mirror of
https://github.com/isc-projects/bind9.git
synced 2026-02-23 09:51:03 -05:00
fbd2e47f51
While implementing the new unit testing framework cmocka, it was found that the BIND 9 code doesn't compile when assertions are disabled or replaced with any function (such as mock_assert() from cmocka unit testing framework) that's not directly recognized as assertion by the compiler. This made the compiler to complain about blocks of code that was recognized as unreachable before, but now it isn't. The changes in this commit include: * assigns default values to couple of local variables, * moves some return statements around INSIST assertions, * adds __builtin_unreachable(); annotations after some INSIST assertions, * fixes one broken assertion (= instead of ==)
170 lines
4.6 KiB
C
170 lines
4.6 KiB
C
/*
|
|
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
|
*
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
*
|
|
* See the COPYRIGHT file distributed with this work for additional
|
|
* information regarding copyright ownership.
|
|
*/
|
|
|
|
/*
|
|
* Portions of isc_random_uniform():
|
|
*
|
|
* Copyright (c) 1996, David Mazieres <dm@uun.org>
|
|
* Copyright (c) 2008, Damien Miller <djm@openbsd.org>
|
|
*
|
|
* Permission to use, copy, modify, and distribute this software for any
|
|
* purpose with or without fee is hereby granted, provided that the above
|
|
* copyright notice and this permission notice appear in all copies.
|
|
*
|
|
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
|
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
|
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
|
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
|
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
|
*/
|
|
|
|
#include <config.h>
|
|
|
|
#include <inttypes.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
#include <unistd.h>
|
|
|
|
#include <isc/platform.h>
|
|
#include <isc/random.h>
|
|
#include <isc/result.h>
|
|
#include <isc/types.h>
|
|
#include <isc/util.h>
|
|
|
|
#include <isc/once.h>
|
|
|
|
#include "entropy_private.h"
|
|
|
|
/*
|
|
* The specific implementation for PRNG is included as a C file
|
|
* that has to provide a static variable named seed, and a function
|
|
* uint32_t next(void) that provides next random number.
|
|
*
|
|
* The implementation must be thread-safe.
|
|
*/
|
|
|
|
/*
|
|
* Two contestants have been considered: the xoroshiro family of the
|
|
* functions by Villa&Blackman, and PCG by O'Neill. After
|
|
* consideration, the xoshiro128starstar function has been chosen as
|
|
* the uint32_t random number provider because it is very fast and has
|
|
* good enough properties for our usage pattern.
|
|
*/
|
|
#include "xoshiro128starstar.c"
|
|
|
|
#if defined(HAVE_TLS)
|
|
#if defined(HAVE_THREAD_LOCAL)
|
|
#include <threads.h>
|
|
static thread_local isc_once_t isc_random_once = ISC_ONCE_INIT;
|
|
#elif defined(HAVE___THREAD)
|
|
static __thread isc_once_t isc_random_once = ISC_ONCE_INIT;
|
|
#elif defined(HAVE___DECLSPEC_THREAD)
|
|
static __declspec( thread ) isc_once_t isc_random_once = ISC_ONCE_INIT;
|
|
#else
|
|
#error "Unknown method for defining a TLS variable!"
|
|
#endif
|
|
#else
|
|
static isc_once_t isc_random_once = ISC_ONCE_INIT;
|
|
#endif
|
|
|
|
static void
|
|
isc_random_initialize(void) {
|
|
#if FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
|
|
memset(seed, 0, sizeof(seed));
|
|
#else
|
|
int useed[4] = {0,0,0,0};
|
|
isc_entropy_get(useed, sizeof(useed));
|
|
memcpy(seed, useed, sizeof(seed));
|
|
#endif
|
|
}
|
|
|
|
uint8_t
|
|
isc_random8(void) {
|
|
RUNTIME_CHECK(isc_once_do(&isc_random_once,
|
|
isc_random_initialize) == ISC_R_SUCCESS);
|
|
return (next() & 0xff);
|
|
}
|
|
|
|
uint16_t
|
|
isc_random16(void) {
|
|
RUNTIME_CHECK(isc_once_do(&isc_random_once,
|
|
isc_random_initialize) == ISC_R_SUCCESS);
|
|
return (next() & 0xffff);
|
|
}
|
|
|
|
uint32_t
|
|
isc_random32(void) {
|
|
RUNTIME_CHECK(isc_once_do(&isc_random_once,
|
|
isc_random_initialize) == ISC_R_SUCCESS);
|
|
return (next());
|
|
}
|
|
|
|
void
|
|
isc_random_buf(void *buf, size_t buflen) {
|
|
int i;
|
|
uint32_t r;
|
|
|
|
REQUIRE(buf != NULL);
|
|
REQUIRE(buflen > 0);
|
|
|
|
RUNTIME_CHECK(isc_once_do(&isc_random_once,
|
|
isc_random_initialize) == ISC_R_SUCCESS);
|
|
|
|
for (i = 0; i + sizeof(r) <= buflen; i += sizeof(r)) {
|
|
r = next();
|
|
memmove((uint8_t *)buf + i, &r, sizeof(r));
|
|
}
|
|
r = next();
|
|
memmove((uint8_t *)buf + i, &r, buflen % sizeof(r));
|
|
return;
|
|
}
|
|
|
|
uint32_t
|
|
isc_random_uniform(uint32_t upper_bound) {
|
|
/* Copy of arc4random_uniform from OpenBSD */
|
|
uint32_t r, min;
|
|
|
|
RUNTIME_CHECK(isc_once_do(&isc_random_once,
|
|
isc_random_initialize) == ISC_R_SUCCESS);
|
|
|
|
if (upper_bound < 2) {
|
|
return (0);
|
|
}
|
|
|
|
#if (ULONG_MAX > 0xffffffffUL)
|
|
min = 0x100000000UL % upper_bound;
|
|
#else /* if (ULONG_MAX > 0xffffffffUL) */
|
|
/* Calculate (2**32 % upper_bound) avoiding 64-bit math */
|
|
if (upper_bound > 0x80000000) {
|
|
min = 1 + ~upper_bound; /* 2**32 - upper_bound */
|
|
} else {
|
|
/* (2**32 - (x * 2)) % x == 2**32 % x when x <= 2**31 */
|
|
min = ((0xffffffff - (upper_bound * 2)) + 1) % upper_bound;
|
|
}
|
|
#endif /* if (ULONG_MAX > 0xffffffffUL) */
|
|
|
|
/*
|
|
* This could theoretically loop forever but each retry has
|
|
* p > 0.5 (worst case, usually far better) of selecting a
|
|
* number inside the range we need, so it should rarely need
|
|
* to re-roll.
|
|
*/
|
|
for (;;) {
|
|
r = next();
|
|
if (r >= min) {
|
|
break;
|
|
}
|
|
}
|
|
|
|
return (r % upper_bound);
|
|
}
|