diff options
author | Greg Hudson <ghudson@mit.edu> | 2010-10-02 14:48:17 +0000 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2010-10-02 14:48:17 +0000 |
commit | 37c8182a75df27c96cbb93e980490f93e1b8b6c9 (patch) | |
tree | 72eddb0edd9d2e905376014472eb4e7a2f0308af /src/lib/crypto/krb | |
parent | 41d98a62180d92188321cbd6cbb50125e9e2fec1 (diff) | |
download | krb5-nss.zip krb5-nss.tar.gz krb5-nss.tar.bz2 |
Be more parsimonious with /dev/random when using the NSS PRNGnss
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/nss@24414 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/crypto/krb')
-rw-r--r-- | src/lib/crypto/krb/prng.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/src/lib/crypto/krb/prng.c b/src/lib/crypto/krb/prng.c index b9da3d5..a25cfcf 100644 --- a/src/lib/crypto/krb/prng.c +++ b/src/lib/crypto/krb/prng.c @@ -47,9 +47,12 @@ k5_mutex_t yarrow_lock = K5_MUTEX_PARTIAL_INITIALIZER; #include "../nss/nss_gen.h" #include <pk11pub.h> -/* Gather 8K of OS entropy per call, enough to fill the additional data buffer - * for the built-in PRNG and trigger a reseed. */ -#define OS_ENTROPY_LEN 8192 +/* + * NSS gathers its own OS entropy, so it doesn't really matter how much we read + * in krb5_c_random_os_entropy. Use the same value as Yarrow (without using a + * Yarrow constant), so that we don't read too much from /dev/random. + */ +#define OS_ENTROPY_LEN 20 int krb5int_prng_init(void) { |