diff options
author | Ken Raeburn <raeburn@mit.edu> | 2004-11-23 03:15:12 +0000 |
---|---|---|
committer | Ken Raeburn <raeburn@mit.edu> | 2004-11-23 03:15:12 +0000 |
commit | 5e822947a9cc593baf2b8bcb69136f51607c7ef0 (patch) | |
tree | 0522915ce780fcace9811f8bb2dbcdc7b8c1036c /src/lib | |
parent | df475f98cae506587ff2bba79eeee4ce47c71b73 (diff) | |
download | krb5-5e822947a9cc593baf2b8bcb69136f51607c7ef0.zip krb5-5e822947a9cc593baf2b8bcb69136f51607c7ef0.tar.gz krb5-5e822947a9cc593baf2b8bcb69136f51607c7ef0.tar.bz2 |
KDC on Tru64 was hanging because of another case where Yarrow code
assumes locks are recursive. Probably didn't trigger on Linux,
Solaris, or NetBSD because they have /dev/random and Tru64 does not.
* yarrow.c (yarrow_input_maybe_locking): Renamed from
yarrow_input_maybe_locking, made static. New argument indicates whether or not
to do locking.
(krb5int_yarrow_input): New wrapper function.
(yarrow_input_locked): New wrapper function.
(Yarrow_detect_fork): Call yarrow_input_locked.
ticket: 2755
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16903 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib')
-rw-r--r-- | src/lib/crypto/yarrow/ChangeLog | 9 | ||||
-rw-r--r-- | src/lib/crypto/yarrow/yarrow.c | 50 |
2 files changed, 47 insertions, 12 deletions
diff --git a/src/lib/crypto/yarrow/ChangeLog b/src/lib/crypto/yarrow/ChangeLog index 666ed1a..f3e5666 100644 --- a/src/lib/crypto/yarrow/ChangeLog +++ b/src/lib/crypto/yarrow/ChangeLog @@ -1,3 +1,12 @@ +2004-11-22 Ken Raeburn <raeburn@mit.edu> + + * yarrow.c (yarrow_input_maybe_locking): Renamed from + yarrow_input_maybe_locking, made static. New argument indicates + whether or not to do locking. + (krb5int_yarrow_input): New wrapper function. + (yarrow_input_locked): New wrapper function. + (Yarrow_detect_fork): Call yarrow_input_locked. + 2004-11-15 Sam Hartman <hartmans@mit.edu> * ycipher.h: Use AES256 not 3des diff --git a/src/lib/crypto/yarrow/yarrow.c b/src/lib/crypto/yarrow/yarrow.c index ae55801..a619c5b 100644 --- a/src/lib/crypto/yarrow/yarrow.c +++ b/src/lib/crypto/yarrow/yarrow.c @@ -121,6 +121,11 @@ static void krb5int_yarrow_init_Limits(Yarrow_CTX* y) PRNG state */ #ifdef YARROW_DETECT_FORK +static int +yarrow_input_locked( Yarrow_CTX* y, unsigned source_id, + const void *sample, + size_t size, size_t entropy_bits ); + static int Yarrow_detect_fork(Yarrow_CTX *y) { pid_t newpid; @@ -135,12 +140,12 @@ static int Yarrow_detect_fork(Yarrow_CTX *y) * Then we reseed. This doesn't really increase entropy, but does make the * streams distinct assuming we already have good entropy*/ y->pid = newpid; - TRY (krb5int_yarrow_input (y, 0, &newpid, - sizeof (newpid), 0)); - TRY (krb5int_yarrow_input (y, 0, &newpid, - sizeof (newpid), 0)); - TRY (krb5int_yarrow_reseed (y, YARROW_FAST_POOL)); - } + TRY (yarrow_input_locked (y, 0, &newpid, + sizeof (newpid), 0)); + TRY (yarrow_input_locked (y, 0, &newpid, + sizeof (newpid), 0)); + TRY (krb5int_yarrow_reseed (y, YARROW_FAST_POOL)); + } CATCH: EXCEP_RET; @@ -241,10 +246,11 @@ int krb5int_yarrow_init(Yarrow_CTX* y, const char *filename) EXCEP_RET; } -YARROW_DLL -int krb5int_yarrow_input( Yarrow_CTX* y, unsigned source_id, - const void* sample, - size_t size, size_t entropy_bits ) +static +int yarrow_input_maybe_locking( Yarrow_CTX* y, unsigned source_id, + const void* sample, + size_t size, size_t entropy_bits, + int do_lock ) { EXCEP_DECL; int ret; @@ -264,8 +270,10 @@ int krb5int_yarrow_input( Yarrow_CTX* y, unsigned source_id, THROW( YARROW_BAD_SOURCE ); } - TRY( LOCK() ); - locked = 1; + if (do_lock) { + TRY( LOCK() ); + locked = 1; + } /* hash in the sample */ @@ -331,6 +339,24 @@ int krb5int_yarrow_input( Yarrow_CTX* y, unsigned source_id, } YARROW_DLL +int krb5int_yarrow_input( Yarrow_CTX* y, unsigned source_id, + const void* sample, + size_t size, size_t entropy_bits ) +{ + return yarrow_input_maybe_locking(y, source_id, sample, size, + entropy_bits, 1); +} + +static int +yarrow_input_locked( Yarrow_CTX* y, unsigned source_id, + const void *sample, + size_t size, size_t entropy_bits ) +{ + return yarrow_input_maybe_locking(y, source_id, sample, size, + entropy_bits, 0); +} + +YARROW_DLL int krb5int_yarrow_new_source(Yarrow_CTX* y, unsigned* source_id) { EXCEP_DECL; |