-
-static unsigned int
-get_from_filesource(isc_entropysource_t *source, isc_uint32_t desired) {
- isc_entropy_t *ent = source->ent;
- unsigned char buf[128];
- int fd = source->sources.file.handle;
- ssize_t n, ndesired;
- unsigned int added;
-
- if (source->bad)
- return (0);
-
- desired = desired / 8 + (((desired & 0x07) > 0) ? 1 : 0);
-
- added = 0;
- while (desired > 0) {
- ndesired = ISC_MIN(desired, sizeof(buf));
- n = read(fd, buf, ndesired);
- if (n < 0) {
- if (errno == EAGAIN || errno == EINTR)
- goto out;
- goto err;
- }
- if (n == 0)
- goto err;
-
- entropypool_adddata(ent, buf, n, n * 8);
- added += n * 8;
- desired -= n;
- }
- goto out;
-
- err:
- (void)close(fd);
- source->sources.file.handle = -1;
- source->bad = ISC_TRUE;
-
- out:
- return (added);
-}
-
-static unsigned int
-get_from_usocketsource(isc_entropysource_t *source, isc_uint32_t desired) {
- isc_entropy_t *ent = source->ent;
- unsigned char buf[128];
- int fd = source->sources.usocket.handle;
- ssize_t n = 0, ndesired;
- unsigned int added;
- size_t sz_to_recv = source->sources.usocket.sz_to_recv;
-
- if (source->bad)
- return (0);
-
- desired = desired / 8 + (((desired & 0x07) > 0) ? 1 : 0);
-
- added = 0;
- while (desired > 0) {
- ndesired = ISC_MIN(desired, sizeof(buf));
- eagain_loop:
-
- switch ( source->sources.usocket.status ) {
- case isc_usocketsource_ndesired:
- buf[0] = ndesired;
- if ((n = sendto(fd, buf, 1, 0, NULL, 0)) < 0) {
- if (errno == EWOULDBLOCK || errno == EINTR ||
- errno == ECONNRESET)
- goto out;
- goto err;
- }
- INSIST(n == 1);
- source->sources.usocket.status =
- isc_usocketsource_wrote;
- goto eagain_loop;
-
- case isc_usocketsource_connecting:
- case isc_usocketsource_connected:
- buf[0] = 1;
- buf[1] = ndesired;
- if ((n = sendto(fd, buf, 2, 0, NULL, 0)) < 0) {
- if (errno == EWOULDBLOCK || errno == EINTR ||
- errno == ECONNRESET)
- goto out;
- goto err;
- }
- if (n == 1) {
- source->sources.usocket.status =
- isc_usocketsource_ndesired;
- goto eagain_loop;
- }
- INSIST(n == 2);
- source->sources.usocket.status =
- isc_usocketsource_wrote;
- /* FALLTHROUGH */
-
- case isc_usocketsource_wrote:
- if (recvfrom(fd, buf, 1, 0, NULL, NULL) != 1) {
- if (errno == EAGAIN) {
- /*
- * The problem of EAGAIN (try again
- * later) is a major issue on HP-UX.
- * Solaris actually tries the recvfrom
- * call again, while HP-UX just dies.
- * This code is an attempt to let the
- * entropy pool fill back up (at least
- * that's what I think the problem is.)
- * We go to eagain_loop because if we
- * just "break", then the "desired"
- * amount gets borked.
- */
-#ifdef HAVE_NANOSLEEP
- struct timespec ts;
-
- ts.tv_sec = 0;
- ts.tv_nsec = 1000000;
- nanosleep(&ts, NULL);
-#else
- usleep(1000);
-#endif
- goto eagain_loop;
- }
- if (errno == EWOULDBLOCK || errno == EINTR)
- goto out;
- goto err;
- }
- source->sources.usocket.status =
- isc_usocketsource_reading;
- sz_to_recv = buf[0];
- source->sources.usocket.sz_to_recv = sz_to_recv;
- if (sz_to_recv > sizeof(buf))
- goto err;
- /* FALLTHROUGH */
-
- case isc_usocketsource_reading:
- if (sz_to_recv != 0U) {
- n = recv(fd, buf, sz_to_recv, 0);
- if (n < 0) {
- if (errno == EWOULDBLOCK ||
- errno == EINTR)
- goto out;
- goto err;
- }
- } else
- n = 0;
- break;
-
- default:
- goto err;
- }
-
- if ((size_t)n != sz_to_recv)
- source->sources.usocket.sz_to_recv -= n;
- else
- source->sources.usocket.status =
- isc_usocketsource_connected;
-
- if (n == 0)
- goto out;
-
- entropypool_adddata(ent, buf, n, n * 8);
- added += n * 8;
- desired -= n;
- }
- goto out;
-
- err:
- close(fd);
- source->bad = ISC_TRUE;
- source->sources.usocket.status = isc_usocketsource_disconnected;
- source->sources.usocket.handle = -1;
-
- out:
- return (added);
-}
-
-/*
- * Poll each source, trying to get data from it to stuff into the entropy
- * pool.
- */
-static void
-fillpool(isc_entropy_t *ent, unsigned int desired, isc_boolean_t blocking) {
- unsigned int added;
- unsigned int remaining;
- unsigned int needed;
- unsigned int nsource;
- isc_entropysource_t *source;
-
- REQUIRE(VALID_ENTROPY(ent));
-
- needed = desired;
-
- /*
- * This logic is a little strange, so an explanation is in order.
- *
- * If needed is 0, it means we are being asked to "fill to whatever
- * we think is best." This means that if we have at least a
- * partially full pool (say, > 1/4th of the pool) we probably don't
- * need to add anything.
- *
- * Also, we will check to see if the "pseudo" count is too high.
- * If it is, try to mix in better data. Too high is currently
- * defined as 1/4th of the pool.
- *
- * Next, if we are asked to add a specific bit of entropy, make
- * certain that we will do so. Clamp how much we try to add to
- * (DIGEST_SIZE * 8 < needed < POOLBITS - entropy).
- *
- * Note that if we are in a blocking mode, we will only try to
- * get as much data as we need, not as much as we might want
- * to build up.
- */
- if (needed == 0) {
- REQUIRE(!blocking);
-
- if ((ent->pool.entropy >= RND_POOLBITS / 4)
- && (ent->pool.pseudo <= RND_POOLBITS / 4))
- return;
-
- needed = THRESHOLD_BITS * 4;
- } else {
- needed = ISC_MAX(needed, THRESHOLD_BITS);
- needed = ISC_MIN(needed, RND_POOLBITS);
- }
-
- /*
- * In any case, clamp how much we need to how much we can add.
- */
- needed = ISC_MIN(needed, RND_POOLBITS - ent->pool.entropy);
-
- /*
- * But wait! If we're not yet initialized, we need at least
- * THRESHOLD_BITS
- * of randomness.
- */
- if (ent->initialized < THRESHOLD_BITS)
- needed = ISC_MAX(needed, THRESHOLD_BITS - ent->initialized);
-
- /*
- * Poll each file source to see if we can read anything useful from
- * it. XXXMLG When where are multiple sources, we should keep a
- * record of which one we last used so we can start from it (or the
- * next one) to avoid letting some sources build up entropy while
- * others are always drained.
- */
-
- added = 0;
- remaining = needed;
- if (ent->nextsource == NULL) {
- ent->nextsource = ISC_LIST_HEAD(ent->sources);
- if (ent->nextsource == NULL)
- return;
- }
- source = ent->nextsource;
- again_file:
- for (nsource = 0; nsource < ent->nsources; nsource++) {
- unsigned int got;
-
- if (remaining == 0)
- break;
-
- got = 0;
-
- switch ( source->type ) {
- case ENTROPY_SOURCETYPE_FILE:
- got = get_from_filesource(source, remaining);
- break;
-
- case ENTROPY_SOURCETYPE_USOCKET:
- got = get_from_usocketsource(source, remaining);
- break;
- }
-
- added += got;
-
- remaining -= ISC_MIN(remaining, got);
-
- source = ISC_LIST_NEXT(source, link);
- if (source == NULL)
- source = ISC_LIST_HEAD(ent->sources);
- }
- ent->nextsource = source;
-
- if (blocking && remaining != 0) {
- int fds;
-
- fds = wait_for_sources(ent);
- if (fds > 0)
- goto again_file;
- }
-
- /*
- * Here, if there are bits remaining to be had and we can block,
- * check to see if we have a callback source. If so, call them.
- */
- source = ISC_LIST_HEAD(ent->sources);
- while ((remaining != 0) && (source != NULL)) {
- unsigned int got;
-
- got = 0;
-
- if (source->type == ENTROPY_SOURCETYPE_CALLBACK)
- got = get_from_callback(source, remaining, blocking);
-
- added += got;
- remaining -= ISC_MIN(remaining, got);
-
- if (added >= needed)
- break;
-
- source = ISC_LIST_NEXT(source, link);
- }
-
- /*
- * Mark as initialized if we've added enough data.
- */
- if (ent->initialized < THRESHOLD_BITS)
- ent->initialized += added;
-}
-
-static int
-wait_for_sources(isc_entropy_t *ent) {
- isc_entropysource_t *source;
- int maxfd, fd;
- int cc;
- fd_set reads;
- fd_set writes;
-
- maxfd = -1;
- FD_ZERO(&reads);
- FD_ZERO(&writes);
-
- source = ISC_LIST_HEAD(ent->sources);
- while (source != NULL) {
- if (source->type == ENTROPY_SOURCETYPE_FILE) {
- fd = source->sources.file.handle;
- if (fd >= 0) {
- maxfd = ISC_MAX(maxfd, fd);
- FD_SET(fd, &reads);
- }
- }
- if (source->type == ENTROPY_SOURCETYPE_USOCKET) {
- fd = source->sources.usocket.handle;
- if (fd >= 0) {
- switch (source->sources.usocket.status) {
- case isc_usocketsource_disconnected:
- break;
- case isc_usocketsource_connecting:
- case isc_usocketsource_connected:
- case isc_usocketsource_ndesired:
- maxfd = ISC_MAX(maxfd, fd);
- FD_SET(fd, &writes);
- break;
- case isc_usocketsource_wrote:
- case isc_usocketsource_reading:
- maxfd = ISC_MAX(maxfd, fd);
- FD_SET(fd, &reads);
- break;
- }
- }
- }
- source = ISC_LIST_NEXT(source, link);
- }
-
- if (maxfd < 0)
- return (-1);
-
- cc = select(maxfd + 1, &reads, &writes, NULL, NULL);
- if (cc < 0)
- return (-1);
-
- return (cc);
-}
-
-static void
-destroyfilesource(isc_entropyfilesource_t *source) {
- (void)close(source->handle);
-}
-
-static void
-destroyusocketsource(isc_entropyusocketsource_t *source) {
- close(source->handle);
-}
-
-/*
- * Make a fd non-blocking
- */
-static isc_result_t
-make_nonblock(int fd) {
- int ret;
- char strbuf[ISC_STRERRORSIZE];
-#ifdef USE_FIONBIO_IOCTL
- int on = 1;
-#else
- int flags;
-#endif
-
-#ifdef USE_FIONBIO_IOCTL
- ret = ioctl(fd, FIONBIO, (char *)&on);
-#else
- flags = fcntl(fd, F_GETFL, 0);
- flags |= PORT_NONBLOCK;
- ret = fcntl(fd, F_SETFL, flags);
-#endif
-
- if (ret == -1) {
- isc__strerror(errno, strbuf, sizeof(strbuf));
- UNEXPECTED_ERROR(__FILE__, __LINE__,
-#ifdef USE_FIONBIO_IOCTL
- "ioctl(%d, FIONBIO, &on): %s", fd,
-#else
- "fcntl(%d, F_SETFL, %d): %s", fd, flags,
-#endif
- strbuf);
-
- return (ISC_R_UNEXPECTED);
- }
-
- return (ISC_R_SUCCESS);
-}
-
-isc_result_t
-isc_entropy_createfilesource(isc_entropy_t *ent, const char *fname) {
- int fd;
- struct stat _stat;
- isc_boolean_t is_usocket = ISC_FALSE;
- isc_boolean_t is_connected = ISC_FALSE;
- isc_result_t ret;
- isc_entropysource_t *source;
-
- REQUIRE(VALID_ENTROPY(ent));
- REQUIRE(fname != NULL);
-
- LOCK(&ent->lock);
-
- if (stat(fname, &_stat) < 0) {
- ret = isc__errno2result(errno);
- goto errout;
- }
- /*
- * Solaris 2.5.1 does not have support for sockets (S_IFSOCK),
- * but it does return type S_IFIFO (the OS believes that
- * the socket is a fifo). This may be an issue if we tell
- * the program to look at an actual FIFO as its source of
- * entropy.
- */
-#if defined(S_ISSOCK)
- if (S_ISSOCK(_stat.st_mode))
- is_usocket = ISC_TRUE;
-#endif
-#if defined(S_ISFIFO) && defined(sun)
- if (S_ISFIFO(_stat.st_mode))
- is_usocket = ISC_TRUE;
-#endif
- if (is_usocket)
- fd = socket(PF_UNIX, SOCK_STREAM, 0);
- else
- fd = open(fname, O_RDONLY | PORT_NONBLOCK, 0);
-
- if (fd < 0) {
- ret = isc__errno2result(errno);
- goto errout;
- }
-
- ret = make_nonblock(fd);
- if (ret != ISC_R_SUCCESS)
- goto closefd;
-
- if (is_usocket) {
- struct sockaddr_un sname;
-
- memset(&sname, 0, sizeof(sname));
- sname.sun_family = AF_UNIX;
- strlcpy(sname.sun_path, fname, sizeof(sname.sun_path));
-#ifdef ISC_PLATFORM_HAVESALEN
-#if !defined(SUN_LEN)
-#define SUN_LEN(su) \
- (sizeof(*(su)) - sizeof((su)->sun_path) + strlen((su)->sun_path))
-#endif
- sname.sun_len = SUN_LEN(&sname);
-#endif
-
- if (connect(fd, (struct sockaddr *) &sname,
- sizeof(struct sockaddr_un)) < 0) {
- if (errno != EINPROGRESS) {
- ret = isc__errno2result(errno);
- goto closefd;
- }
- } else
- is_connected = ISC_TRUE;
- }
-
- source = isc_mem_get(ent->mctx, sizeof(isc_entropysource_t));
- if (source == NULL) {
- ret = ISC_R_NOMEMORY;
- goto closefd;
- }
-
- /*
- * From here down, no failures can occur.
- */
- source->magic = SOURCE_MAGIC;
- source->ent = ent;
- source->total = 0;
- source->bad = ISC_FALSE;
- memset(source->name, 0, sizeof(source->name));
- ISC_LINK_INIT(source, link);
- if (is_usocket) {
- source->sources.usocket.handle = fd;
- if (is_connected)
- source->sources.usocket.status =
- isc_usocketsource_connected;
- else
- source->sources.usocket.status =
- isc_usocketsource_connecting;
- source->sources.usocket.sz_to_recv = 0;
- source->type = ENTROPY_SOURCETYPE_USOCKET;
- } else {
- source->sources.file.handle = fd;
- source->type = ENTROPY_SOURCETYPE_FILE;
- }
-
- /*
- * Hook it into the entropy system.
- */
- ISC_LIST_APPEND(ent->sources, source, link);
- ent->nsources++;
-
- UNLOCK(&ent->lock);
- return (ISC_R_SUCCESS);
-
- closefd:
- (void)close(fd);
-
- errout:
- UNLOCK(&ent->lock);
-
- return (ret);
-}
x = cp--;
while (cp >= templet && *cp == 'X') {
- isc_uint32_t which;
-
- isc_random_get(&which);
+ isc_uint32_t which = isc_random();
*cp = alphnum[which % (sizeof(alphnum) - 1)];
x = cp--;
}
x = cp--;
while (cp >= templet && *cp == 'X') {
- isc_uint32_t which;
-
- isc_random_get(&which);
+ isc_uint32_t which = isc_random();
*cp = alphnum[which % (sizeof(alphnum) - 1)];
x = cp--;
}
+++ /dev/null
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-
-/*
- * This is the system dependent part of the ISC entropy API.
- */
-
-#include <config.h>
-
-#include <windows.h>
-#include <wincrypt.h>
-
-#include <process.h>
-#include <io.h>
-#include <share.h>
-
-/*
- * There is only one variable in the entropy data structures that is not
- * system independent, but pulling the structure that uses it into this file
- * ultimately means pulling several other independent structures here also to
- * resolve their interdependencies. Thus only the problem variable's type
- * is defined here.
- */
-#define FILESOURCE_HANDLE_TYPE HCRYPTPROV
-
-typedef struct {
- int dummy;
-} isc_entropyusocketsource_t;
-
-#include "../entropy.c"
-
-static unsigned int
-get_from_filesource(isc_entropysource_t *source, isc_uint32_t desired) {
- isc_entropy_t *ent = source->ent;
- unsigned char buf[128];
- HCRYPTPROV hcryptprov = source->sources.file.handle;
- ssize_t ndesired;
- unsigned int added;
-
- if (source->bad)
- return (0);
-
- desired = desired / 8 + (((desired & 0x07) > 0) ? 1 : 0);
-
- added = 0;
- while (desired > 0) {
- ndesired = ISC_MIN(desired, sizeof(buf));
- if (!CryptGenRandom(hcryptprov, (DWORD)ndesired, buf)) {
- CryptReleaseContext(hcryptprov, 0);
- source->bad = ISC_TRUE;
- goto out;
- }
-
- entropypool_adddata(ent, buf,
- (unsigned int)ndesired,
- (unsigned int)ndesired * 8);
- added += (unsigned int)ndesired * 8;
- desired -= (isc_uint32_t)ndesired;
- }
-
- out:
- return (added);
-}
-
-/*
- * Poll each source, trying to get data from it to stuff into the entropy
- * pool.
