+2004-11-17 Ken Raeburn <raeburn@mit.edu>
+
+ * prng.c (do_yarrow_init): Move mutex initialization here.
+ (krb5int_prng_init): Don't do it here.
+
2004-11-15 Sam Hartman <hartmans@mit.edu>
* t_prng.expected t_prng.reseedtest-expected : Update expected
PRNG test output and confirm that reseeds and gates happen correctly.
+2004-10-29 Ken Raeburn <raeburn@mit.edu>
+
+ * prng.c (yarrow_lock): Rename to krb5int_yarrow_lock via macro,
+ and change to be non-static.
+ (krb5int_prng_init): Call do_yarrow_init here.
+ (krb5_c_random_add_entropy): Don't call it here. Don't lock the
+ mutex, either.
+ (krb5_c_random_make_octets): Don't lock the mutex.
+
2004-06-16 Ken Raeburn <raeburn@mit.edu>
* Makefile.in (MAC_SUBDIRS): Don't set.
#include "yarrow.h"
static Yarrow_CTX y_ctx;
static int inited, init_error;
-static k5_mutex_t yarrow_lock = K5_MUTEX_PARTIAL_INITIALIZER;
+#define yarrow_lock krb5int_yarrow_lock
+k5_mutex_t yarrow_lock = K5_MUTEX_PARTIAL_INITIALIZER;
/* Helper function to estimate entropy based on sample length
* and where it comes from.
return (0);
}
+static void do_yarrow_init(void);
int krb5int_prng_init(void)
{
- return k5_mutex_finish_init(&yarrow_lock);
+ do_yarrow_init();
+ if (init_error)
+ return KRB5_CRYPTO_INTERNAL;
+ return 0;
}
static void do_yarrow_init(void)
unsigned i;
int yerr;
+ yerr = k5_mutex_finish_init(&yarrow_lock);
+ if (yerr) {
+ init_error = yerr;
+ return;
+ }
+
yerr = krb5int_yarrow_init (&y_ctx, NULL);
if ((yerr != YARROW_OK) && (yerr != YARROW_NOT_SEEDED)) {
init_error = yerr;
if (yerr)
return yerr;
/* Now, finally, feed in the data. */
- yerr = k5_mutex_lock(&yarrow_lock);
- if (yerr)
- return yerr;
- if (!inited)
- do_yarrow_init();
- if (init_error) {
- k5_mutex_unlock(&yarrow_lock);
- return KRB5_CRYPTO_INTERNAL;
- }
yerr = krb5int_yarrow_input (&y_ctx, randsource,
data->data, data->length,
entropy_estimate (randsource, data->length));
- k5_mutex_unlock(&yarrow_lock);
if (yerr != YARROW_OK)
- return (KRB5_CRYPTO_INTERNAL);
+ return (KRB5_CRYPTO_INTERNAL);
return (0);
}
{
int yerr;
assert (inited);
- yerr = k5_mutex_lock(&yarrow_lock);
- if (yerr)
- return yerr;
yerr = krb5int_yarrow_output (&y_ctx, data->data, data->length);
if (yerr == YARROW_NOT_SEEDED) {
yerr = krb5int_yarrow_reseed (&y_ctx, YARROW_SLOW_POOL);
if (yerr == YARROW_OK)
yerr = krb5int_yarrow_output (&y_ctx, data->data, data->length);
}
- k5_mutex_unlock(&yarrow_lock);
if ( yerr != YARROW_OK)
return (KRB5_CRYPTO_INTERNAL);
return(0);
+2004-11-22 Ken Raeburn <raeburn@mit.edu>
+
+ * yarrow.c (yarrow_input_maybe_locking): Renamed from
+ yarrow_input_maybe_locking, made static. New argument indicates
+ whether or not to do locking.
+ (krb5int_yarrow_input): New wrapper function.
+ (yarrow_input_locked): New wrapper function.
+ (Yarrow_detect_fork): Call yarrow_input_locked.
+
2004-11-15 Sam Hartman <hartmans@mit.edu>
* ycipher.h: Use AES256 not 3des
+2004-11-01 Ken Raeburn <raeburn@mit.edu>
+
+ * yarrow.c (krb5int_yarrow_input, krb5int_yarrow_final): Don't
+ check for forking here.
+ (yarrow_output_locked): Split out from krb5int_yarrow_output,
+ without locking.
+ (krb5int_yarrow_output): Do locking and call yarrow_output_locked.
+ (yarrow_gate_locked): New function; uses yarrow_output_locked.
+ (krb5int_yarrow_output_Block): Use yarrow_gate_locked.
+
+2004-10-29 Ken Raeburn <raeburn@mit.edu>
+
+ * ylock.h: Include k5-thread.h.
+ (krb5int_yarrow_lock): Declare.
+ (LOCK, UNLOCK): Define as macros using the k5_mutex_ macros.
+
2004-06-04 Ken Raeburn <raeburn@mit.edu>
* yarrow.c (yarrow_str_error): Now const.
