Replace all random functions with isc_random, isc_random_buf and isc_random_uniform API.

The three functions has been modeled after the arc4random family of functions, and they will always return random bytes. The isc_random family of functions internally use these CSPRNG (if available): 1. getrandom() libc call (might be available on Linux and Solaris) 2. SYS_getrandom syscall (might be available on Linux, detected at runtime) 3. arc4random(), arc4random_buf() and arc4random_uniform() (available on BSDs and Mac OS X) 4. crypto library function: 4a. RAND_bytes in case OpenSSL 4b. pkcs_C_GenerateRandom() in case PKCS#11 library
2018-04-22 14:56:28 +02:00
parent 74dd289a1c
commit 3a4f820d62
115 changed files with 406 additions and 4912 deletions
--- a/lib/dns/include/dns/dispatch.h
+++ b/lib/dns/include/dns/dispatch.h
@@ -144,8 +144,7 @@ struct dns_dispatchset {
 #define DNS_DISPATCHOPT_FIXEDID		0x00000001U

 isc_result_t
-dns_dispatchmgr_create(isc_mem_t *mctx, isc_entropy_t *entropy,
-		       dns_dispatchmgr_t **mgrp);
+dns_dispatchmgr_create(isc_mem_t *mctx, dns_dispatchmgr_t **mgrp);
 /*%<
 * Creates a new dispatchmgr object.
 *
@@ -154,10 +153,6 @@ dns_dispatchmgr_create(isc_mem_t *mctx, isc_entropy_t *entropy,
 *
 *\li	mgrp != NULL && *mgrp == NULL
 *
- *\li	"entropy" may be NULL, in which case an insecure random generator
- *	will be used.  If it is non-NULL, it must be a valid entropy
- *	source.
- *
 * Returns:
 *\li	ISC_R_SUCCESS	-- all ok
 *
--- a/lib/dns/include/dns/tkey.h
+++ b/lib/dns/include/dns/tkey.h
@@ -36,13 +36,11 @@ struct dns_tkeyctx {
 	dns_name_t *domain;
 	gss_cred_id_t gsscred;
 	isc_mem_t *mctx;
-	isc_entropy_t *ectx;
 	char *gssapi_keytab;
 };

 isc_result_t
-dns_tkeyctx_create(isc_mem_t *mctx, isc_entropy_t *ectx,
-		   dns_tkeyctx_t **tctxp);
+dns_tkeyctx_create(isc_mem_t *mctx, dns_tkeyctx_t **tctxp);
 /*%<
 *	Create an empty TKEY context.
 *
--- a/lib/dns/include/dst/dst.h
+++ b/lib/dns/include/dst/dst.h
@@ -129,14 +129,12 @@ typedef struct dst_context 	dst_context_t;
 *** Functions
 ***/
 isc_result_t
-dst_lib_init(isc_mem_t *mctx, isc_entropy_t *ectx,
-	     const char *engine, unsigned int eflags);
+dst_lib_init(isc_mem_t *mctx, const char *engine);
 /*%<
 * Initializes the DST subsystem.
 *
 * Requires:
 * \li 	"mctx" is a valid memory context
- * \li	"ectx" is a valid entropy context
 *
 * Returns:
 * \li	ISC_R_SUCCESS
@@ -153,23 +151,6 @@ dst_lib_destroy(void);
 * Releases all resources allocated by DST.
 */

-isc_result_t
-dst_random_getdata(void *data, unsigned int length,
-		   unsigned int *returned, unsigned int flags);
-/*%<
- * Gets random data from the random generator provided by the
- * crypto library.
- *
- * See isc_entropy_getdata() for parameter usage. Normally when
- * this function is available, it will be set up as a hook in the
- * entropy context, so that isc_entropy_getdata() is a front-end to
- * this function.
- *
- * Returns:
- * \li	ISC_R_SUCCESS on success
- * \li	DST_R_OPENSSLFAILURE, DST_R_CRYPTOFAILURE, or other codes on error
- */
-
 isc_boolean_t
 dst_algorithm_supported(unsigned int alg);
 /*%<