Replace all random functions with isc_random, isc_random_buf and isc_random_uniform API.

The three functions has been modeled after the arc4random family of functions, and they will always return random bytes. The isc_random family of functions internally use these CSPRNG (if available): 1. getrandom() libc call (might be available on Linux and Solaris) 2. SYS_getrandom syscall (might be available on Linux, detected at runtime) 3. arc4random(), arc4random_buf() and arc4random_uniform() (available on BSDs and Mac OS X) 4. crypto library function: 4a. RAND_bytes in case OpenSSL 4b. pkcs_C_GenerateRandom() in case PKCS#11 library
2018-04-22 14:56:28 +02:00
parent 74dd289a1c
commit 3a4f820d62
115 changed files with 406 additions and 4912 deletions
--- a/lib/dns/tests/Kyuafile
+++ b/lib/dns/tests/Kyuafile
@@ -10,7 +10,6 @@ atf_test_program{name='dh_test'}
 atf_test_program{name='dispatch_test'}
 atf_test_program{name='dnstap_test'}
 atf_test_program{name='dst_test'}
-atf_test_program{name='dstrandom_test'}
 atf_test_program{name='geoip_test'}
 atf_test_program{name='gost_test'}
 atf_test_program{name='keytable_test'}
--- a/lib/dns/tests/Makefile.in
+++ b/lib/dns/tests/Makefile.in
@@ -40,7 +40,6 @@ SRCS =		acl_test.c \
 		dnstap_test.c \
 		dst_test.c \
 		dnstest.c \
-		dstrandom_test.c \
 		geoip_test.c \
 		gost_test.c \
 		keytable_test.c \
@@ -73,7 +72,6 @@ TARGETS =	acl_test@EXEEXT@ \
 		dispatch_test@EXEEXT@ \
 		dnstap_test@EXEEXT@ \
 		dst_test@EXEEXT@ \
-		dstrandom_test@EXEEXT@ \
 		geoip_test@EXEEXT@ \
 		gost_test@EXEEXT@ \
 		keytable_test@EXEEXT@ \
@@ -258,11 +256,6 @@ zt_test@EXEEXT@: zt_test.@O@ dnstest.@O@ \
 			zt_test.@O@ dnstest.@O@ ${DNSLIBS} \
 				${ISCLIBS} ${LIBS}

-dstrandom_test@EXEEXT@: dstrandom_test.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
-	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
-			dstrandom_test.@O@ ${DNSLIBS} \
-			${ISCLIBS} ${ISCPK11LIBS} ${LIBS}
-
 unit::
 	sh ${top_builddir}/unit/unittest.sh

--- a/lib/dns/tests/dispatch_test.c
+++ b/lib/dns/tests/dispatch_test.c
@@ -39,7 +39,7 @@ make_dispatchset(unsigned int ndisps) {
 	unsigned int attrs;
 	dns_dispatch_t *disp = NULL;

-	result = dns_dispatchmgr_create(mctx, NULL, &dispatchmgr);
+	result = dns_dispatchmgr_create(mctx, &dispatchmgr);
 	if (result != ISC_R_SUCCESS)
 		return (result);

@@ -262,7 +262,7 @@ ATF_TC_BODY(dispatch_getnext, tc) {
 	result = isc_task_create(taskmgr, 0, &task);
 	ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);

-	result = dns_dispatchmgr_create(mctx, NULL, &dispatchmgr);
+	result = dns_dispatchmgr_create(mctx, &dispatchmgr);
 	ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);

 	ina.s_addr = htonl(INADDR_LOOPBACK);
--- a/lib/dns/tests/dnstest.c
+++ b/lib/dns/tests/dnstest.c
@@ -21,7 +21,6 @@

 #include <isc/app.h>
 #include <isc/buffer.h>
-#include <isc/entropy.h>
 #include <isc/file.h>
 #include <isc/hash.h>
 #include <isc/hex.h>
@@ -47,7 +46,6 @@
 #include "dnstest.h"

 isc_mem_t *mctx = NULL;
-isc_entropy_t *ectx = NULL;
 isc_log_t *lctx = NULL;
 isc_taskmgr_t *taskmgr = NULL;
 isc_task_t *maintask = NULL;
@@ -118,9 +116,8 @@ dns_test_begin(FILE *logfile, isc_boolean_t start_managers) {
 	if (debug_mem_record)
 		isc_mem_debugging |= ISC_MEM_DEBUGRECORD;
 	CHECK(isc_mem_create(0, 0, &mctx));
-	CHECK(isc_entropy_create(mctx, &ectx));

-	CHECK(dst_lib_init(mctx, ectx, NULL, ISC_ENTROPY_BLOCKING));
+	CHECK(dst_lib_init(mctx, NULL));
 	dst_active = ISC_TRUE;

 	if (logfile != NULL) {
@@ -170,8 +167,6 @@ dns_test_end(void) {
 		dst_lib_destroy();
 		dst_active = ISC_FALSE;
 	}
-	if (ectx != NULL)
-		isc_entropy_detach(&ectx);

 	cleanup_managers();

--- a/lib/dns/tests/dnstest.h
+++ b/lib/dns/tests/dnstest.h
@@ -14,7 +14,6 @@
 #include <config.h>

 #include <isc/buffer.h>
-#include <isc/entropy.h>
 #include <isc/hash.h>
 #include <isc/log.h>
 #include <isc/mem.h>
@@ -45,7 +44,6 @@ typedef struct {
 #define ZONECHANGE_SENTINEL { 0, NULL, 0, NULL, NULL }

 extern isc_mem_t *mctx;
-extern isc_entropy_t *ectx;
 extern isc_log_t *lctx;
 extern isc_taskmgr_t *taskmgr;
 extern isc_task_t *maintask;
--- a/lib/dns/tests/dstrandom_test.c
+++ b/lib/dns/tests/dstrandom_test.c
@@ -1,97 +0,0 @@
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-/*! \file */
-
-#include <config.h>
-
-#include <atf-c.h>
-
-#include <stdio.h>
-#include <string.h>
-#include <unistd.h>
-
-#include <isc/entropy.h>
-#include <isc/mem.h>
-#include <isc/platform.h>
-#include <isc/util.h>
-
-#include <dst/dst.h>
-
-isc_mem_t *mctx = NULL;
-isc_entropy_t *ectx = NULL;
-unsigned char buffer[128];
-
-ATF_TC(isc_entropy_getdata);
-ATF_TC_HEAD(isc_entropy_getdata, tc) {
-	atf_tc_set_md_var(tc, "descr",
-			  "isc_entropy_getdata() examples");
-	atf_tc_set_md_var(tc, "X-randomfile",
-			  "testdata/dstrandom/random.data");
-}
-ATF_TC_BODY(isc_entropy_getdata, tc) {
-	isc_result_t result;
-	unsigned int returned, status;
-	int ret;
-	const char *randomfile = atf_tc_get_md_var(tc, "X-randomfile");
-
-	isc_mem_debugging |= ISC_MEM_DEBUGRECORD;
-	result = isc_mem_create(0, 0, &mctx);
-	ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
-	result = isc_entropy_create(mctx, &ectx);
-	ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
-	result = dst_lib_init(mctx, ectx, NULL, 0);
-	ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
-
-	isc_entropy_usehook(ectx, ISC_TRUE);
-
-	returned = 0;
-	result = isc_entropy_getdata(ectx, buffer, sizeof(buffer),
-				     &returned, 0);
-	ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
-	ATF_REQUIRE(returned == sizeof(buffer));
-
-	status = isc_entropy_status(ectx);
-	ATF_REQUIRE_EQ(status, 0);
-
-	isc_entropy_usehook(ectx, ISC_FALSE);
-
-	ret = chdir(TESTS);
-	ATF_REQUIRE_EQ(ret, 0);
-
-	result = isc_entropy_createfilesource(ectx, randomfile);
-	ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
-
-	returned = 0;
-	result = isc_entropy_getdata(ectx, buffer, sizeof(buffer),
-				     &returned, 0);
-	ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
-	ATF_REQUIRE(returned == sizeof(buffer));
-
-	status = isc_entropy_status(ectx);
-	ATF_REQUIRE(status > 0);
-
-	dst_lib_destroy();
-	isc_entropy_detach(&ectx);
-	ATF_REQUIRE(ectx == NULL);
-	isc_mem_destroy(&mctx);
-	ATF_REQUIRE(mctx == NULL);
-}
-
-/*
- * Main
- */
-ATF_TP_ADD_TCS(tp) {
-	ATF_TP_ADD_TC(tp, isc_entropy_getdata);
-
-	return (atf_no_error());
-}
-
--- a/lib/dns/tests/rbt_serialize_test.c
+++ b/lib/dns/tests/rbt_serialize_test.c
@@ -34,7 +34,6 @@

 #include <isc/app.h>
 #include <isc/buffer.h>
-#include <isc/entropy.h>
 #include <isc/file.h>
 #include <isc/hash.h>
 #include <isc/mem.h>
@@ -354,7 +353,6 @@ ATF_TC_BODY(deserialize_corrupt, tc) {
 	int fd;
 	off_t filesize = 0;
 	char *base, *p, *q;
-	isc_uint32_t r;
 	int i;

 	UNUSED(tc);
@@ -389,14 +387,11 @@ ATF_TC_BODY(deserialize_corrupt, tc) {
 		close(fd);

 		/* Randomly fuzz a portion of the memory */
-		isc_random_get(&r);
-		p = base + (r % filesize);
+		p = base + (isc_random() % filesize);
 		q = base + filesize;
-		isc_random_get(&r);
-		q -= (r % (q - p));
+		q -= (isc_random() % (q - p));
 		while (p++ < q) {
-			isc_random_get(&r);
-			*p = r & 0xff;
+			*p = isc_random() & 0xff;
 		}

 		result = dns_rbt_deserialize_tree(base, filesize, 0, mctx,
--- a/lib/dns/tests/rbt_test.c
+++ b/lib/dns/tests/rbt_test.c
@@ -32,7 +32,6 @@

 #include <isc/app.h>
 #include <isc/buffer.h>
-#include <isc/entropy.h>
 #include <isc/file.h>
 #include <isc/hash.h>
 #include <isc/mem.h>
@@ -369,8 +368,7 @@ ATF_TC_BODY(rbt_check_distance_random, tc) {
 			dns_name_t *name;

 			for (j = 0; j < 32; j++) {
-				isc_uint32_t v;
-				isc_random_get(&v);
+				isc_uint32_t v = isc_random();
 				namebuf[j] = 'a' + (v % 26);
 			}
 			namebuf[32] = '.';
@@ -896,8 +894,7 @@ insert_nodes(dns_rbt_t *mytree, char **names,
 			isc_result_t result;

 			for (j = 0; j < 32; j++) {
-				isc_uint32_t v;
-				isc_random_get(&v);
+				isc_uint32_t v = isc_random();
 				namebuf[j] = 'a' + (v % 26);
 			}
 			namebuf[32] = '.';
@@ -933,9 +930,7 @@ remove_nodes(dns_rbt_t *mytree, char **names,
 		dns_name_t *name;
 		isc_result_t result;

-		isc_random_get(&node);
-
-		node %= *names_count;
+		node = isc_random_uniform(*names_count);

 		dns_test_namefromstring(names[node], &fname);
 		name = dns_fixedname_name(&fname);
@@ -1023,8 +1018,8 @@ ATF_TC_BODY(rbt_insert_and_remove, tc) {
 	/* Repeat the insert/remove test some 4096 times */
 	for (i = 0; i < 4096; i++) {
 		isc_uint32_t num_names;
-		isc_random_get(&num_names);

+		num_names = isc_random();
 		if (names_count < 1024) {
 			num_names %= 1024 - names_count;
 			num_names++;
@@ -1035,7 +1030,7 @@ ATF_TC_BODY(rbt_insert_and_remove, tc) {
 		insert_nodes(mytree, names, &names_count, num_names);
 		check_tree(mytree, names, names_count, __LINE__);

-		isc_random_get(&num_names);
+		num_names = isc_random();
 		if (names_count > 0) {
 			num_names %= names_count;
 			num_names++;
--- a/lib/dns/tests/resolver_test.c
+++ b/lib/dns/tests/resolver_test.c
@@ -43,7 +43,7 @@ setup(void) {
 	result = dns_test_begin(NULL, ISC_TRUE);
 	ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);

-	result = dns_dispatchmgr_create(mctx, NULL, &dispatchmgr);
+	result = dns_dispatchmgr_create(mctx, &dispatchmgr);
 	ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);

 	result = dns_test_makeview("view", &view);