PRNG state */
#ifdef YARROW_DETECT_FORK
+static int
+yarrow_input_locked( Yarrow_CTX* y, unsigned source_id,
+ const void *sample,
+ size_t size, size_t entropy_bits );
+
static int Yarrow_detect_fork(Yarrow_CTX *y)
{
pid_t newpid;
* Then we reseed. This doesn't really increase entropy, but does make the
* streams distinct assuming we already have good entropy*/
y->pid = newpid;
- TRY (krb5int_yarrow_input (y, 0, &newpid,
- sizeof (newpid), 0));
- TRY (krb5int_yarrow_input (y, 0, &newpid,
- sizeof (newpid), 0));
- TRY (krb5int_yarrow_reseed (y, YARROW_FAST_POOL));
- }
+ TRY (yarrow_input_locked (y, 0, &newpid,
+ sizeof (newpid), 0));
+ TRY (yarrow_input_locked (y, 0, &newpid,
+ sizeof (newpid), 0));
+ TRY (krb5int_yarrow_reseed (y, YARROW_FAST_POOL));
+ }
CATCH:
EXCEP_RET;
EXCEP_RET;
}
-YARROW_DLL
-int krb5int_yarrow_input( Yarrow_CTX* y, unsigned source_id,
- const void* sample,
- size_t size, size_t entropy_bits )
+static
+int yarrow_input_maybe_locking( Yarrow_CTX* y, unsigned source_id,
+ const void* sample,
+ size_t size, size_t entropy_bits,
+ int do_lock )
{
EXCEP_DECL;
int ret;
size_t estimate;
if (!y) { THROW( YARROW_BAD_ARG ); }
- TRY( Yarrow_detect_fork( y ) );
if (source_id >= y->num_sources) { THROW( YARROW_BAD_SOURCE ); }
THROW( YARROW_BAD_SOURCE );
}
- TRY( LOCK() );
- locked = 1;
+ if (do_lock) {
+ TRY( LOCK() );
+ locked = 1;
+ }
/* hash in the sample */
EXCEP_RET;
}
+YARROW_DLL
+int krb5int_yarrow_input( Yarrow_CTX* y, unsigned source_id,
+ const void* sample,
+ size_t size, size_t entropy_bits )
+{
+ return yarrow_input_maybe_locking(y, source_id, sample, size,
+ entropy_bits, 1);
+}
+
+static int
+yarrow_input_locked( Yarrow_CTX* y, unsigned source_id,
+ const void *sample,
+ size_t size, size_t entropy_bits )
+{
+ return yarrow_input_maybe_locking(y, source_id, sample, size,
+ entropy_bits, 0);
+}
+
YARROW_DLL
int krb5int_yarrow_new_source(Yarrow_CTX* y, unsigned* source_id)
{
if (y->out_count >= y->Pg)
{
y->out_count = 0;
- TRY( krb5int_yarrow_gate( y ) );
+ TRY( yarrow_gate_locked( y ) );
/* require new seed after reaching gates_limit */
EXCEP_RET;
}
+static int yarrow_output_locked(Yarrow_CTX*, void*, size_t);
+
YARROW_DLL
int krb5int_yarrow_output( Yarrow_CTX* y, void* out, size_t size )
{
EXCEP_DECL;
- int locked = 0;
+ TRY( LOCK() );
+ TRY( yarrow_output_locked(y, out, size));
+CATCH:
+ UNLOCK();
+ EXCEP_RET;
+}
+
+static
+int yarrow_output_locked( Yarrow_CTX* y, void* out, size_t size )
+{
+ EXCEP_DECL;
size_t left;
char* outp;
size_t use;
left = size;
outp = out;
- TRY( LOCK() );
-
if (y->out_left > 0)
{
use = min(left, y->out_left);
}
CATCH:
- if ( locked ) { TRY( UNLOCK() ); }
+ EXCEP_RET;
+}
+
+static int yarrow_gate_locked(Yarrow_CTX* y)
+{
+ EXCEP_DECL;
+ byte new_K[CIPHER_KEY_SIZE];
+
+ if (!y) { THROW( YARROW_BAD_ARG ); }
+ TRACE( printf( "GATE[" ); );
+
+ /* K <- Next k bits of PRNG output */
+
+ TRY( yarrow_output_locked(y, new_K, CIPHER_KEY_SIZE) );
+ mem_copy(y->K, new_K, CIPHER_KEY_SIZE);
+
+ /* need to resetup the key schedule as the key has changed */
+
+ TRY (krb5int_yarrow_cipher_init(&y->cipher, y->K));
+
+ CATCH:
+ TRACE( printf( "]," ); );
+ mem_zero(new_K, sizeof(new_K));
EXCEP_RET;
}
int locked = 0;
if (!y) { THROW( YARROW_BAD_ARG ); }
- TRY( Yarrow_detect_fork(y) );
TRY( LOCK() );
locked = 1;
* and YARROW_LOCKING on failure
*/
-
+#if 0
static int LOCK( void ) { return (YARROW_OK); }
static int UNLOCK( void ) { return (YARROW_OK); }
+#else
+#include "k5-thread.h"
+extern k5_mutex_t krb5int_yarrow_lock;
+#define LOCK() (k5_mutex_lock(&krb5int_yarrow_lock) ? YARROW_LOCKING : YARROW_OK)
+#define UNLOCK() (k5_mutex_unlock(&krb5int_yarrow_lock) ? YARROW_LOCKING : YARROW_OK)
+#endif
#endif /* YLOCK_H */