Commit c73aafe6 authored by Brian Wellington's avatar Brian Wellington
Browse files

dst_random_get notices when openssl complains about having no entropy, and

calls isc_random_get to get some.  This should possibly do something
else later.
parent fcdd365b
2. [bug] Generating cryptographic randomness failed on
systems without /dev/random.
1. [bug] The installdirs rule in
lib/isc/unix/include/isc/Makefile.in had a typo which
prevented the isc directory from being created if it
didn't exist.
--- 9.0.0b1 released ---
\ No newline at end of file
--- 9.0.0b1 released ---
......@@ -17,7 +17,7 @@
/*
* Principal Author: Brian Wellington
* $Id: dst_api.c,v 1.23 2000/03/16 22:43:33 halley Exp $
* $Id: dst_api.c,v 1.24 2000/03/28 03:06:36 bwelling Exp $
*/
#include <config.h>
......@@ -37,7 +37,9 @@
#include <isc/mem.h>
#include <isc/mutex.h>
#include <isc/once.h>
#include <isc/random.h>
#include <isc/region.h>
#include <isc/time.h>
#include <dns/rdata.h>
#include <dns/keyvalues.h>
......@@ -810,6 +812,8 @@ dst_secret_size(const dst_key_t *key, unsigned int *n) {
isc_result_t
dst_random_get(const unsigned int wanted, isc_buffer_t *target) {
isc_region_t r;
isc_result_t result;
int status;
RUNTIME_CHECK(isc_once_do(&once, initialize) == ISC_R_SUCCESS);
REQUIRE(target != NULL);
......@@ -819,10 +823,41 @@ dst_random_get(const unsigned int wanted, isc_buffer_t *target) {
return (ISC_R_NOSPACE);
RUNTIME_CHECK(isc_mutex_lock((&random_lock)) == ISC_R_SUCCESS);
RAND_bytes(r.base, wanted);
status = RAND_bytes(r.base, wanted);
if (status == 0) {
isc_random_t rctx;
isc_uint32_t val;
isc_time_t now;
int count = 0;
isc_random_init(&rctx);
result = isc_time_now(&now);
if (result != ISC_R_SUCCESS)
goto failure;
isc_random_seed(&rctx, isc_time_nanoseconds(&now));
while (RAND_status() == 0 && count < 1000) {
isc_random_get(&rctx, &val);
RAND_add(&val, sizeof(isc_uint32_t), 1);
count++;
}
isc_random_invalidate(&rctx);
if (RAND_status() == 0) {
result = DST_R_NORANDOMNESS;
goto failure;
}
status = RAND_bytes(r.base, wanted);
}
RUNTIME_CHECK(isc_mutex_unlock((&random_lock)) == ISC_R_SUCCESS);
if (status == 0)
return (DST_R_NORANDOMNESS);
isc_buffer_add(target, wanted);
return (ISC_R_SUCCESS);
failure:
RUNTIME_CHECK(isc_mutex_unlock((&random_lock)) == ISC_R_SUCCESS);
return (result);
}
/***
......
......@@ -17,7 +17,7 @@
/*
* Principal Author: Brian Wellington
* $Id: dst_result.c,v 1.5 2000/03/23 19:48:24 halley Exp $
* $Id: dst_result.c,v 1.6 2000/03/28 03:06:37 bwelling Exp $
*/
#include <config.h>
......@@ -51,6 +51,7 @@ static char *text[DST_R_NRESULTS] = {
"not a private key", /* 16 */
"not a key that can compute a secret", /* 17 */
"failure computing a shared secret", /* 18 */
"no randomness available", /* 19 */
};
#define DST_RESULT_RESULTSET 2
......
......@@ -43,8 +43,9 @@ ISC_LANG_BEGINDECLS
#define DST_R_NOTPRIVATEKEY (ISC_RESULTCLASS_DST + 16)
#define DST_R_KEYCANNOTCOMPUTESECRET (ISC_RESULTCLASS_DST + 17)
#define DST_R_COMPUTESECRETFAILURE (ISC_RESULTCLASS_DST + 18)
#define DST_R_NORANDOMNESS (ISC_RESULTCLASS_DST + 19)
#define DST_R_NRESULTS 19 /* Number of results */
#define DST_R_NRESULTS 20 /* Number of results */
char * dst_result_totext(isc_result_t);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment