Commit ed29aefe authored by Brian Wellington's avatar Brian Wellington

[RT #1709]

Change isc_entropy_usebestsource() to have saner semantics:
 - If an invalid file is specified, an error will be returned instead of the
   keyboard being used.
 - If no file is specified but a random device is present, the keyboard will
   be used if there is an error opening the random device.
 - ISC_ENTROPY_KEYBOARDYES indicates that the keyboard should be the
   only device used.  Otherwise, passing '-r keyboard' is meaningless
   on a machine with a random device, since the keyboard will not be used.

Change the callers in the dnssec tools and rndc-confgen to check for the
special file "keyboard" and call isc_entropy_usebestsource() with the right set
of parameters.
parent 68b62e1c
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dnssectool.c,v 1.31 2001/07/22 06:09:42 mayer Exp $ */
/* $Id: dnssectool.c,v 1.32 2001/09/05 22:32:05 bwelling Exp $ */
#include <config.h>
......@@ -23,7 +23,6 @@
#include <isc/buffer.h>
#include <isc/entropy.h>
#include <isc/keyboard.h>
#include <isc/string.h>
#include <isc/time.h>
#include <isc/util.h>
......@@ -202,13 +201,23 @@ cleanup_logging(isc_log_t **logp) {
void
setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) {
isc_result_t result;
int usekeyboard = ISC_ENTROPY_KEYBOARDMAYBE;
result = isc_entropy_create(mctx, ectx);
if (result != ISC_R_SUCCESS)
fatal("could not create entropy object");
REQUIRE(ectx != NULL);
if (*ectx == NULL) {
result = isc_entropy_create(mctx, ectx);
if (result != ISC_R_SUCCESS)
fatal("could not create entropy object");
}
if (randomfile != NULL && strcmp(randomfile, "keyboard") == 0) {
usekeyboard = ISC_ENTROPY_KEYBOARDYES;
randomfile = NULL;
}
result = isc_entropy_usebestsource(*ectx, &source, randomfile,
ISC_ENTROPY_KEYBOARDMAYBE);
usekeyboard);
if (result != ISC_R_SUCCESS)
fatal("could not initialize entropy source: %s",
......
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: rndc-confgen.c,v 1.9 2001/08/27 23:55:16 gson Exp $ */
/* $Id: rndc-confgen.c,v 1.10 2001/09/05 22:32:06 bwelling Exp $ */
#include <config.h>
......@@ -230,6 +230,10 @@ main(int argc, char **argv) {
DO("create entropy context", isc_entropy_create(mctx, &ectx));
if (randomfile != NULL && strcmp(randomfile, "keyboard") == 0) {
randomfile = NULL;
open_keyboard = ISC_ENTROPY_KEYBOARDYES;
}
DO("start entropy source", isc_entropy_usebestsource(ectx,
&entropy_source,
randomfile,
......
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: entropy.c,v 1.4 2001/09/01 00:46:04 gson Exp $ */
/* $Id: entropy.c,v 1.5 2001/09/05 22:32:08 bwelling Exp $ */
/*
* This is the system independent part of the entropy module. It is
......@@ -1201,6 +1201,7 @@ isc_entropy_usebestsource(isc_entropy_t *ectx, isc_entropysource_t **source,
{
isc_result_t result;
isc_result_t final_result = ISC_R_NOENTROPY;
isc_boolean_t userfile = ISC_TRUE;
REQUIRE(VALID_ENTROPY(ectx));
REQUIRE(source != NULL && *source == NULL);
......@@ -1209,15 +1210,19 @@ isc_entropy_usebestsource(isc_entropy_t *ectx, isc_entropysource_t **source,
use_keyboard == ISC_ENTROPY_KEYBOARDMAYBE);
#ifdef PATH_RANDOMDEV
if (randomfile == NULL)
if (randomfile == NULL) {
randomfile = PATH_RANDOMDEV;
userfile = ISC_FALSE;
}
#endif
if (randomfile != NULL) {
if (randomfile != NULL && use_keyboard != ISC_ENTROPY_KEYBOARDYES) {
result = isc_entropy_createfilesource(ectx, randomfile);
if (result == ISC_R_SUCCESS &&
use_keyboard == ISC_ENTROPY_KEYBOARDMAYBE)
use_keyboard = ISC_ENTROPY_KEYBOARDNO;
if (result != ISC_R_SUCCESS && userfile)
return (result);
final_result = result;
}
......
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: entropy.h,v 1.23 2001/06/22 17:05:53 tale Exp $ */
/* $Id: entropy.h,v 1.24 2001/09/05 22:32:09 bwelling Exp $ */
#ifndef ISC_ENTROPY_H
#define ISC_ENTROPY_H 1
......@@ -112,12 +112,12 @@ typedef void (*isc_entropystop_t)(isc_entropysource_t *source, void *arg);
* For use with isc_entropy_usebestsource().
*
* _KEYBOARDYES
* Always use the keyboard as an entropy source.
* Use the keyboard as the only entropy source.
* _KEYBOARDNO
* Never use the keyboard as an entropy source.
* _KEYBOARDMAYBE
* Use the keyboard as an entropy source only if opening the
* random device or supplied filename fails.
* random device fails.
*/
#define ISC_ENTROPY_KEYBOARDYES 1
#define ISC_ENTROPY_KEYBOARDNO 2
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment