f297390480
This is still an RC but the final version is supposed to come out in a couple of days. Committing early to catch regressions and all. Not much depends on this in ports anyway...
88 lines
2.2 KiB
Plaintext
88 lines
2.2 KiB
Plaintext
$OpenBSD: patch-lib_krb5_crypto-rand_c,v 1.2 2016/12/17 14:58:31 ajacoutot Exp $
|
|
|
|
Simpler: just use arc4random_buf(3).
|
|
|
|
--- lib/krb5/crypto-rand.c.orig Sat Dec 17 14:01:13 2016
|
|
+++ lib/krb5/crypto-rand.c Sat Dec 17 14:21:27 2016
|
|
@@ -36,53 +36,6 @@
|
|
#undef HEIMDAL_WARN_UNUSED_RESULT_ATTRIBUTE
|
|
#define HEIMDAL_WARN_UNUSED_RESULT_ATTRIBUTE
|
|
|
|
-#define ENTROPY_NEEDED 128
|
|
-
|
|
-static HEIMDAL_MUTEX crypto_mutex = HEIMDAL_MUTEX_INITIALIZER;
|
|
-
|
|
-static int
|
|
-seed_something(void)
|
|
-{
|
|
-#ifndef NO_RANDFILE
|
|
- char buf[1024], seedfile[256];
|
|
-
|
|
- /* If there is a seed file, load it. But such a file cannot be trusted,
|
|
- so use 0 for the entropy estimate */
|
|
- if (RAND_file_name(seedfile, sizeof(seedfile))) {
|
|
- int fd;
|
|
- fd = open(seedfile, O_RDONLY | O_BINARY | O_CLOEXEC);
|
|
- if (fd >= 0) {
|
|
- ssize_t ret;
|
|
- rk_cloexec(fd);
|
|
- ret = read(fd, buf, sizeof(buf));
|
|
- if (ret > 0)
|
|
- RAND_add(buf, ret, 0.0);
|
|
- close(fd);
|
|
- } else
|
|
- seedfile[0] = '\0';
|
|
- } else
|
|
- seedfile[0] = '\0';
|
|
-#endif
|
|
-
|
|
- /* Calling RAND_status() will try to use /dev/urandom if it exists so
|
|
- we do not have to deal with it. */
|
|
- if (RAND_status() != 1) {
|
|
- /* TODO: Once a Windows CryptoAPI RAND method is defined, we
|
|
- can use that and failover to another method. */
|
|
- }
|
|
-
|
|
- if (RAND_status() == 1) {
|
|
-#ifndef NO_RANDFILE
|
|
- /* Update the seed file */
|
|
- if (seedfile[0])
|
|
- RAND_write_file(seedfile);
|
|
-#endif
|
|
-
|
|
- return 0;
|
|
- } else
|
|
- return -1;
|
|
-}
|
|
-
|
|
/**
|
|
* Fill buffer buf with len bytes of PRNG randomness that is ok to use
|
|
* for key generation, padding and public diclosing the randomness w/o
|
|
@@ -103,24 +56,8 @@ HEIMDAL_WARN_UNUSED_RESULT_ATTRIBUTE
|
|
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
|
krb5_generate_random(void *buf, size_t len)
|
|
{
|
|
- static int rng_initialized = 0;
|
|
- int ret;
|
|
-
|
|
- HEIMDAL_MUTEX_lock(&crypto_mutex);
|
|
- if (!rng_initialized) {
|
|
- if (seed_something()) {
|
|
- HEIMDAL_MUTEX_unlock(&crypto_mutex);
|
|
- return HEIM_ERR_RANDOM_OFFLINE;
|
|
- }
|
|
- rng_initialized = 1;
|
|
- }
|
|
- if (RAND_bytes(buf, len) <= 0)
|
|
- ret = HEIM_ERR_RANDOM_OFFLINE;
|
|
- else
|
|
- ret = 0;
|
|
- HEIMDAL_MUTEX_unlock(&crypto_mutex);
|
|
-
|
|
- return ret;
|
|
+ arc4random_buf(buf, len);
|
|
+ return (0); /* arc4random_buf(3) cannot fail */
|
|
}
|
|
|
|
/**
|