Now that all PRNG modules fit nicely into a single source file,
authorGreg Hudson <ghudson@mit.edu>
Fri, 25 Feb 2011 17:23:54 +0000 (17:23 +0000)
committerGreg Hudson <ghudson@mit.edu>
Fri, 25 Feb 2011 17:23:54 +0000 (17:23 +0000)
simplify the PRNG abstraction, flattening the implementations into
crypto/krb and removing the indirection through function pointers.
Move the guts of the NSS PRNG implementation into the nss subdir so
that crypto/krb doesn't need to be built with CRYPTO_IMPL_CFLAGS.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24661 dc483132-0cff-0310-8789-dd5450dbe970

19 files changed:
src/configure.in
src/lib/crypto/Makefile.in
src/lib/crypto/krb/Makefile.in
src/lib/crypto/krb/crypto_libinit.c
src/lib/crypto/krb/prng.c [moved from src/lib/crypto/krb/prng/prng.c with 80% similarity]
src/lib/crypto/krb/prng.h [moved from src/lib/crypto/krb/prng/prng.h with 72% similarity]
src/lib/crypto/krb/prng/Makefile.in [deleted file]
src/lib/crypto/krb/prng/deps [deleted file]
src/lib/crypto/krb/prng/fortuna/Makefile.in [deleted file]
src/lib/crypto/krb/prng/fortuna/deps [deleted file]
src/lib/crypto/krb/prng/nss/Makefile.in [deleted file]
src/lib/crypto/krb/prng/nss/deps [deleted file]
src/lib/crypto/krb/prng_fortuna.c [moved from src/lib/crypto/krb/prng/fortuna/prng_fortuna.c with 96% similarity]
src/lib/crypto/krb/prng_nss.c [moved from src/lib/crypto/krb/prng/nss/prng_nss.c with 53% similarity]
src/lib/crypto/krb/t_fortuna.c [moved from src/lib/crypto/krb/prng/fortuna/t_fortuna.c with 98% similarity]
src/lib/crypto/krb/t_fortuna.expected [moved from src/lib/crypto/krb/prng/fortuna/t_fortuna.expected with 100% similarity]
src/lib/crypto/nss/Makefile.in
src/lib/crypto/nss/nss_prng.h [moved from src/lib/crypto/krb/prng/nss/prng_nss.h with 75% similarity]
src/lib/crypto/nss/prng.c [new file with mode: 0644]

index 1220f96c699b758d56a644577cdca3d2febd5603..1d93baa4a8dc84e10723617969965e4b7770140b 100644 (file)
@@ -1123,8 +1123,7 @@ V5_AC_OUTPUT_MAKEFILE(.
        lib/crypto/krb/old lib/crypto/krb/raw
         lib/crypto/$CRYPTO_IMPL/sha1
         lib/crypto/$CRYPTO_IMPL/sha2
-       lib/crypto/krb/arcfour lib/crypto/krb/prng
-       lib/crypto/krb/prng/$PRNG_ALG
+       lib/crypto/krb/arcfour
        lib/crypto/$CRYPTO_IMPL/aes
        lib/crypto/$CRYPTO_IMPL/camellia lib/crypto/crypto_tests
 
index 6016e5fd59c873f4c15a75c3557062ad66c110a8..8559653c4c8b526b6d4629712d97b47c6ba233c3 100644 (file)
@@ -22,8 +22,7 @@ STOBJLISTS=krb/crc32/OBJS.ST krb/dk/OBJS.ST                           \
        $(CRYPTO_IMPL)/enc_provider/OBJS.ST                             \
        $(CRYPTO_IMPL)/hash_provider/OBJS.ST                            \
        krb/checksum/OBJS.ST krb/prf/OBJS.ST krb/rand2key/OBJS.ST       \
-       krb/old/OBJS.ST krb/raw/OBJS.ST krb/prng/OBJS.ST                \
-       krb/prng/$(PRNG_ALG)/OBJS.ST                                    \
+       krb/old/OBJS.ST krb/raw/OBJS.ST                                 \
        $(CRYPTO_IMPL)/md4/OBJS.ST $(CRYPTO_IMPL)/md5/OBJS.ST           \
        $(CRYPTO_IMPL)/sha1/OBJS.ST                                     \
        $(CRYPTO_IMPL)/sha2/OBJS.ST                                     \
@@ -36,8 +35,7 @@ SUBDIROBJLISTS=krb/crc32/OBJS.ST krb/dk/OBJS.ST                               \
        $(CRYPTO_IMPL)/enc_provider/OBJS.ST                             \
        $(CRYPTO_IMPL)/hash_provider/OBJS.ST                            \
        krb/checksum/OBJS.ST krb/prf/OBJS.ST krb/rand2key/OBJS.ST       \
-       krb/old/OBJS.ST krb/raw/OBJS.ST krb/prng/OBJS.ST                \
-       krb/prng/$(PRNG_ALG)/OBJS.ST                                    \
+       krb/old/OBJS.ST krb/raw/OBJS.ST                                 \
        $(CRYPTO_IMPL)/md4/OBJS.ST $(CRYPTO_IMPL)/md5/OBJS.ST           \
        $(CRYPTO_IMPL)/sha1/OBJS.ST                                     \
        $(CRYPTO_IMPL)/sha2/OBJS.ST                                     \
@@ -59,8 +57,8 @@ SHLIB_LIBDIRS= @SHLIB_LIBDIRS@
 SHLIB_RDIRS=$(KRB5_LIBDIR)
 
 ##DOS##LIBNAME=$(OUTPRE)crypto.lib
-##DOS##OBJFILEDEP=$(OUTPRE)crc32.lst $(OUTPRE)rand2key.lst $(OUTPRE)fortuna.lst $(OUTPRE)prng.lst $(OUTPRE)prf.lst $(OUTPRE)checksum.lst $(OUTPRE)krb.lst $(OUTPRE)old.lst $(OUTPRE)raw.lst $(OUTPRE)arcfour.lst $(OUTPRE)dk.lst $(OUTPRE)aes.lst $(OUTPRE)enc_provider.lst $(OUTPRE)des.lst $(OUTPRE)md5.lst $(OUTPRE)camellia.lst $(OUTPRE)md4.lst $(OUTPRE)hash_provider.lst $(OUTPRE)sha2.lst $(OUTPRE)sha1.lst $(OUTPRE)builtin.lst
-##DOS##OBJFILELIST=@$(OUTPRE)crc32.lst @$(OUTPRE)rand2key.lst @$(OUTPRE)fortuna.lst @$(OUTPRE)prng.lst @$(OUTPRE)prf.lst @$(OUTPRE)checksum.lst @$(OUTPRE)krb.lst @$(OUTPRE)old.lst @$(OUTPRE)raw.lst @$(OUTPRE)arcfour.lst @$(OUTPRE)dk.lst @$(OUTPRE)aes.lst @$(OUTPRE)enc_provider.lst @$(OUTPRE)des.lst @$(OUTPRE)md5.lst @$(OUTPRE)camellia.lst @$(OUTPRE)md4.lst @$(OUTPRE)hash_provider.lst @$(OUTPRE)sha2.lst @$(OUTPRE)sha1.lst @$(OUTPRE)builtin.lst
+##DOS##OBJFILEDEP=$(OUTPRE)crc32.lst $(OUTPRE)rand2key.lst $(OUTPRE)prf.lst $(OUTPRE)checksum.lst $(OUTPRE)krb.lst $(OUTPRE)old.lst $(OUTPRE)raw.lst $(OUTPRE)arcfour.lst $(OUTPRE)dk.lst $(OUTPRE)aes.lst $(OUTPRE)enc_provider.lst $(OUTPRE)des.lst $(OUTPRE)md5.lst $(OUTPRE)camellia.lst $(OUTPRE)md4.lst $(OUTPRE)hash_provider.lst $(OUTPRE)sha2.lst $(OUTPRE)sha1.lst $(OUTPRE)builtin.lst
+##DOS##OBJFILELIST=@$(OUTPRE)crc32.lst @$(OUTPRE)rand2key.lst @$(OUTPRE)prf.lst @$(OUTPRE)checksum.lst @$(OUTPRE)krb.lst @$(OUTPRE)old.lst @$(OUTPRE)raw.lst @$(OUTPRE)arcfour.lst @$(OUTPRE)dk.lst @$(OUTPRE)aes.lst @$(OUTPRE)enc_provider.lst @$(OUTPRE)des.lst @$(OUTPRE)md5.lst @$(OUTPRE)camellia.lst @$(OUTPRE)md4.lst @$(OUTPRE)hash_provider.lst @$(OUTPRE)sha2.lst @$(OUTPRE)sha1.lst @$(OUTPRE)builtin.lst
 
