diff options
| author | Sam Hartman <hartmans@mit.edu> | 2001-11-21 21:28:14 +0000 |
|---|---|---|
| committer | Sam Hartman <hartmans@mit.edu> | 2001-11-21 21:28:14 +0000 |
| commit | b717bfc043ecaa27f65dfebae65177590e2102a6 (patch) | |
| tree | 8c44f8516d3e66b1d5a1302b22c0d3fc6de79bf6 /src/lib/crypto/yarrow/yarrow.c | |
| parent | f612a812e3b7182f842d2a818987b8ea713efa7b (diff) | |
| download | krb5-b717bfc043ecaa27f65dfebae65177590e2102a6.zip krb5-b717bfc043ecaa27f65dfebae65177590e2102a6.tar.gz krb5-b717bfc043ecaa27f65dfebae65177590e2102a6.tar.bz2 | |
On fork, perturb the PRNG stream in the child
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14016 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/crypto/yarrow/yarrow.c')
| -rw-r--r-- | src/lib/crypto/yarrow/yarrow.c | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/src/lib/crypto/yarrow/yarrow.c b/src/lib/crypto/yarrow/yarrow.c index e3e26f1..b4e5a21 100644 --- a/src/lib/crypto/yarrow/yarrow.c +++ b/src/lib/crypto/yarrow/yarrow.c @@ -121,14 +121,24 @@ static void krb5int_yarrow_init_Limits(Yarrow_CTX* y) static int Yarrow_detect_fork(Yarrow_CTX *y) { + pid_t newpid; EXCEP_DECL; /* this does not work for multi-threaded apps if threads have different * pids */ - if ( y->pid != getpid() ) + newpid = getpid(); + if ( y->pid != newpid ) { - TRY( krb5int_yarrow_init( y, y->entropyfile ) ); - } + /* we input the pid twice, so it will get into the fast pool at least once + * Then we reseed. This doesn't really increase entropy, but does make the + * streams distinct assuming we already have good entropy*/ + y->pid = newpid; + TRY (krb5int_yarrow_input (y, 0, &newpid, + sizeof (newpid), 0)); + TRY (krb5int_yarrow_input (y, 0, &newpid, + sizeof (newpid), 0)); + TRY (krb5int_yarrow_reseed (y, YARROW_FAST_POOL)); + } CATCH: EXCEP_RET; |