/* Init the random source
* apps must call this
*/
-ldns_status ldns_init_random(uint16_t num) {
+ldns_status
+ldns_init_random(FILE *fd, uint16_t bytes) {
FILE *rand;
uint8_t *buf;
- buf = LDNS_XMALLOC(uint8_t, num);
+ buf = LDNS_XMALLOC(uint8_t, bytes);
if (!buf) {
return LDNS_STATUS_ERR;;
}
+ if (!fd) {
+ if ((rand = fopen("r", "/dev/random")) == NULL) {
+ LDNS_FREE(buf);
+ return LDNS_STATUS_ERR;
+ }
+ } else {
+ rand = fd;
+ }
- if ((rand = fopen("r", "/dev/random")) == NULL) {
+ if ((fread(buf, sizeof(uint8_t), (size_t)bytes, rand) != bytes)) {
LDNS_FREE(buf);
+ if (!fd) {
+ fclose(rand);
+ }
return LDNS_STATUS_ERR;
}
- if ((fread(buf, sizeof(uint8_t), (size_t)num, rand) != num)) {
- LDNS_FREE(buf);
+ if (!fd) {
fclose(rand);
- return LDNS_STATUS_ERR;
}
+ RAND_seed((const void *)buf, (int)bytes);
LDNS_FREE(buf);
- RAND_seed((const void *)buf, (int)num);
return LDNS_STATUS_OK;
}
void
usage(FILE *fp, char *prog) {
- fprintf(fp, "%s keygen [-D|-R] -b bits domain\n", prog);
+ fprintf(fp, "%s keygen [-D|-R] [-b bits] [-r /dev/random] domain\n", prog);
fprintf(fp, " generate a new key pair for domain\n");
fprintf(fp, " -D\tgenerate a DSA key\n");
fprintf(fp, " -R\tgenerate a RSA key\n");
fprintf(fp, " -k\tset the flags to 257; key signing key\n");
fprintf(fp, " -b <bits>\tspecify the keylength\n");
+ fprintf(fp, " -r <random>\tspecify a random device (defaults to /dev/random)\n");
fprintf(fp, " The following files will be created:\n");
fprintf(fp, " K<name>+<alg>+<id>.key\tPublic key in RR format\n");
fprintf(fp, " K<name>+<alg>+<id>.private\tPrivate key in key format\n");
fprintf(fp, " K<name>+<alg>+<id>.ds\tDS in RR format\n");
fprintf(fp, " The base name (K<name>+<alg>+<id> will be printed to stdout\n");
-/*
- fprintf(fp, " The public key is printed to stdout\n");
- fprintf(fp, " The private key is printed to stderr\n");
-*/
- fprintf(fp, "\nWARNING, WARNING, this program does NOT use a good random source for the key generation.\nUse at your OWN RISK\n\n");
}
int
bool ksk;
FILE *file;
+ FILE *random;
char *filename;
char *owner;
prog = strdup(argv[0]);
algorithm = 0;
+ random = NULL;
ksk = false; /* don't create a ksk per default */
- while ((c = getopt(argc, argv, "DRkb:")) != -1) {
+ while ((c = getopt(argc, argv, "DRkb:r:")) != -1) {
switch (c) {
case 'D':
if (algorithm != 0) {
case 'k':
ksk = true;
break;
+ case 'r':
+ random = fopen("r", optarg);
+ if (!random) {
+ fprintf(stderr, "Cannot open random file: %s\n", optarg);
+ exit(EXIT_FAILURE);
+ }
default:
usage(stderr, prog);
exit(EXIT_FAILURE);
exit(EXIT_FAILURE);
}
- ldns_random_init(1000); /* init the random engine */
+ (void)ldns_init_random(random, def_bits * 8 * 2); /* I hope this is enough? */
/* create an rdf from the domain name */
domain = ldns_dname_new_frm_str(argv[0]);