Commit abdb4a41 authored by Jan Včelák's avatar Jan Včelák 🚀

random: use random generator from new dnssec library

parent c7ee1d32
......@@ -193,7 +193,6 @@ src/libknot/dnssec/key.c
src/libknot/dnssec/key.h
src/libknot/dnssec/policy.c
src/libknot/dnssec/policy.h
src/libknot/dnssec/random.h
src/libknot/dnssec/rrset-sign.c
src/libknot/dnssec/rrset-sign.h
src/libknot/dnssec/sig0.c
......
......@@ -148,7 +148,6 @@ libknot_la_SOURCES = \
libknot/dnssec/key.h \
libknot/dnssec/policy.c \
libknot/dnssec/policy.h \
libknot/dnssec/random.h \
libknot/dnssec/rrset-sign.c \
libknot/dnssec/rrset-sign.h \
libknot/dnssec/sig0.c \
......@@ -297,6 +296,7 @@ libknotd_la_SOURCES = \
# libraries
libknot_la_LIBADD = libknots.la zscanner/libzscanner.la
libknotd_la_LIBADD = libknots.la libknot.la ../dnssec/libdnssec.la
libknotus_la_LIBADD = ../dnssec/libdnssec.la
# sbin programs
knotd_LDADD = libknot.la libknotd.la
......
......@@ -27,6 +27,7 @@
#include "knot/knot.h"
#include "common/descriptor.h"
#include "dnssec/crypto.h"
#include "knot/ctl/process.h"
#include "knot/ctl/remote.h"
#include "knot/conf/conf.h"
......@@ -578,7 +579,9 @@ int main(int argc, char **argv)
}
/* Execute command. */
dnssec_crypto_init();
rc = cmd->cb(argc - optind - 1, argv + optind + 1, flags);
dnssec_crypto_cleanup();
exit:
/* Finish */
......
......@@ -28,7 +28,7 @@
#include "libknot/tsig-op.h"
#include "libknot/rdata/rdname.h"
#include "libknot/rdata/soa.h"
#include "libknot/dnssec/random.h"
#include "dnssec/random.h"
#include "knot/dnssec/zone-sign.h"
#include "knot/dnssec/zone-nsec.h"
......@@ -728,7 +728,7 @@ knot_pkt_t* remote_query(const char *query, const knot_tsig_key_t *key)
return NULL;
}
knot_wire_set_id(pkt->wire, knot_random_uint16_t());
knot_wire_set_id(pkt->wire, dnssec_random_uint16_t());
knot_pkt_reserve(pkt, tsig_wire_maxsize(key));
/* Question section. */
......
......@@ -29,6 +29,7 @@
#include <systemd/sd-daemon.h>
#endif
#include "dnssec/crypto.h"
#include "libknot/common.h"
#include "libknot/dnssec/crypto.h"
#include "knot/knot.h"
......@@ -56,6 +57,7 @@ static void init_signal_started(void)
/*! \brief atexit() handler for server code. */
static void knot_crypto_deinit(void)
{
dnssec_crypto_cleanup();
knot_crypto_cleanup();
knot_crypto_cleanup_threads();
}
......@@ -258,6 +260,7 @@ int main(int argc, char **argv)
}
/* Initialize cryptographic backend. */
dnssec_crypto_init();
knot_crypto_init();
knot_crypto_init_threads();
atexit(knot_crypto_deinit);
......
......@@ -34,7 +34,7 @@
#include "knot/nameserver/internet.h"
#include "common/debug.h"
#include "knot/nameserver/process_query.h"
#include "libknot/dnssec/random.h"
#include "dnssec/random.h"
#include "libknot/rdata/soa.h"
/*----------------------------------------------------------------------------*/
......
......@@ -25,7 +25,7 @@
#include "libknot/consts.h"
#include "libknot/packet/wire.h"
#include "common/hattrie/murmurhash3.h"
#include "libknot/dnssec/random.h"
#include "dnssec/random.h"
#include "common/descriptor.h"
#include "common/errors.h"
#include "knot/zone/zone.h"
......@@ -491,7 +491,7 @@ bool rrl_slip_roll(int n_slip)
* That represents a chance of 1/N that answer slips.
* Therefore, on average, from 100 answers 100/N will slip. */
int threshold = RRL_SLIP_MAX / n_slip;
int roll = knot_random_uint16_t() % RRL_SLIP_MAX;
int roll = dnssec_random_uint16_t() % RRL_SLIP_MAX;
return (roll < threshold);
}
......@@ -521,7 +521,7 @@ int rrl_reseed(rrl_table_t *rrl)
}
memset(rrl->arr, 0, rrl->size * sizeof(rrl_item_t));
rrl->seed = knot_random_uint32_t();
rrl->seed = dnssec_random_uint32_t();
dbg_rrl("%s: reseed to '%u'\n", __func__, rrl->seed);
if (rrl->lk_count > 0) {
......
......@@ -32,7 +32,7 @@
#include "knot/zone/zonedb.h"
#include "libknot/dname.h"
#include "libknot/dnssec/crypto.h"
#include "libknot/dnssec/random.h"
#include "dnssec/random.h"
/*! \brief Event scheduler loop. */
static int evsched_run(dthread_t *thread)
......
......@@ -41,7 +41,7 @@
#include "libknot/packet/wire.h"
#include "knot/nameserver/process_query.h"
#include "libknot/dnssec/crypto.h"
#include "libknot/dnssec/random.h"
#include "dnssec/random.h"
/*! \brief TCP context data. */
typedef struct tcp_context {
......@@ -61,7 +61,7 @@ typedef struct tcp_context {
/*! \brief Calculate TCP throttle time (random). */
static inline int tcp_throttle() {
return TCP_THROTTLE_LO + (knot_random_uint16_t() % TCP_THROTTLE_HI);
return TCP_THROTTLE_LO + (dnssec_random_uint16_t() % TCP_THROTTLE_HI);
}
/*! \brief Sweep TCP connection. */
......
......@@ -41,7 +41,7 @@
#include "common/evsched.h"
#include "common/descriptor.h"
#include "libknot/rrset.h"
#include "libknot/dnssec/random.h"
#include "dnssec/random.h"
/* Constants */
......@@ -118,7 +118,7 @@ static int forward_packet(knot_ns_xfr_t *data, knot_pkt_t *pkt)
/* Assign new message id. */
data->packet_nr = knot_wire_get_id(pkt->wire);
knot_wire_set_id(pkt->wire, knot_random_uint16_t());
knot_wire_set_id(pkt->wire, dnssec_random_uint16_t());
return KNOT_EOK;
}
......@@ -280,7 +280,7 @@ static int xfr_task_close(knot_ns_xfr_t *rq)
if (rq->type == XFR_TYPE_AIN && !rq->zone->contents) {
/* Progressive retry interval up to AXFR_RETRY_MAXTIME */
zone->xfr_in.bootstrap_retry *= 2;
zone->xfr_in.bootstrap_retry += knot_random_uint32_t() % AXFR_BOOTSTRAP_RETRY;
zone->xfr_in.bootstrap_retry += dnssec_random_uint32_t() % AXFR_BOOTSTRAP_RETRY;
if (zone->xfr_in.bootstrap_retry > AXFR_RETRY_MAXTIME) {
zone->xfr_in.bootstrap_retry = AXFR_RETRY_MAXTIME;
}
......@@ -340,7 +340,7 @@ static int xfr_task_start(knot_ns_xfr_t *rq)
knot_pkt_t *pkt = knot_pkt_new(rq->wire, rq->wire_maxlen, NULL);
CHECK_ALLOC_LOG(pkt, KNOT_ENOMEM);
knot_pkt_clear(pkt);
knot_wire_set_id(pkt->wire, knot_random_uint16_t());
knot_wire_set_id(pkt->wire, dnssec_random_uint16_t());
/* Prepare TSIG key if set. */
if (rq->tsig_key) {
......
......@@ -25,7 +25,7 @@
#include "knot/zone/zone-create.h"
#include "libknot/dname.h"
#include "libknot/dnssec/crypto.h"
#include "libknot/dnssec/random.h"
#include "dnssec/random.h"
#include "libknot/rdata/soa.h"
#include "knot/zone/zone.h"
#include "knot/zone/zone.h"
......@@ -99,7 +99,7 @@ static zone_t *bootstrap_zone(conf_zone_t *conf)
}
/* Initialize bootstrap timer. */
new_zone->xfr_in.bootstrap_retry = knot_random_uint32_t() % XFRIN_BOOTSTRAP_DELAY;
new_zone->xfr_in.bootstrap_retry = dnssec_random_uint32_t() % XFRIN_BOOTSTRAP_DELAY;
return new_zone;
}
......