 all-unix:: all-liblinks
 install-unix:: install-libs
index 29c8897a960f6ada6751efd1e41ab402bb2d1341..9692fd27836e24a7fe24fb74b986fe19e69fc18f 100644 (file)
@@ -1,18 +1,18 @@
 mydir=lib$(S)crypto$(S)krb
 BUILDTOP=$(REL)..$(S)..$(S)..
-SUBDIRS= arcfour checksum crc32 dk prf rand2key old raw prng 
+SUBDIRS= arcfour checksum crc32 dk prf rand2key old raw 
 LOCALINCLUDES = -I$(srcdir) -I$(srcdir)/../$(CRYPTO_IMPL)/enc_provider \
                -I$(srcdir)/dk -I$(srcdir)/../$(CRYPTO_IMPL)/hash_provider \
                -I$(srcdir)/prf -I$(srcdir)/rand2key \
                -I$(srcdir)/old -I$(srcdir)/raw \
-               -I$(srcdir)/prng \
-               -I$(srcdir)/prng/$(PRNG_ALG) \
                -I$(srcdir)/../$(CRYPTO_IMPL) \
                -I$(srcdir)/../$(CRYPTO_IMPL)/des \
                -I$(srcdir)/../$(CRYPTO_IMPL)/aes -I$(srcdir)/arcfour   \
+               -I$(srcdir)/../$(CRYPTO_IMPL)/sha2 \
                -I$(srcdir)/../$(CRYPTO_IMPL)/camellia \
                -I$(srcdir)/../$(CRYPTO_IMPL)/sha1 \
                -I$(srcdir)/../$(CRYPTO_IMPL)
+RUN_SETUP = @KRB5_RUN_ENV@
 PROG_LIBPATH=-L$(TOPLIBD)
 PROG_RPATH=$(KRB5_LIBDIR)
 DEFS=
@@ -55,6 +55,8 @@ STLIBOBJS=\
        nfold.o                 \
        old_api_glue.o          \
        prf.o                   \
+       prng.o                  \
+       prng_$(PRNG_ALG).o      \
        random_to_key.o         \
        state.o                 \
        string_to_cksumtype.o   \
@@ -94,6 +96,8 @@ OBJS=\
        $(OUTPRE)nfold.$(OBJEXT)                \
        $(OUTPRE)old_api_glue.$(OBJEXT)         \
        $(OUTPRE)prf.$(OBJEXT)                  \
+       $(OUTPRE)prng.$(OBJEXT)                 \
+       $(OUTPRE)prng_$(PRNG_ALG).$(OBJEXT)     \
        $(OUTPRE)random_to_key.$(OBJEXT)        \
        $(OUTPRE)state.$(OBJEXT)                \
        $(OUTPRE)string_to_cksumtype.$(OBJEXT)  \
@@ -132,6 +136,8 @@ SRCS=\
        $(srcdir)/nfold.c               \
        $(srcdir)/old_api_glue.c        \
        $(srcdir)/prf.c                 \
+       $(srcdir)/prng.c                \
+       $(srcdir)/prng_$(PRNG_ALG).c    \
        $(srcdir)/cf2.c                 \
        $(srcdir)/random_to_key.c       \
        $(srcdir)/state.c               \
@@ -143,11 +149,11 @@ SRCS=\
 
