lib/crypto/krb/old lib/crypto/krb/raw
lib/crypto/$CRYPTO_IMPL/sha1
lib/crypto/$CRYPTO_IMPL/sha2
- lib/crypto/krb/arcfour lib/crypto/krb/prng
- lib/crypto/krb/prng/$PRNG_ALG
+ lib/crypto/krb/arcfour
lib/crypto/$CRYPTO_IMPL/aes
lib/crypto/$CRYPTO_IMPL/camellia lib/crypto/crypto_tests
$(CRYPTO_IMPL)/enc_provider/OBJS.ST \
$(CRYPTO_IMPL)/hash_provider/OBJS.ST \
krb/checksum/OBJS.ST krb/prf/OBJS.ST krb/rand2key/OBJS.ST \
- krb/old/OBJS.ST krb/raw/OBJS.ST krb/prng/OBJS.ST \
- krb/prng/$(PRNG_ALG)/OBJS.ST \
+ krb/old/OBJS.ST krb/raw/OBJS.ST \
$(CRYPTO_IMPL)/md4/OBJS.ST $(CRYPTO_IMPL)/md5/OBJS.ST \
$(CRYPTO_IMPL)/sha1/OBJS.ST \
$(CRYPTO_IMPL)/sha2/OBJS.ST \
$(CRYPTO_IMPL)/enc_provider/OBJS.ST \
$(CRYPTO_IMPL)/hash_provider/OBJS.ST \
krb/checksum/OBJS.ST krb/prf/OBJS.ST krb/rand2key/OBJS.ST \
- krb/old/OBJS.ST krb/raw/OBJS.ST krb/prng/OBJS.ST \
- krb/prng/$(PRNG_ALG)/OBJS.ST \
+ krb/old/OBJS.ST krb/raw/OBJS.ST \
$(CRYPTO_IMPL)/md4/OBJS.ST $(CRYPTO_IMPL)/md5/OBJS.ST \
$(CRYPTO_IMPL)/sha1/OBJS.ST \
$(CRYPTO_IMPL)/sha2/OBJS.ST \
SHLIB_RDIRS=$(KRB5_LIBDIR)
##DOS##LIBNAME=$(OUTPRE)crypto.lib
-##DOS##OBJFILEDEP=$(OUTPRE)crc32.lst $(OUTPRE)rand2key.lst $(OUTPRE)fortuna.lst $(OUTPRE)prng.lst $(OUTPRE)prf.lst $(OUTPRE)checksum.lst $(OUTPRE)krb.lst $(OUTPRE)old.lst $(OUTPRE)raw.lst $(OUTPRE)arcfour.lst $(OUTPRE)dk.lst $(OUTPRE)aes.lst $(OUTPRE)enc_provider.lst $(OUTPRE)des.lst $(OUTPRE)md5.lst $(OUTPRE)camellia.lst $(OUTPRE)md4.lst $(OUTPRE)hash_provider.lst $(OUTPRE)sha2.lst $(OUTPRE)sha1.lst $(OUTPRE)builtin.lst
-##DOS##OBJFILELIST=@$(OUTPRE)crc32.lst @$(OUTPRE)rand2key.lst @$(OUTPRE)fortuna.lst @$(OUTPRE)prng.lst @$(OUTPRE)prf.lst @$(OUTPRE)checksum.lst @$(OUTPRE)krb.lst @$(OUTPRE)old.lst @$(OUTPRE)raw.lst @$(OUTPRE)arcfour.lst @$(OUTPRE)dk.lst @$(OUTPRE)aes.lst @$(OUTPRE)enc_provider.lst @$(OUTPRE)des.lst @$(OUTPRE)md5.lst @$(OUTPRE)camellia.lst @$(OUTPRE)md4.lst @$(OUTPRE)hash_provider.lst @$(OUTPRE)sha2.lst @$(OUTPRE)sha1.lst @$(OUTPRE)builtin.lst
+##DOS##OBJFILEDEP=$(OUTPRE)crc32.lst $(OUTPRE)rand2key.lst $(OUTPRE)prf.lst $(OUTPRE)checksum.lst $(OUTPRE)krb.lst $(OUTPRE)old.lst $(OUTPRE)raw.lst $(OUTPRE)arcfour.lst $(OUTPRE)dk.lst $(OUTPRE)aes.lst $(OUTPRE)enc_provider.lst $(OUTPRE)des.lst $(OUTPRE)md5.lst $(OUTPRE)camellia.lst $(OUTPRE)md4.lst $(OUTPRE)hash_provider.lst $(OUTPRE)sha2.lst $(OUTPRE)sha1.lst $(OUTPRE)builtin.lst
+##DOS##OBJFILELIST=@$(OUTPRE)crc32.lst @$(OUTPRE)rand2key.lst @$(OUTPRE)prf.lst @$(OUTPRE)checksum.lst @$(OUTPRE)krb.lst @$(OUTPRE)old.lst @$(OUTPRE)raw.lst @$(OUTPRE)arcfour.lst @$(OUTPRE)dk.lst @$(OUTPRE)aes.lst @$(OUTPRE)enc_provider.lst @$(OUTPRE)des.lst @$(OUTPRE)md5.lst @$(OUTPRE)camellia.lst @$(OUTPRE)md4.lst @$(OUTPRE)hash_provider.lst @$(OUTPRE)sha2.lst @$(OUTPRE)sha1.lst @$(OUTPRE)builtin.lst
all-unix:: all-liblinks
install-unix:: install-libs
mydir=lib$(S)crypto$(S)krb
BUILDTOP=$(REL)..$(S)..$(S)..
-SUBDIRS= arcfour checksum crc32 dk prf rand2key old raw prng
+SUBDIRS= arcfour checksum crc32 dk prf rand2key old raw
LOCALINCLUDES = -I$(srcdir) -I$(srcdir)/../$(CRYPTO_IMPL)/enc_provider \
-I$(srcdir)/dk -I$(srcdir)/../$(CRYPTO_IMPL)/hash_provider \
-I$(srcdir)/prf -I$(srcdir)/rand2key \
-I$(srcdir)/old -I$(srcdir)/raw \
- -I$(srcdir)/prng \
- -I$(srcdir)/prng/$(PRNG_ALG) \
-I$(srcdir)/../$(CRYPTO_IMPL) \
-I$(srcdir)/../$(CRYPTO_IMPL)/des \
-I$(srcdir)/../$(CRYPTO_IMPL)/aes -I$(srcdir)/arcfour \
+ -I$(srcdir)/../$(CRYPTO_IMPL)/sha2 \
-I$(srcdir)/../$(CRYPTO_IMPL)/camellia \
-I$(srcdir)/../$(CRYPTO_IMPL)/sha1 \
-I$(srcdir)/../$(CRYPTO_IMPL)
+RUN_SETUP = @KRB5_RUN_ENV@
PROG_LIBPATH=-L$(TOPLIBD)
PROG_RPATH=$(KRB5_LIBDIR)
DEFS=
nfold.o \
old_api_glue.o \
prf.o \
+ prng.o \
+ prng_$(PRNG_ALG).o \
random_to_key.o \
state.o \
string_to_cksumtype.o \
$(OUTPRE)nfold.$(OBJEXT) \
$(OUTPRE)old_api_glue.$(OBJEXT) \
$(OUTPRE)prf.$(OBJEXT) \
+ $(OUTPRE)prng.$(OBJEXT) \
+ $(OUTPRE)prng_$(PRNG_ALG).$(OBJEXT) \
$(OUTPRE)random_to_key.$(OBJEXT) \
$(OUTPRE)state.$(OBJEXT) \
$(OUTPRE)string_to_cksumtype.$(OBJEXT) \
$(srcdir)/nfold.c \
$(srcdir)/old_api_glue.c \
$(srcdir)/prf.c \
+ $(srcdir)/prng.c \
+ $(srcdir)/prng_$(PRNG_ALG).c \
$(srcdir)/cf2.c \
$(srcdir)/random_to_key.c \
$(srcdir)/state.c \
STOBJLISTS=arcfour/OBJS.ST checksum/OBJS.ST crc32/OBJS.ST \
dk/OBJS.ST prf/OBJS.ST rand2key/OBJS.ST \
- old/OBJS.ST raw/OBJS.ST prng/$(PRNG_ALG)/OBJS.ST prng/OBJS.ST OBJS.ST
+ old/OBJS.ST raw/OBJS.ST OBJS.ST
SUBDIROBJLISTS=arcfour/OBJS.ST checksum/OBJS.ST crc32/OBJS.ST \
dk/OBJS.ST prf/OBJS.ST rand2key/OBJS.ST \
- old/OBJS.ST raw/OBJS.ST prng/$(PRNG_ALG)/OBJS.ST prng/OBJS.ST
+ old/OBJS.ST raw/OBJS.ST
##DOS##LIBOBJS = $(OBJS)
depend:: $(SRCS)
+check-unix:: t_fortuna
+ if [ $(PRNG_ALG) = fortuna ]; then \
+ $(RUN_SETUP) $(VALGRIND) ./t_fortuna > t_fortuna.output; \
+ cmp t_fortuna.output $(srcdir)/t_fortuna.expected; \
+ fi
+
+t_fortuna: t_fortuna.o $(SUPPORT_DEPLIB) $(CRYPTO_DEPLIB)
+ $(CC_LINK) -o t_fortuna t_fortuna.o $(K5CRYPTO_LIB) $(SUPPORT_LIB)
+
clean-unix:: clean-libobjs
@lib_frag@
/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
#include <assert.h>
#include "k5-int.h"
+#include "prng.h"
MAKE_INIT_FUNCTION(cryptoint_initialize_library);
MAKE_FINI_FUNCTION(cryptoint_cleanup_library);
-extern int krb5int_prng_init(void);
-extern void krb5int_prng_cleanup (void);
-
/*
* Initialize the crypto library.
*/
int cryptoint_initialize_library (void)
{
int err;
- err = krb5int_prng_init();
+ err = k5_prng_init();
if (err)
return err;
return krb5int_crypto_impl_init();
{
if (!INITIALIZER_RAN(cryptoint_initialize_library))
return;
- krb5int_prng_cleanup();
+ k5_prng_cleanup();
krb5int_crypto_impl_cleanup();
}
#include "prng.h"
-#ifdef FORTUNA
-extern struct krb5_prng_provider krb5int_prng_fortuna;
-const struct krb5_prng_provider *prng = &krb5int_prng_fortuna;
-#elif defined(CRYPTO_IMPL_NSS)
-#include "prng_nss.h"
-const struct krb5_prng_provider *prng = &krb5int_prng_nss;
-#endif
-
-/*
- * krb5int_prng_init - Returns 0 on success
- */
-int
-krb5int_prng_init(void)
-{
- return prng->init();
-}
-
-/*
- * krb5_c_random_add_entropy - Returns 0 on success
- */
-krb5_error_code KRB5_CALLCONV
-krb5_c_random_add_entropy(krb5_context context, unsigned int randsource,
- const krb5_data *data)
-{
- return prng->add_entropy(context, randsource, data);
-}
-
-/*
- * krb5_c_random_seed - Returns 0 on success
- */
krb5_error_code KRB5_CALLCONV
krb5_c_random_seed(krb5_context context, krb5_data *data)
{
return krb5_c_random_add_entropy(context, KRB5_C_RANDSOURCE_OLDAPI, data);
}
-/*
- * krb5_c_random_make_octets - Returns 0 on success
- */
-krb5_error_code KRB5_CALLCONV
-krb5_c_random_make_octets(krb5_context context, krb5_data *data)
-{
- return prng->make_octets(context, data);
-}
-
-void
-krb5int_prng_cleanup(void)
-{
- prng->cleanup();
-}
-
-
-/*
- * Routines to get entropy from the OS. For UNIX we try /dev/urandom
- * and /dev/random. Currently we don't do anything for Windows.
- */
+/* Routines to get entropy from the OS. */
#if defined(_WIN32)
krb5_boolean
/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/krb/prng.h - Header for PRNG modules */
/*
- * lib/crypto/krb/prng/prng.h
- *
* Copyright 2010 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
#include "k5-int.h"
-/* Used by PRNG implementations to gather OS entropy. Returns true on
- * success. */
-krb5_boolean k5_get_os_entropy(unsigned char *buf, size_t len);
+/*
+ * PRNG modules must implement the following APIs from krb5.h:
+ * krb5_c_random_add_entropy
+ * krb5_c_random_make_octets
+ *
+ * PRNG modules should implement these functions. They are called from the
+ * crypto library init and cleanup functions, and can be used to setup and tear
+ * down static state without thread safety concerns.
+ */
+int k5_prng_init(void);
+void k5_prng_cleanup(void);
-/* prng.h */
-struct krb5_prng_provider {
- char prng_name[8];
- krb5_error_code (*make_octets)(krb5_context, krb5_data *);
- krb5_error_code (*add_entropy)(krb5_context, unsigned int randsource, const krb5_data*);
- int (*init)(void);
- void (*cleanup)(void);
-};
+/* Used by PRNG modules to gather OS entropy. Returns true on success. */
+krb5_boolean k5_get_os_entropy(unsigned char *buf, size_t len);
#endif
+++ /dev/null
-mydir=lib$(S)crypto$(S)krb$(S)prng
-BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
-SUBDIRS= $(PRNG_ALG)
-LOCALINCLUDES = -I$(srcdir) -I$(srcdir)/../../$(CRYPTO_IMPL)/enc_provider \
- -I$(srcdir)/../../$(CRYPTO_IMPL)/hash_provider \
- -I$(srcdir)/$(PRNG_ALG) \
- -I$(srcdir)/../../$(CRYPTO_IMPL)/ \
- -I$(srcdir)/../../$(CRYPTO_IMPL)/aes \
- -I$(srcdir)/../../$(CRYPTO_IMPL)/sha1 -I$(srcdir)/../../$(CRYPTO_IMPL)/sha2
-PROG_LIBPATH=-L$(TOPLIBD)
-PROG_RPATH=$(KRB5_LIBDIR)
-DEFS=
-
-##DOS##BUILDTOP = ..\..\..\..
-##DOS##PREFIXDIR = krb\prng
-##DOS##OBJFILE = ..\..\$(OUTPRE)prng.lst
-
-PROG_LIBPATH=-L$(TOPLIBD)
-PROG_RPATH=$(KRB5_LIBDIR)
-
-STLIBOBJS=\
- prng.o
-
-OBJS=\
- $(OUTPRE)prng.$(OBJEXT)
-
-SRCS=\
- $(srcdir)/prng.c
-
-##DOS##LIBOBJS = $(OBJS)
-
-STOBJLISTS= OBJS.ST $(PRNG_ALG)/OBJS.ST
-
-SUBDIROBJLISTS= $(PRNG_ALG)/OBJS.ST
-
-
-all-unix:: all-libobjs
-includes:: depend
-
-depend:: $(SRCS)
-
-clean-unix:: clean-libobjs
-
-@lib_frag@
-@libobj_frag@
-
+++ /dev/null
-#
-# Generated makefile dependencies follow.
-#
-prng.so prng.po $(OUTPRE)prng.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
- $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
- $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
- $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
- $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
- $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
- $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
- $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
- $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
- prng.c prng.h
+++ /dev/null
-mydir=lib$(S)crypto$(S)krb$(S)prng$(S)fortuna
-BUILDTOP=$(REL)..$(S)..$(S)..$(S)..$(S)..
-LOCALINCLUDES = -I$(srcdir)/.. -I$(srcdir)/../.. \
- -I$(srcdir)/../../../$(CRYPTO_IMPL) \
- -I$(srcdir)/../../../$(CRYPTO_IMPL)/sha2 \
- -I$(srcdir)/../../../$(CRYPTO_IMPL)/aes \
- -I$(srcdir)/../../../$(CRYPTO_IMPL)/enc_provider
-DEFS=
-RUN_SETUP = @KRB5_RUN_ENV@
-PROG_LIBPATH=-L$(TOPLIBD)
-PROG_RPATH=$(KRB5_LIBDIR)
-
-##DOS##BUILDTOP = ..\..\..\..\..
-##DOS##PREFIXDIR = krb\prng\fortuna
-##DOS##OBJFILE = ..\..\..\$(OUTPRE)fortuna.lst
-
-STLIBOBJS= \
- prng_fortuna.o
-OBJS= \
- $(OUTPRE)prng_fortuna.$(OBJEXT)
-
-SRCS=\
- $(srcdir)/prng_fortuna.c
-
-##DOS##LIBOBJS = $(OBJS)
-
-all-unix:: all-libobjs
-
-includes:: depend
-
-depend:: $(SRCS)
-
-t_fortuna: t_fortuna.$(OBJEXT) $(SUPPORT_DEPLIB)
- $(CC_LINK) -o t_fortuna t_fortuna.$(OBJEXT) -lcom_err $(SUPPORT_LIB) \
- $(CRYPTO_DEPLIB)
-
-check-unix:: t_fortuna
- $(RUN_SETUP) $(VALGRIND) ./t_fortuna >t_fortuna.output
- cmp t_fortuna.output $(srcdir)/t_fortuna.expected
-
-clean::
- $(RM) t_fortuna t_fortuna.$(OBJEXT)
-
-clean-unix:: clean-libobjs
-
-@lib_frag@
-@libobj_frag@
-
+++ /dev/null
-#
-# Generated makefile dependencies follow.
