random init function was added. It's used in keygen now

diff --git a/dnssec.c b/dnssec.c
index 3a63984cf7b14786b79e0f2bd8e6d1005f737ae4..458b3c30ab57c04b436cdf8e1c73b42320ce1f09 100644 (file)
--- a/dnssec.c
+++ b/dnssec.c
@@ -1582,25 +1582,35 @@ ldns_zone_sign(ldns_zone *zone, ldns_key_list *key_list, ldns_key_list *key_sign
 /* Init the random source
  * apps must call this 
  */
-ldns_status ldns_init_random(uint16_t num) {
+ldns_status 
+ldns_init_random(FILE *fd, uint16_t bytes) {
        FILE *rand;
        uint8_t *buf;
 
-       buf = LDNS_XMALLOC(uint8_t, num);
+       buf = LDNS_XMALLOC(uint8_t, bytes);
        if (!buf) {
                return LDNS_STATUS_ERR;;
        }
+       if (!fd) {
+               if ((rand = fopen("r", "/dev/random")) == NULL) {
+                       LDNS_FREE(buf);
+                       return LDNS_STATUS_ERR;
+               }
+       } else {
+               rand = fd;
+       }
 
-       if ((rand = fopen("r", "/dev/random")) == NULL) {
+       if ((fread(buf, sizeof(uint8_t), (size_t)bytes, rand) != bytes)) {
                LDNS_FREE(buf);
+               if (!fd) {
+                       fclose(rand);
+               }
                return LDNS_STATUS_ERR;
        }
-       if ((fread(buf, sizeof(uint8_t), (size_t)num, rand) != num)) {
-               LDNS_FREE(buf);
+       if (!fd) {
                fclose(rand);
-               return LDNS_STATUS_ERR;
        }
+       RAND_seed((const void *)buf, (int)bytes);
        LDNS_FREE(buf);
-       RAND_seed((const void *)buf, (int)num);
        return LDNS_STATUS_OK;
 }

diff --git a/keygen.c b/keygen.c
index 9daa0515740b62260d3c3538a7e61cdf750b4185..ba0aefbd163b29b6f3776c9c6a44e3f1c480fdeb 100644 (file)
--- a/keygen.c
+++ b/keygen.c
@@ -13,22 +13,18 @@
 
 void
 usage(FILE *fp, char *prog) {
-       fprintf(fp, "%s keygen [-D|-R] -b bits domain\n", prog);
+       fprintf(fp, "%s keygen [-D|-R] [-b bits] [-r /dev/random]  domain\n", prog);
        fprintf(fp, "  generate a new key pair for domain\n");
        fprintf(fp, "  -D\tgenerate a DSA key\n");
        fprintf(fp, "  -R\tgenerate a RSA key\n");
        fprintf(fp, "  -k\tset the flags to 257; key signing key\n");
        fprintf(fp, "  -b <bits>\tspecify the keylength\n");
+       fprintf(fp, "  -r <random>\tspecify a random device (defaults to /dev/random)\n");
        fprintf(fp, "  The following files will be created:\n");
        fprintf(fp, "    K<name>+<alg>+<id>.key\tPublic key in RR format\n");
        fprintf(fp, "    K<name>+<alg>+<id>.private\tPrivate key in key format\n");
        fprintf(fp, "    K<name>+<alg>+<id>.ds\tDS in RR format\n");
        fprintf(fp, "  The base name (K<name>+<alg>+<id> will be printed to stdout\n");
-/*
-       fprintf(fp, "  The public key is printed to stdout\n");
-       fprintf(fp, "  The private key is printed to stderr\n");
-*/
-       fprintf(fp, "\nWARNING, WARNING, this program does NOT use a good random source for the key generation.\nUse at your OWN RISK\n\n");
 }
 
 int
@@ -43,6 +39,7 @@ main(int argc, char *argv[])
        bool ksk;
 
        FILE *file;
+       FILE *random;
        char *filename;
        char *owner;
 
@@ -54,9 +51,10 @@ main(int argc, char *argv[])
 
        prog = strdup(argv[0]);
        algorithm = 0;
+       random = NULL;
        ksk = false; /* don't create a ksk per default */
        
-       while ((c = getopt(argc, argv, "DRkb:")) != -1) {
+       while ((c = getopt(argc, argv, "DRkb:r:")) != -1) {
                switch (c) {
                case 'D':
                        if (algorithm != 0) {
@@ -82,6 +80,12 @@ main(int argc, char *argv[])
                case 'k':
                        ksk = true;
                        break;
+               case 'r':
+                       random = fopen("r", optarg);
+                       if (!random) {
+                               fprintf(stderr, "Cannot open random file: %s\n", optarg);
+                               exit(EXIT_FAILURE);
+                       }
                default:
                        usage(stderr, prog);
                        exit(EXIT_FAILURE);
@@ -99,7 +103,7 @@ main(int argc, char *argv[])
                exit(EXIT_FAILURE);
        } 
 
-       ldns_random_init(1000); /* init the random engine */
+       (void)ldns_init_random(random, def_bits * 8 * 2); /* I hope this is enough? */
 
        /* create an rdf from the domain name */
        domain = ldns_dname_new_frm_str(argv[0]);

diff --git a/ldns/dnssec.h b/ldns/dnssec.h
index f4a2c60c42e45715057e2da8dd5d7938c2133394..67f6e1f66b20459d489402e99d318e397ad506d3 100644 (file)
--- a/ldns/dnssec.h
+++ b/ldns/dnssec.h
@@ -181,6 +181,6 @@ ldns_status ldns_pkt_verify(ldns_pkt *p, ldns_rr_type t, ldns_rdf *o, ldns_rr_li
  */
 ldns_zone *ldns_zone_sign(ldns_zone *zone, ldns_key_list *key_list, ldns_key_list *key_signing_key_list);
  
-ldns_status ldns_init_random(uint16_t num);
+ldns_status ldns_init_random(FILE *fd, uint16_t bytes);
 
 #endif /* _LDNS_DNSSEC_H_ */