From: Miek Gieben Date: Thu, 1 Sep 2005 17:39:02 +0000 (+0000) Subject: random init function was added. It's used in keygen now X-Git-Tag: release-1.0.0~211 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8475ecee14abb778af9adeaefa3efab441e40dc1;p=thirdparty%2Fldns.git random init function was added. It's used in keygen now --- diff --git a/dnssec.c b/dnssec.c index 3a63984c..458b3c30 100644 --- a/dnssec.c +++ b/dnssec.c @@ -1582,25 +1582,35 @@ ldns_zone_sign(ldns_zone *zone, ldns_key_list *key_list, ldns_key_list *key_sign /* Init the random source * apps must call this */ -ldns_status ldns_init_random(uint16_t num) { +ldns_status +ldns_init_random(FILE *fd, uint16_t bytes) { FILE *rand; uint8_t *buf; - buf = LDNS_XMALLOC(uint8_t, num); + buf = LDNS_XMALLOC(uint8_t, bytes); if (!buf) { return LDNS_STATUS_ERR;; } + if (!fd) { + if ((rand = fopen("r", "/dev/random")) == NULL) { + LDNS_FREE(buf); + return LDNS_STATUS_ERR; + } + } else { + rand = fd; + } - if ((rand = fopen("r", "/dev/random")) == NULL) { + if ((fread(buf, sizeof(uint8_t), (size_t)bytes, rand) != bytes)) { LDNS_FREE(buf); + if (!fd) { + fclose(rand); + } return LDNS_STATUS_ERR; } - if ((fread(buf, sizeof(uint8_t), (size_t)num, rand) != num)) { - LDNS_FREE(buf); + if (!fd) { fclose(rand); - return LDNS_STATUS_ERR; } + RAND_seed((const void *)buf, (int)bytes); LDNS_FREE(buf); - RAND_seed((const void *)buf, (int)num); return LDNS_STATUS_OK; } diff --git a/keygen.c b/keygen.c index 9daa0515..ba0aefbd 100644 --- a/keygen.c +++ b/keygen.c @@ -13,22 +13,18 @@ void usage(FILE *fp, char *prog) { - fprintf(fp, "%s keygen [-D|-R] -b bits domain\n", prog); + fprintf(fp, "%s keygen [-D|-R] [-b bits] [-r /dev/random] domain\n", prog); fprintf(fp, " generate a new key pair for domain\n"); fprintf(fp, " -D\tgenerate a DSA key\n"); fprintf(fp, " -R\tgenerate a RSA key\n"); fprintf(fp, " -k\tset the flags to 257; key signing key\n"); fprintf(fp, " -b \tspecify the keylength\n"); + fprintf(fp, " -r \tspecify a random device (defaults to /dev/random)\n"); fprintf(fp, " The following files will be created:\n"); fprintf(fp, " K++.key\tPublic key in RR format\n"); fprintf(fp, " K++.private\tPrivate key in key format\n"); fprintf(fp, " K++.ds\tDS in RR format\n"); fprintf(fp, " The base name (K++ will be printed to stdout\n"); -/* - fprintf(fp, " The public key is printed to stdout\n"); - fprintf(fp, " The private key is printed to stderr\n"); -*/ - fprintf(fp, "\nWARNING, WARNING, this program does NOT use a good random source for the key generation.\nUse at your OWN RISK\n\n"); } int @@ -43,6 +39,7 @@ main(int argc, char *argv[]) bool ksk; FILE *file; + FILE *random; char *filename; char *owner; @@ -54,9 +51,10 @@ main(int argc, char *argv[]) prog = strdup(argv[0]); algorithm = 0; + random = NULL; ksk = false; /* don't create a ksk per default */ - while ((c = getopt(argc, argv, "DRkb:")) != -1) { + while ((c = getopt(argc, argv, "DRkb:r:")) != -1) { switch (c) { case 'D': if (algorithm != 0) { @@ -82,6 +80,12 @@ main(int argc, char *argv[]) case 'k': ksk = true; break; + case 'r': + random = fopen("r", optarg); + if (!random) { + fprintf(stderr, "Cannot open random file: %s\n", optarg); + exit(EXIT_FAILURE); + } default: usage(stderr, prog); exit(EXIT_FAILURE); @@ -99,7 +103,7 @@ main(int argc, char *argv[]) exit(EXIT_FAILURE); } - ldns_random_init(1000); /* init the random engine */ + (void)ldns_init_random(random, def_bits * 8 * 2); /* I hope this is enough? */ /* create an rdf from the domain name */ domain = ldns_dname_new_frm_str(argv[0]); diff --git a/ldns/dnssec.h b/ldns/dnssec.h index f4a2c60c..67f6e1f6 100644 --- a/ldns/dnssec.h +++ b/ldns/dnssec.h @@ -181,6 +181,6 @@ ldns_status ldns_pkt_verify(ldns_pkt *p, ldns_rr_type t, ldns_rdf *o, ldns_rr_li */ ldns_zone *ldns_zone_sign(ldns_zone *zone, ldns_key_list *key_list, ldns_key_list *key_signing_key_list); -ldns_status ldns_init_random(uint16_t num); +ldns_status ldns_init_random(FILE *fd, uint16_t bytes); #endif /* _LDNS_DNSSEC_H_ */