+2721. [port] Have dst__entropy_status() prime the random number
+ generator. [RT #20369]
+
2720. [bug] RFC 5011 trust anchor updates could trigger an
assert if the DNSKEY record was unsigned. [RT #20406]
/*
* Principal Author: Brian Wellington
- * $Id: dst_api.c,v 1.41 2009/10/12 20:48:12 each Exp $
+ * $Id: dst_api.c,v 1.42 2009/10/20 04:39:48 marka Exp $
*/
/*! \file */
dst__entropy_getdata(void *buf, unsigned int len, isc_boolean_t pseudo) {
#ifdef BIND9
unsigned int flags = dst_entropy_flags;
+
+ if (len == 0)
+ return (ISC_R_SUCCESS);
if (pseudo)
flags &= ~ISC_ENTROPY_GOODONLY;
else
unsigned int
dst__entropy_status(void) {
#ifdef BIND9
+#ifdef GSSAPI
+ unsigned int flags = dst_entropy_flags;
+ isc_result_t ret;
+ unsigned char buf[32];
+ static isc_boolean_t first = ISC_TRUE;
+
+ if (first) {
+ /* Someone believes RAND_status() initializes the PRNG */
+ flags &= ~ISC_ENTROPY_GOODONLY;
+ ret = isc_entropy_getdata(dst_entropy_pool, buf,
+ sizeof(buf), NULL, flags);
+ INSIST(ret == ISC_R_SUCCESS);
+ isc_entropy_putdata(dst_entropy_pool, buf,
+ sizeof(buf), 2 * sizeof(buf));
+ first = ISC_FALSE;
+ }
+#endif
return (isc_entropy_status(dst_entropy_pool));
#else
return (0);
projects / thirdparty / bind9.git / commitdiff