 STOBJLISTS=arcfour/OBJS.ST checksum/OBJS.ST crc32/OBJS.ST      \
        dk/OBJS.ST prf/OBJS.ST rand2key/OBJS.ST                 \
-       old/OBJS.ST raw/OBJS.ST  prng/$(PRNG_ALG)/OBJS.ST prng/OBJS.ST OBJS.ST
+       old/OBJS.ST raw/OBJS.ST OBJS.ST
 
 SUBDIROBJLISTS=arcfour/OBJS.ST checksum/OBJS.ST crc32/OBJS.ST  \
        dk/OBJS.ST prf/OBJS.ST rand2key/OBJS.ST                 \
-       old/OBJS.ST raw/OBJS.ST  prng/$(PRNG_ALG)/OBJS.ST prng/OBJS.ST  
+       old/OBJS.ST raw/OBJS.ST
 
 ##DOS##LIBOBJS = $(OBJS)
 
@@ -156,6 +162,15 @@ includes:: depend
 
 depend:: $(SRCS)
 
+check-unix:: t_fortuna
+       if [ $(PRNG_ALG) = fortuna ]; then \
+               $(RUN_SETUP) $(VALGRIND) ./t_fortuna > t_fortuna.output; \
+               cmp t_fortuna.output $(srcdir)/t_fortuna.expected; \
+       fi
+
+t_fortuna: t_fortuna.o $(SUPPORT_DEPLIB) $(CRYPTO_DEPLIB)
+       $(CC_LINK) -o t_fortuna t_fortuna.o $(K5CRYPTO_LIB) $(SUPPORT_LIB)
+
 clean-unix:: clean-libobjs
 
 @lib_frag@
index b94a01cc0ba4f9327c8c562af6fbbcf9e52a0c32..f977135015a26eb42eda62c5a7b25eeef68da075 100644 (file)
@@ -1,13 +1,11 @@
 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #include <assert.h>
 #include "k5-int.h"
+#include "prng.h"
 
 MAKE_INIT_FUNCTION(cryptoint_initialize_library);
 MAKE_FINI_FUNCTION(cryptoint_cleanup_library);
 
-extern int krb5int_prng_init(void);
-extern void krb5int_prng_cleanup (void);
-
 /*
  * Initialize the crypto library.
  */
@@ -15,7 +13,7 @@ extern void krb5int_prng_cleanup (void);
 int cryptoint_initialize_library (void)
 {
     int err;
-    err = krb5int_prng_init();
+    err = k5_prng_init();
     if (err)
         return err;
     return krb5int_crypto_impl_init();
@@ -34,6 +32,6 @@ void cryptoint_cleanup_library (void)
 {
     if (!INITIALIZER_RAN(cryptoint_initialize_library))
         return;
-    krb5int_prng_cleanup();
+    k5_prng_cleanup();
     krb5int_crypto_impl_cleanup();
 }
similarity index 80%
rename from src/lib/crypto/krb/prng/prng.c
rename to src/lib/crypto/krb/prng.c
index d2bafa57a70cfe6e69e1d6ad962df339e0b2271c..b65223b8bb39223f2d719afbcd28cb81a4f2d05a 100644 (file)
 
 #include "prng.h"
 
-#ifdef FORTUNA
-extern struct krb5_prng_provider krb5int_prng_fortuna;
-const struct krb5_prng_provider *prng = &krb5int_prng_fortuna;
-#elif defined(CRYPTO_IMPL_NSS)
-#include "prng_nss.h"
-const struct krb5_prng_provider *prng = &krb5int_prng_nss;
-#endif
-
-/*
- * krb5int_prng_init - Returns 0 on success
- */
-int
-krb5int_prng_init(void)
-{
-    return prng->init();
-}
-
-/*
- * krb5_c_random_add_entropy - Returns 0 on success
- */
-krb5_error_code KRB5_CALLCONV
-krb5_c_random_add_entropy(krb5_context context, unsigned int randsource,
-                          const krb5_data *data)
-{
-    return prng->add_entropy(context, randsource, data);
-}
-
-/*
- * krb5_c_random_seed - Returns 0 on success
- */
 krb5_error_code KRB5_CALLCONV
 krb5_c_random_seed(krb5_context context, krb5_data *data)
 {
     return krb5_c_random_add_entropy(context, KRB5_C_RANDSOURCE_OLDAPI, data);
 }
 
-/*
- * krb5_c_random_make_octets -  Returns 0 on success
- */
-krb5_error_code KRB5_CALLCONV
-krb5_c_random_make_octets(krb5_context context, krb5_data *data)
-{
-    return prng->make_octets(context, data);
-}
-
-void
-krb5int_prng_cleanup(void)
-{
-    prng->cleanup();
-}
-
-
-/*
- * Routines to get entropy from the OS.  For UNIX we try /dev/urandom
- * and /dev/random.  Currently we don't do anything for Windows.
- */
+/* Routines to get entropy from the OS. */
 #if defined(_WIN32)
 
 krb5_boolean
similarity index 72%
rename from src/lib/crypto/krb/prng/prng.h
rename to src/lib/crypto/krb/prng.h
index 72803555145c634ac35d1c585a80d9b7e4171e13..f75d5f731900ba664d9cfb1e4e2c2733c9212b5d 100644 (file)
@@ -1,7 +1,6 @@
 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/krb/prng.h - Header for PRNG modules */
 /*
- * lib/crypto/krb/prng/prng.h
- *
  * Copyright 2010 by the Massachusetts Institute of Technology.
  * All Rights Reserved.
  *
 
 #include "k5-int.h"
 
-/* Used by PRNG implementations to gather OS entropy.  Returns true on
- * success. */
-krb5_boolean k5_get_os_entropy(unsigned char *buf, size_t len);
+/*
+ * PRNG modules must implement the following APIs from krb5.h:
+ *   krb5_c_random_add_entropy
+ *   krb5_c_random_make_octets
+ *
+ * PRNG modules should implement these functions.  They are called from the
+ * crypto library init and cleanup functions, and can be used to setup and tear
+ * down static state without thread safety concerns.
+ */
+int k5_prng_init(void);
+void k5_prng_cleanup(void);
 
-/* prng.h */
-struct krb5_prng_provider {
-    char prng_name[8];
-    krb5_error_code (*make_octets)(krb5_context, krb5_data *);
-    krb5_error_code (*add_entropy)(krb5_context, unsigned int randsource, const krb5_data*);
-    int (*init)(void);
-    void (*cleanup)(void);
-};
+/* Used by PRNG modules to gather OS entropy.  Returns true on success. */
+krb5_boolean k5_get_os_entropy(unsigned char *buf, size_t len);
 