- */
-static void
-fillpool(isc_entropy_t *ent, unsigned int desired, isc_boolean_t blocking) {
- unsigned int added;
- unsigned int remaining;
- unsigned int needed;
- unsigned int nsource;
- isc_entropysource_t *source;
- isc_entropysource_t *firstsource;
-
- REQUIRE(VALID_ENTROPY(ent));
-
- needed = desired;
-
- /*
- * This logic is a little strange, so an explanation is in order.
- *
- * If needed is 0, it means we are being asked to "fill to whatever
- * we think is best." This means that if we have at least a
- * partially full pool (say, > 1/4th of the pool) we probably don't
- * need to add anything.
- *
- * Also, we will check to see if the "pseudo" count is too high.
- * If it is, try to mix in better data. Too high is currently
- * defined as 1/4th of the pool.
- *
- * Next, if we are asked to add a specific bit of entropy, make
- * certain that we will do so. Clamp how much we try to add to
- * (DIGEST_SIZE * 8 < needed < POOLBITS - entropy).
- *
- * Note that if we are in a blocking mode, we will only try to
- * get as much data as we need, not as much as we might want
- * to build up.
- */
- if (needed == 0) {
- REQUIRE(!blocking);
-
- if ((ent->pool.entropy >= RND_POOLBITS / 4)
- && (ent->pool.pseudo <= RND_POOLBITS / 4))
- return;
-
- needed = THRESHOLD_BITS * 4;
- } else {
- needed = ISC_MAX(needed, THRESHOLD_BITS);
- needed = ISC_MIN(needed, RND_POOLBITS);
- }
-
- /*
- * In any case, clamp how much we need to how much we can add.
- */
- needed = ISC_MIN(needed, RND_POOLBITS - ent->pool.entropy);
-
- /*
- * But wait! If we're not yet initialized, we need at least
- * THRESHOLD_BITS
- * of randomness.
- */
- if (ent->initialized < THRESHOLD_BITS)
- needed = ISC_MAX(needed, THRESHOLD_BITS - ent->initialized);
-
- /*
- * Poll each file source to see if we can read anything useful from
- * it. XXXMLG When where are multiple sources, we should keep a
- * record of which one we last used so we can start from it (or the
- * next one) to avoid letting some sources build up entropy while
- * others are always drained.
- */
-
- added = 0;
- remaining = needed;
- if (ent->nextsource == NULL) {
- ent->nextsource = ISC_LIST_HEAD(ent->sources);
- if (ent->nextsource == NULL)
- return;
- }
- source = ent->nextsource;
- /*
- * Remember the first source so we can break if we have looped back to
- * the beginning and still have nothing
- */
- firstsource = source;
- again_file:
- for (nsource = 0; nsource < ent->nsources; nsource++) {
- unsigned int got;
-
- if (remaining == 0)
- break;
-
- got = 0;
-
- if (source->type == ENTROPY_SOURCETYPE_FILE)
- got = get_from_filesource(source, remaining);
-
- added += got;
-
- remaining -= ISC_MIN(remaining, got);
-
- source = ISC_LIST_NEXT(source, link);
- if (source == NULL)
- source = ISC_LIST_HEAD(ent->sources);
- }
- ent->nextsource = source;
-
- /*
- * Go again only if there's been progress and we've not
- * gone back to the beginning
- */
- if (!(ent->nextsource == firstsource && added == 0)) {
- if (blocking && remaining != 0) {
- goto again_file;
- }
- }
-
- /*
- * Here, if there are bits remaining to be had and we can block,
- * check to see if we have a callback source. If so, call them.
- */
- source = ISC_LIST_HEAD(ent->sources);
- while ((remaining != 0) && (source != NULL)) {
- unsigned int got;
-
- got = 0;
-
- if (source->type == ENTROPY_SOURCETYPE_CALLBACK)
- got = get_from_callback(source, remaining, blocking);
-
- added += got;
- remaining -= ISC_MIN(remaining, got);
-
- if (added >= needed)
- break;
-
- source = ISC_LIST_NEXT(source, link);
- }
-
- /*
- * Mark as initialized if we've added enough data.
- */
- if (ent->initialized < THRESHOLD_BITS)
- ent->initialized += added;
-}
-
-
-
-/*
- * Requires "ent" be locked.
- */
-static void
-destroyfilesource(isc_entropyfilesource_t *source) {
- CryptReleaseContext(source->handle, 0);
-}
-
-static void
-destroyusocketsource(isc_entropyusocketsource_t *source) {
- UNUSED(source);
-}
-
-
-isc_result_t
-isc_entropy_createfilesource(isc_entropy_t *ent, const char *fname) {
- isc_result_t ret;
- isc_entropysource_t *source;
- HCRYPTPROV hcryptprov;
- BOOL err;
-
- REQUIRE(VALID_ENTROPY(ent));
- REQUIRE(fname != NULL);
-
- LOCK(&ent->lock);
-
- source = NULL;
-
- /*
- * The first time we just try to acquire the context
- */
- err = CryptAcquireContext(&hcryptprov, NULL, NULL, PROV_RSA_FULL,
- CRYPT_VERIFYCONTEXT);
- if (!err){
- (void)GetLastError();
- ret = ISC_R_IOERROR;
- goto errout;
- }
-
- source = isc_mem_get(ent->mctx, sizeof(isc_entropysource_t));
- if (source == NULL) {
- ret = ISC_R_NOMEMORY;
- goto closecontext;
- }
-
- /*
- * From here down, no failures can occur.
- */
- source->magic = SOURCE_MAGIC;
- source->type = ENTROPY_SOURCETYPE_FILE;
- source->ent = ent;
- source->total = 0;
- source->bad = ISC_FALSE;
- memset(source->name, 0, sizeof(source->name));
- ISC_LINK_INIT(source, link);
- source->sources.file.handle = hcryptprov;
-
- /*
- * Hook it into the entropy system.
- */
- ISC_LIST_APPEND(ent->sources, source, link);
- ent->nsources++;
-
- UNLOCK(&ent->lock);
- return (ISC_R_SUCCESS);
-
- closecontext:
- CryptReleaseContext(hcryptprov, 0);
-
- errout:
- if (source != NULL)
- isc_mem_put(ent->mctx, source, sizeof(isc_entropysource_t));
-
- UNLOCK(&ent->lock);
-
- return (ret);
-}
-
-
-
-
trv++;
/* extra X's get set to 0's */
while (*--trv == 'X') {
- isc_uint32_t which;
-
- isc_random_get(&which);
+ isc_uint32_t which = isc_random();
*trv = alphnum[which % (sizeof(alphnum) - 1)];
}
/*
isc_dir_open
isc_dir_read
isc_dir_reset
-isc_entropy_addcallbacksample
-isc_entropy_addsample
-isc_entropy_attach
-isc_entropy_create
-isc_entropy_createcallbacksource
-isc_entropy_createfilesource
-isc_entropy_createsamplesource
-isc_entropy_destroysource
-isc_entropy_detach
-isc_entropy_getdata
-isc_entropy_putdata
-isc_entropy_sethook
-isc_entropy_stats
-isc_entropy_status
-isc_entropy_stopcallbacksources
-isc_entropy_usebestsource
-isc_entropy_usehook
isc_errno_toresult
isc_error_fatal
isc_error_runtimecheck
isc_radix_process
isc_radix_remove
isc_radix_search
-isc_random_get
-isc_random_jitter
-isc_random_seed
+isc_random
+isc_random_buf
+isc_random_uniform
isc_ratelimiter_attach
isc_ratelimiter_create
isc_ratelimiter_dequeue
isc_result_registerids
isc_result_toid
isc_result_totext
-isc_rng_attach
-isc_rng_create
-isc_rng_detach
-isc_rng_random
-isc_rng_randombytes
-isc_rng_uniformrandom
isc_rwlock_destroy
isc_rwlock_downgrade
isc_rwlock_init
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup>
<Filter Include="Library Header Files">
<ClInclude Include="..\include\isc\crc64.h">
<Filter>Library Header Files</Filter>
</ClInclude>
- <ClInclude Include="..\include\isc\entropy.h">
- <Filter>Library Header Files</Filter>
- </ClInclude>
<ClInclude Include="..\include\isc\errno.h">
<Filter>Library Header Files</Filter>
</ClInclude>
<ClCompile Include="DLLMain.c">
<Filter>Win32 Source Files</Filter>
</ClCompile>
- <ClCompile Include="entropy.c">
- <Filter>Win32 Source Files</Filter>
- </ClCompile>
<ClCompile Include="errno.c">
<Filter>Win32 Source Files</Filter>
</ClCompile>
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Debug|@PLATFORM@">
<ClInclude Include="..\include\isc\commandline.h" />
<ClInclude Include="..\include\isc\counter.h" />
<ClInclude Include="..\include\isc\crc64.h" />
- <ClInclude Include="..\include\isc\entropy.h" />
<ClInclude Include="..\include\isc\errno.h" />
<ClInclude Include="..\include\isc\error.h" />
<ClInclude Include="..\include\isc\event.h" />
<ClCompile Include="condition.c" />
<ClCompile Include="dir.c" />
<ClCompile Include="DLLMain.c" />
- <ClCompile Include="entropy.c" />
<ClCompile Include="errno.c" />
<ClCompile Include="errno2result.c" />
<ClCompile Include="file.c" />
isc_buffer_init(&buf, cookie, sizeof(cookie));
isc_stdtime_get(&now);
- isc_rng_randombytes(client->sctx->rngctx,
- &nonce, sizeof(nonce));
+ isc_random_buf(&nonce, sizeof(nonce));
compute_cookie(client, now, nonce, client->sctx->secret, &buf);
isc_uint16_t transfer_tcp_message_size;
isc_boolean_t interface_auto;
dns_tkeyctx_t * tkeyctx;
- isc_rng_t * rngctx;
/*% Server id for NSID */
char * server_id;
};
isc_result_t
-ns_server_create(isc_mem_t *mctx, isc_entropy_t *entropy,
- ns_matchview_t matchingview, ns_server_t **sctxp);
+ns_server_create(isc_mem_t *mctx, ns_matchview_t matchingview,
+ ns_server_t **sctxp);
/*%<
* Create a server context object with default settings.
*/
} while (0) \
isc_result_t
-ns_server_create(isc_mem_t *mctx, isc_entropy_t *entropy,
- ns_matchview_t matchingview, ns_server_t **sctxp)
+ns_server_create(isc_mem_t *mctx, ns_matchview_t matchingview,
+ ns_server_t **sctxp)
{
ns_server_t *sctx;
isc_result_t result;
CHECKFATAL(isc_quota_init(&sctx->tcpquota, 10));
CHECKFATAL(isc_quota_init(&sctx->recursionquota, 100));
- CHECKFATAL(dns_tkeyctx_create(mctx, entropy, &sctx->tkeyctx));
- CHECKFATAL(isc_rng_create(mctx, entropy, &sctx->rngctx));
+ CHECKFATAL(dns_tkeyctx_create(mctx, &sctx->tkeyctx));
CHECKFATAL(ns_stats_create(mctx, ns_statscounter_max, &sctx->nsstats));
dns_acl_detach(&sctx->blackholeacl);
if (sctx->keepresporder != NULL)
dns_acl_detach(&sctx->keepresporder);
- if (sctx->rngctx != NULL)
- isc_rng_detach(&sctx->rngctx);
if (sctx->tkeyctx != NULL)
dns_tkeyctx_destroy(&sctx->tkeyctx);
#include <isc/app.h>
#include <isc/buffer.h>
-#include <isc/entropy.h>
#include <isc/file.h>
#include <isc/hash.h>
#include <isc/mem.h>
#include "nstest.h"
isc_mem_t *mctx = NULL;
-isc_entropy_t *ectx = NULL;
isc_log_t *lctx = NULL;
isc_taskmgr_t *taskmgr = NULL;
isc_task_t *maintask = NULL;
CHECK(isc_socketmgr_create(mctx, &socketmgr));
- CHECK(ns_server_create(mctx, ectx, matchview, &sctx));
+ CHECK(ns_server_create(mctx, matchview, &sctx));
- CHECK(dns_dispatchmgr_create(mctx, ectx, &dispatchmgr));
+ CHECK(dns_dispatchmgr_create(mctx, &dispatchmgr));
CHECK(ns_interfacemgr_create(mctx, sctx, taskmgr, timermgr,
socketmgr, dispatchmgr, maintask,
if (debug_mem_record)
isc_mem_debugging |= ISC_MEM_DEBUGRECORD;
CHECK(isc_mem_create(0, 0, &mctx));
- CHECK(isc_entropy_create(mctx, &ectx));
- CHECK(dst_lib_init(mctx, ectx, NULL, ISC_ENTROPY_BLOCKING));
+ CHECK(dst_lib_init(mctx, NULL));
dst_active = ISC_TRUE;
if (logfile != NULL) {
cleanup_managers();
- if (ectx != NULL)
- isc_entropy_detach(&ectx);
-
if (lctx != NULL)
isc_log_destroy(&lctx);
/*
* Set query ID to a random value.
*/
- isc_random_get(&qid);
+ qid = isc_random();
message->id = (dns_messageid_t)(qid & 0xffff);
/*
#include <config.h>
#include <isc/buffer.h>
-#include <isc/entropy.h>
#include <isc/hash.h>
#include <isc/log.h>
#include <isc/mem.h>
} while (0)
extern isc_mem_t *mctx;
-extern isc_entropy_t *ectx;
extern isc_log_t *lctx;
extern isc_taskmgr_t *taskmgr;
extern isc_task_t *maintask;
./bin/tests/optional/byname_test.c C 2000,2001,2004,2005,2007,2009,2012,2015,2016,2017,2018
./bin/tests/optional/db_test.c C 1999,2000,2001,2004,2005,2007,2008,2009,2011,2012,2013,2015,2016,2017,2018
./bin/tests/optional/dst_test.c C 2018
-./bin/tests/optional/entropy2_test.c C 2000,2001,2004,2005,2007,2015,2016,2018
-./bin/tests/optional/entropy_test.c C 2000,2001,2004,2005,2007,2015,2016,2018
./bin/tests/optional/fsaccess_test.c C 2000,2001,2004,2005,2007,2012,2015,2016,2018
./bin/tests/optional/gsstest.c C 2018
./bin/tests/optional/hash_test.c C 2000,2001,2004,2005,2006,2007,2014,2015,2016,2017,2018
./lib/isc/commandline.c C.PORTION 1999,2000,2001,2004,2005,2007,2008,2014,2015,2016,2018
./lib/isc/counter.c C 2014,2016,2018
./lib/isc/crc64.c C 2013,2016,2018
-./lib/isc/entropy.c C 2000,2001,2002,2003,2004,2005,2006,2007,2009,2010,2014,2015,2016,2017,2018
./lib/isc/error.c C 1998,1999,2000,2001,2004,2005,2007,2015,2016,2018
./lib/isc/event.c C 1998,1999,2000,2001,2004,2005,2007,2014,2016,2017,2018
./lib/isc/fsaccess.c C 2000,2001,2004,2005,2007,2016,2017,2018
./lib/isc/include/isc/counter.h C 2014,2016,2018
./lib/isc/include/isc/crc64.h C 2013,2016,2018
./lib/isc/include/isc/deprecated.h C 2017,2018
-./lib/isc/include/isc/entropy.h C 2000,2001,2004,2005,2006,2007,2009,2016,2017,2018
./lib/isc/include/isc/errno.h C 2016,2018
./lib/isc/include/isc/error.h C 1998,1999,2000,2001,2004,2005,2006,2007,2009,2016,2017,2018
./lib/isc/include/isc/event.h C 1998,1999,2000,2001,2002,2004,2005,2006,2007,2014,2016,2017,2018
./lib/isc/unix/Makefile.in MAKE 1998,1999,2000,2001,2004,2007,2009,2012,2014,2015,2016,2017,2018
./lib/isc/unix/app.c C 1999,2000,2001,2002,2003,2004,2005,2007,2008,2009,2013,2014,2015,2016,2017,2018
./lib/isc/unix/dir.c C 1999,2000,2001,2004,2005,2007,2008,2009,2011,2012,2016,2017,2018
-./lib/isc/unix/entropy.c C 2000,2001,2002,2003,2004,2005,2006,2007,2008,2012,2016,2017,2018
./lib/isc/unix/errno.c C 2016,2018
./lib/isc/unix/errno2result.c C 2000,2001,2002,2004,2005,2007,2011,2012,2013,2016,2018
./lib/isc/unix/errno2result.h C 2000,2001,2004,2005,2007,2011,2012,2016,2018
./lib/isc/win32/app.c C 1999,2000,2001,2004,2007,2009,2013,2014,2016,2018
./lib/isc/win32/condition.c C 1998,1999,2000,2001,2004,2006,2007,2016,2018
./lib/isc/win32/dir.c C 1999,2000,2001,2004,2007,2008,2009,2011,2012,2013,2016,2017,2018
-./lib/isc/win32/entropy.c C 2000,2001,2002,2004,2007,2009,2013,2016,2018
./lib/isc/win32/errno.c C 2016,2018
./lib/isc/win32/errno2result.c C 2000,2001,2002,2004,2005,2007,2008,2013,2016,2018
./lib/isc/win32/errno2result.h C 2000,2001,2004,2005,2007,2016,2018
projects / thirdparty / bind9.git / commitdiff