......@@ -30,7 +30,7 @@
#include "knot/server/serialization.h"
#include "knot/zone/zone-dump.h"
#include "libknot/dname.h"
#include "libknot/dnssec/random.h"
#include "dnssec/random.h"
#include "libknot/rdata/soa.h"
#include "knot/dnssec/zone-events.h"
#include "knot/dnssec/zone-sign.h"
......@@ -55,7 +55,7 @@
*/
static uint32_t zones_jitter(uint32_t interval)
{
return (interval * (100 - (knot_random_uint32_t() % ZONES_JITTER_PCT))) / 100;
return (interval * (100 - (dnssec_random_uint32_t() % ZONES_JITTER_PCT))) / 100;
}
/*!
......
......@@ -47,7 +47,7 @@
/* Timer special values. */
#define REFRESH_DEFAULT -1 /* Use time value from zone structure. */
#define REFRESH_NOW (knot_random_uint16_t() % 1000) /* Now, but with jitter. */
#define REFRESH_NOW (dnssec_random_uint16_t() % 1000) /* Now, but with jitter. */
/*!
* \brief Sync zone data back to text zonefile.
......
......@@ -29,7 +29,7 @@
#include "knot/zone/zone-create.h"
#include "knot/dnssec/zone-nsec.h"
#include "knot/dnssec/zone-sign.h"
#include "libknot/dnssec/random.h"
#include "dnssec/random.h"
#include "libknot/common.h"
#include "knot/updates/changesets.h"
#include "libknot/rdata/tsig.h"
......
......@@ -26,7 +26,7 @@
#include "knot/zone/zone-contents.h"
#include "libknot/common.h"
#include "libknot/dname.h"
#include "libknot/dnssec/random.h"
#include "dnssec/random.h"
#include "libknot/util/utils.h"
/*!
......
/* Copyright (C) 2013 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*!
* \file random.h
*
* \author Jan Vcelak <jan.vcelak@nic.cz>
*
* \brief Interface for pseudo-random generator from OpenSSL.
*
* \addtogroup dnssec
* @{
*/
#ifndef _KNOT_DNSSEC_RANDOM_H
#define _KNOT_DNSSEC_RANDOM_H
#include <assert.h>
#include <openssl/rand.h>
#include <stdint.h>
#include "common/errcode.h"
/*!
* \brief Fill a buffer with random data.
*
* \note Always succeeds, but might not provide cryptographically strong random.
*
* \param dest Pointer to output buffer.
* \param size Size of output buffer.
*
* \retval 1 Cryptographically strong random data were written.
* \retval 0 Cryptographically weak random data were written.
*/
static inline int knot_random_buffer(void *dest, size_t size)
{
assert(dest);
int result = RAND_pseudo_bytes(dest, (int)size);
assert(result != -1);
return result;
}
/*!
* \brief Declare function knot_random_<type>().
*/
#define _knot_register_random_type(type) \
static inline type knot_random_##type(void) { \
type buffer; \
knot_random_buffer(&buffer, sizeof(buffer)); \
return buffer; \
}
_knot_register_random_type(uint16_t);
_knot_register_random_type(uint32_t);
#endif // _KNOT_DNSSEC_RANDOM_H
/*! @} */
......@@ -28,7 +28,7 @@
#include "utils/common/params.h" // params_t
#include "utils/common/netio.h" // send_msg
#include "libknot/dnssec/sig0.h"
#include "libknot/dnssec/random.h"
#include "dnssec/random.h"
static knot_lookup_table_t rtypes[] = {
{ KNOT_RRTYPE_A, "has IPv4 address" },
......@@ -378,7 +378,7 @@ knot_pkt_t* create_empty_packet(const size_t max_size)
}
// Set random sequence id.
knot_wire_set_id(packet->wire, knot_random_uint16_t());
knot_wire_set_id(packet->wire, dnssec_random_uint16_t());
return packet;
}
......
......@@ -17,6 +17,7 @@
#include <stdlib.h> // EXIT_FAILURE
#include "common/errcode.h" // KNOT_EOK
#include "dnssec/crypto.h"
#include "utils/dig/dig_params.h" // dig_parse
#include "utils/dig/dig_exec.h" // dig_exec
......@@ -26,9 +27,11 @@ int main(int argc, char *argv[])
dig_params_t params;
if (dig_parse(&params, argc, argv) == KNOT_EOK) {
dnssec_crypto_init();
if (!params.stop && dig_exec(&params) != KNOT_EOK) {
ret = EXIT_FAILURE;
}
dnssec_crypto_cleanup();
} else {
ret = EXIT_FAILURE;
}
......
......@@ -17,6 +17,7 @@
#include <stdlib.h> // EXIT_FAILURE
#include "common/errcode.h" // KNOT_EOK
#include "dnssec/crypto.h"
#include "utils/host/host_params.h" // host_parse
#include "utils/dig/dig_exec.h" // dig_exec
......@@ -26,9 +27,11 @@ int main(int argc, char *argv[])
dig_params_t params;
if (host_parse(&params, argc, argv) == KNOT_EOK) {
dnssec_crypto_init();
if (!params.stop && dig_exec(&params) != KNOT_EOK) {
ret = EXIT_FAILURE;
}
dnssec_crypto_cleanup();
} else {
ret = EXIT_FAILURE;
}
......
......@@ -26,6 +26,7 @@
#include "common/errcode.h"
#include "common/hex.h"
#include "common/strtonum.h"
#include "dnssec/crypto.h"
#include "libknot/dnssec/crypto.h"
#define PROGRAM_NAME "knsec3hash"
......@@ -129,7 +130,7 @@ int main(int argc, char *argv[])
return 1;
}
atexit(knot_crypto_cleanup);
dnssec_crypto_init();
int exit_code = 1;
knot_nsec3_params_t nsec3_params = { 0 };
......@@ -187,5 +188,7 @@ fail:
free(digest);
free(b32_digest);
dnssec_crypto_cleanup();
return exit_code;
}
......@@ -33,7 +33,7 @@
#include "common/descriptor.h"
#include "libknot/common.h"
#include "libknot/libknot.h"
#include "libknot/dnssec/random.h"
#include "dnssec/random.h"
/* Declarations of cmd parse functions. */
typedef int (*cmd_handle_f)(const char *lp, nsupdate_params_t *params);
......@@ -347,7 +347,7 @@ static int build_query(nsupdate_params_t *params)
knot_pkt_clear(query);
/* Write question. */
knot_wire_set_id(query->wire, knot_random_uint16_t());
knot_wire_set_id(query->wire, dnssec_random_uint16_t());
knot_wire_set_opcode(query->wire, KNOT_OPCODE_UPDATE);
knot_dname_t *qname = knot_dname_from_str(params->zone);
int ret = knot_pkt_put_question(query, qname, params->class_num, params->type_num);
......
......@@ -17,21 +17,23 @@
#include <stdlib.h> // EXIT_FAILURE
#include "common/errcode.h" // KNOT_EOK
#include "dnssec/crypto.h"
#include "utils/nsupdate/nsupdate_params.h" // params_t
#include "utils/nsupdate/nsupdate_exec.h" // host_exec
#include "libknot/dnssec/crypto.h" // knot_crypto_cleanup
int main(int argc, char *argv[])
{
atexit(knot_crypto_cleanup);
int ret = EXIT_SUCCESS;
nsupdate_params_t params;
if (nsupdate_parse(&params, argc, argv) == KNOT_EOK) {
dnssec_crypto_init();
if (!params.stop && nsupdate_exec(&params) != KNOT_EOK) {
ret = EXIT_FAILURE;
}
dnssec_crypto_cleanup();
} else {
ret = EXIT_FAILURE;
}
......
......@@ -19,10 +19,12 @@
#include <sys/socket.h>
#include <tap/basic.h>
#include "common/descriptor.h"
#include "dnssec/crypto.h"
#include "dnssec/random.h"
#include "knot/conf/conf.h"
#include "knot/server/rrl.h"
#include "knot/zone/zone.h"
#include "knot/conf/conf.h"
#include "common/descriptor.h"
/* Enable time-dependent tests. */
//#define ENABLE_TIMED_TESTS
......@@ -58,7 +60,7 @@ static void* rrl_runnable(void *arg)
uint32_t now = time(NULL);
struct bucketmap_t *m = malloc(RRL_INSERTS * sizeof(struct bucketmap_t));
for (unsigned i = 0; i < RRL_INSERTS; ++i) {
m[i].i = knot_random_uint32_t(UINT32_MAX);
m[i].i = dnssec_random_uint32_t(UINT32_MAX);
addr.addr4.sin_addr.s_addr = m[i].i;
rrl_item_t *b = rrl_hash(d->rrl, &addr, d->rq, d->zone, now, &lock);
rrl_unlock(d->rrl, lock);
......@@ -93,6 +95,8 @@ int main(int argc, char *argv[])
{
plan(10);
dnssec_crypto_init();
/* Prepare query. */
knot_pkt_t *query = knot_pkt_new(NULL, 512, NULL);
if (query == NULL) {
......@@ -197,5 +201,6 @@ int main(int argc, char *argv[])
zone_free(&zone);
knot_pkt_free(&query);
rrl_destroy(rrl);
dnssec_crypto_cleanup();
return 0;
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment