4308a01205
Heimdal is an implementation of Kerberos 5 (and some more stuff) largely written in Sweden. ok sthen@ Note that it is not enabled yet because none of the requesters for this port stood up to give me any feedback nor OK. Also this is still a WIP, it may not even build with all the recent changes in base.
86 lines
2.1 KiB
Plaintext
86 lines
2.1 KiB
Plaintext
$OpenBSD: patch-lib_krb5_crypto-rand_c,v 1.1 2014/07/13 14:10:13 ajacoutot Exp $
|
|
|
|
Make it build with LibreSSL.
|
|
|
|
--- lib/krb5/crypto-rand.c.orig Thu Apr 24 14:36:16 2014
|
|
+++ lib/krb5/crypto-rand.c Thu Apr 24 14:36:12 2014
|
|
@@ -33,77 +33,8 @@
|
|
|
|
#include "krb5_locl.h"
|
|
|
|
-#define ENTROPY_NEEDED 128
|
|
-
|
|
-static HEIMDAL_MUTEX crypto_mutex = HEIMDAL_MUTEX_INITIALIZER;
|
|
-
|
|
-static int
|
|
-seed_something(void)
|
|
-{
|
|
- char buf[1024], seedfile[256];
|
|
-
|
|
- /* If there is a seed file, load it. But such a file cannot be trusted,
|
|
- so use 0 for the entropy estimate */
|
|
- if (RAND_file_name(seedfile, sizeof(seedfile))) {
|
|
- int fd;
|
|
- fd = open(seedfile, O_RDONLY | O_BINARY | O_CLOEXEC);
|
|
- if (fd >= 0) {
|
|
- ssize_t ret;
|
|
- rk_cloexec(fd);
|
|
- ret = read(fd, buf, sizeof(buf));
|
|
- if (ret > 0)
|
|
- RAND_add(buf, ret, 0.0);
|
|
- close(fd);
|
|
- } else
|
|
- seedfile[0] = '\0';
|
|
- } else
|
|
- seedfile[0] = '\0';
|
|
-
|
|
- /* Calling RAND_status() will try to use /dev/urandom if it exists so
|
|
- we do not have to deal with it. */
|
|
- if (RAND_status() != 1) {
|
|
-#ifndef _WIN32
|
|
- krb5_context context;
|
|
- const char *p;
|
|
-
|
|
- /* Try using egd */
|
|
- if (!krb5_init_context(&context)) {
|
|
- p = krb5_config_get_string(context, NULL, "libdefaults",
|
|
- "egd_socket", NULL);
|
|
- if (p != NULL)
|
|
- RAND_egd_bytes(p, ENTROPY_NEEDED);
|
|
- krb5_free_context(context);
|
|
- }
|
|
-#else
|
|
- /* TODO: Once a Windows CryptoAPI RAND method is defined, we
|
|
- can use that and failover to another method. */
|
|
-#endif
|
|
- }
|
|
-
|
|
- if (RAND_status() == 1) {
|
|
- /* Update the seed file */
|
|
- if (seedfile[0])
|
|
- RAND_write_file(seedfile);
|
|
-
|
|
- return 0;
|
|
- } else
|
|
- return -1;
|
|
-}
|
|
-
|
|
KRB5_LIB_FUNCTION void KRB5_LIB_CALL
|
|
krb5_generate_random_block(void *buf, size_t len)
|
|
{
|
|
- static int rng_initialized = 0;
|
|
-
|
|
- HEIMDAL_MUTEX_lock(&crypto_mutex);
|
|
- if (!rng_initialized) {
|
|
- if (seed_something())
|
|
- krb5_abortx(NULL, "Fatal: could not seed the "
|
|
- "random number generator");
|
|
-
|
|
- rng_initialized = 1;
|
|
- }
|
|
- HEIMDAL_MUTEX_unlock(&crypto_mutex);
|
|
- if (RAND_bytes(buf, len) <= 0)
|
|
- krb5_abortx(NULL, "Failed to generate random block");
|
|
+ arc4random_buf(buf, len);
|
|
}
|