-#
-prng_fortuna.so prng_fortuna.po $(OUTPRE)prng_fortuna.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(srcdir)/../../../builtin/aes/aes.h \
- $(srcdir)/../../../builtin/aes/uitypes.h $(srcdir)/../../../builtin/enc_provider/enc_provider.h \
- $(srcdir)/../../../builtin/sha2/sha2.h $(srcdir)/../prng.h \
- $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
- $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
- $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
- $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
- $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
- $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
- $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
- $(top_srcdir)/include/socket-utils.h prng_fortuna.c
+++ /dev/null
-mydir=lib$(S)crypto$(S)krb$(S)prng$(S)nss
-BUILDTOP=$(REL)..$(S)..$(S)..$(S)..$(S)..
-CRYPTO_IMPL_CFLAGS=@CRYPTO_IMPL_CFLAGS@
-LOCALINCLUDES = -I$(srcdir)/.. -I$(srcdir)/../.. \
- -I$(srcdir)/../../../$(CRYPTO_IMPL) $(CRYPTO_IMPL_CFLAGS)
-DEFS=
-
-PROG_LIBPATH=-L$(TOPLIBD)
-PROG_RPATH=$(KRB5_LIBDIR)
-
-STLIBOBJS= prng_nss.o
-OBJS= \
- $(OUTPRE)prng_nss.$(OBJEXT)
-
-SRCS=\
- $(srcdir)/prng_nss.c
-
-all-unix:: all-libobjs
-
-includes:: depend
-
-depend:: $(SRCS)
-
-clean::
- $(RM) t_nss$(EXEEXT) t_nss.$(OBJEXT) t_nss_make_oct.result t_nss_make_oct$(EXEEXT) t_nss_make_oct.$(OBJEXT)
-
-
-clean-unix:: clean-libobjs
-
-@lib_frag@
-@libobj_frag@
-
+++ /dev/null
-#
-# Generated makefile dependencies follow.
-#
-prng_nss.so prng_nss.po $(OUTPRE)prng_nss.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
- $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../../builtin/aes/aes.h \
- $(srcdir)/../prng.h \
- $(top_srcdir)/include/k5-buf.h \
- $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
- $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
- $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
- $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
- $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
- $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
- $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
- prng_nss.c prng_nss.h
-
static pid_t last_pid;
static krb5_boolean have_entropy = FALSE;
-static int
-fortuna_init(void)
+int
+k5_prng_init(void)
{
krb5_error_code ret = 0;
unsigned char osbuf[64];
return 0;
}
-static void
-fortuna_cleanup(void)
+void
+k5_prng_cleanup(void)
{
have_entropy = FALSE;
zap(&main_state, sizeof(main_state));
k5_mutex_destroy(&fortuna_lock);
}
-static krb5_error_code
-fortuna_add_entropy(krb5_context context, unsigned int randsource,
- const krb5_data *indata)
+krb5_error_code KRB5_CALLCONV
+krb5_c_random_add_entropy(krb5_context context, unsigned int randsource,
+ const krb5_data *indata)
{
krb5_error_code ret;
return 0;
}
-static krb5_error_code
-fortuna_make_octets(krb5_context context, krb5_data *outdata)
+krb5_error_code KRB5_CALLCONV
+krb5_c_random_make_octets(krb5_context context, krb5_data *outdata)
{
krb5_error_code ret;
pid_t pid = getpid();
return 0;
}
-const struct krb5_prng_provider krb5int_prng_fortuna = {
- "fortuna",
- fortuna_make_octets,
- fortuna_add_entropy,
- fortuna_init,
- fortuna_cleanup
-};
-
#endif /* not TEST */
#include <assert.h>
#include "k5-thread.h"
-#ifdef CRYPTO_IMPL_NSS
-
/*
- * Using Fortuna with NSS is a bit problematic because the MD5 contexts it
- * holds open for the entropy pools would be invalidated by a fork(), causing
- * us to lose the entropy contained therein.
- *
- * Therefore, use the NSS PRNG if NSS is the crypto implementation.
+ * This PRNG module should be used whenever the NSS crypto implementation is
+ * used. The Fortuna module does not work with NSS because it needs to hold
+ * AES-256 and SHA-256 contexts across forks.
*/
-#include "../nss/nss_gen.h"
-#include <pk11pub.h>
+#include "nss_prng.h"
-static int
-nss_init(void)
+int
+k5_prng_init(void)
{
return 0;
}
-static krb5_error_code
-nss_add_entropy(krb5_context context, unsigned int randsource,
- const krb5_data *data)
+void
+k5_prng_cleanup(void)
{
- krb5_error_code ret;
-
- ret = k5_nss_init();
- if (ret)
- return ret;
- if (PK11_RandomUpdate(data->data, data->length) != SECSuccess)
- return k5_nss_map_last_error();
- return 0;
}
-static krb5_error_code
-nss_make_octets(krb5_context context, krb5_data *data)
+krb5_error_code KRB5_CALLCONV
+krb5_c_random_add_entropy(krb5_context context, unsigned int randsource,
+ const krb5_data *indata)
{
- krb5_error_code ret;
-
- ret = k5_nss_init();
- if (ret)
- return ret;
- if (PK11_GenerateRandom((unsigned char *)data->data,
- data->length) != SECSuccess)
- return k5_nss_map_last_error();
- return 0;
+ return k5_nss_prng_add_entropy(context, indata);
}
-static void
-nss_cleanup (void)
+krb5_error_code KRB5_CALLCONV
+krb5_c_random_make_octets(krb5_context context, krb5_data *outdata)
{
+ return k5_nss_prng_make_octets(context, outdata);
}
-
-const struct krb5_prng_provider krb5int_prng_nss = {
- "nss",
- nss_make_octets,
- nss_add_entropy,
- nss_init,
- nss_cleanup
-};
-#endif
* or implied warranty.
*/
+#include "k5-int.h"
+#ifdef FORTUNA
+
/* Include most of prng_fortuna.c so we can test the PRNG internals. */
#define TEST
#include "prng_fortuna.c"
head_tail_test(st);
return 0;
}
+
+#else /* FORTUNA */
+
+int
+main()
+{
+ return 0;
+}
+
+#endif /* FORTUNA */
STLIBOBJS=\
hmac.o \
pbkdf2.o \
+ prng.o \
stubs.o
OBJS=\
$(OUTPRE)hmac.$(OBJEXT) \
$(OUTPRE)pbkdf2.$(OBJEXT) \
+ $(OUTPRE)prng.$(OBJEXT) \
$(OUTPRE)stubs.$(OBJEXT)
SRCS=\
$(srcdir)/hmac.c \
$(srcdir)/pbkdf2.c \
+ $(srcdir)/prng.c \
$(srcdir)/stubs.c
STOBJLISTS= des/OBJS.ST md4/OBJS.ST \
/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/nss/nss_prng.h - Declarations for NSS PRNG wrappers */
/*
- * lib/crypto/krb/prng/nss/prng_nss.h
- *
- * Copyright 2010 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
+ * Copyright (C) 2011 by the Massachusetts Institute of Technology.
+ * All rights reserved.
*
* Export of this software from the United States of America may
* require a specific license from the United States Government.
* or implied warranty.
*/
-#ifndef PRNG_NSS_H
-#define PRNG_NSS_H
+#ifndef NSS_PRNG_H
+#define NSS_PRNG_H
-#include "k5-int.h"
-#include "prng.h"
+krb5_error_code
+k5_nss_prng_add_entropy(krb5_context context, const krb5_data *indata);
-extern const struct krb5_prng_provider krb5int_prng_nss;
+krb5_error_code
+k5_nss_prng_make_octets(krb5_context context, krb5_data *outdata);
-#endif
+#endif /* NSS_PRNG_H */
--- /dev/null
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/nss/prng.c - NSS prng functions */
+/*
+ * Copyright (C) 2011 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "nss_gen.h"
+#include "nss_prng.h"
+#include <pk11pub.h>
+
+krb5_error_code
+k5_nss_prng_add_entropy(krb5_context context, const krb5_data *indata)
+{
+ krb5_error_code ret;
+
+ ret = k5_nss_init();
+ if (ret)
+ return ret;
+ if (PK11_RandomUpdate(indata->data, indata->length) != SECSuccess)
+ return k5_nss_map_last_error();
+ return 0;
+}
+
+krb5_error_code
+k5_nss_prng_make_octets(krb5_context context, krb5_data *outdata)
+{
+ krb5_error_code ret;
+
+ ret = k5_nss_init();
+ if (ret)
+ return ret;
+ if (PK11_GenerateRandom((unsigned char *)outdata->data,
+ outdata->length) != SECSuccess)
+ return k5_nss_map_last_error();
+ return 0;
+}