 #endif
diff --git a/src/lib/crypto/krb/prng/Makefile.in b/src/lib/crypto/krb/prng/Makefile.in
deleted file mode 100644 (file)
index 843fdd2..0000000
+++ /dev/null
@@ -1,46 +0,0 @@
-mydir=lib$(S)crypto$(S)krb$(S)prng
-BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
-SUBDIRS= $(PRNG_ALG)
-LOCALINCLUDES = -I$(srcdir) -I$(srcdir)/../../$(CRYPTO_IMPL)/enc_provider \
-               -I$(srcdir)/../../$(CRYPTO_IMPL)/hash_provider                          \
-               -I$(srcdir)/$(PRNG_ALG)                         \
-               -I$(srcdir)/../../$(CRYPTO_IMPL)/               \
-               -I$(srcdir)/../../$(CRYPTO_IMPL)/aes    \
-               -I$(srcdir)/../../$(CRYPTO_IMPL)/sha1 -I$(srcdir)/../../$(CRYPTO_IMPL)/sha2
-PROG_LIBPATH=-L$(TOPLIBD)
-PROG_RPATH=$(KRB5_LIBDIR)
-DEFS=
-
-##DOS##BUILDTOP = ..\..\..\..
-##DOS##PREFIXDIR = krb\prng
-##DOS##OBJFILE = ..\..\$(OUTPRE)prng.lst
-
-PROG_LIBPATH=-L$(TOPLIBD)
-PROG_RPATH=$(KRB5_LIBDIR)
-
-STLIBOBJS=\
-       prng.o
-
-OBJS=\
-       $(OUTPRE)prng.$(OBJEXT)
-
-SRCS=\
-       $(srcdir)/prng.c
-
-##DOS##LIBOBJS = $(OBJS)
-
-STOBJLISTS= OBJS.ST  $(PRNG_ALG)/OBJS.ST 
-
-SUBDIROBJLISTS=  $(PRNG_ALG)/OBJS.ST 
-
-
-all-unix:: all-libobjs
-includes:: depend
-
-depend:: $(SRCS)
-
-clean-unix:: clean-libobjs
-
-@lib_frag@
-@libobj_frag@
-
diff --git a/src/lib/crypto/krb/prng/deps b/src/lib/crypto/krb/prng/deps
deleted file mode 100644 (file)
index ca2553a..0000000
+++ /dev/null
@@ -1,14 +0,0 @@
-# 
-# Generated makefile dependencies follow.
-#
-prng.so prng.po $(OUTPRE)prng.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
-  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
-  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
-  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
-  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
-  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
-  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
-  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
-  prng.c prng.h
diff --git a/src/lib/crypto/krb/prng/fortuna/Makefile.in b/src/lib/crypto/krb/prng/fortuna/Makefile.in
deleted file mode 100644 (file)
index 1ff3671..0000000
+++ /dev/null
@@ -1,48 +0,0 @@
-mydir=lib$(S)crypto$(S)krb$(S)prng$(S)fortuna
-BUILDTOP=$(REL)..$(S)..$(S)..$(S)..$(S)..
-LOCALINCLUDES = -I$(srcdir)/.. -I$(srcdir)/../.. \
-               -I$(srcdir)/../../../$(CRYPTO_IMPL)             \
-               -I$(srcdir)/../../../$(CRYPTO_IMPL)/sha2        \
-               -I$(srcdir)/../../../$(CRYPTO_IMPL)/aes         \
-               -I$(srcdir)/../../../$(CRYPTO_IMPL)/enc_provider
-DEFS=
-RUN_SETUP = @KRB5_RUN_ENV@
-PROG_LIBPATH=-L$(TOPLIBD)
-PROG_RPATH=$(KRB5_LIBDIR)
-
-##DOS##BUILDTOP = ..\..\..\..\..
-##DOS##PREFIXDIR = krb\prng\fortuna
-##DOS##OBJFILE = ..\..\..\$(OUTPRE)fortuna.lst
-
-STLIBOBJS= \
-       prng_fortuna.o
-OBJS= \
-       $(OUTPRE)prng_fortuna.$(OBJEXT)
-
-SRCS=\
-       $(srcdir)/prng_fortuna.c 
-
-##DOS##LIBOBJS = $(OBJS)
-
-all-unix:: all-libobjs
-
-includes:: depend
-
-depend:: $(SRCS)
-
-t_fortuna: t_fortuna.$(OBJEXT) $(SUPPORT_DEPLIB)
-       $(CC_LINK) -o t_fortuna t_fortuna.$(OBJEXT) -lcom_err $(SUPPORT_LIB) \
-               $(CRYPTO_DEPLIB)
-
-check-unix:: t_fortuna
-       $(RUN_SETUP) $(VALGRIND) ./t_fortuna >t_fortuna.output
-       cmp t_fortuna.output $(srcdir)/t_fortuna.expected
-
-clean::
-       $(RM) t_fortuna t_fortuna.$(OBJEXT)
-
-clean-unix:: clean-libobjs
-
-@lib_frag@
-@libobj_frag@
-
diff --git a/src/lib/crypto/krb/prng/fortuna/deps b/src/lib/crypto/krb/prng/fortuna/deps
deleted file mode 100644 (file)
index 2518c95..0000000
+++ /dev/null
@@ -1,17 +0,0 @@
-# 
-# Generated makefile dependencies follow.
-#
-prng_fortuna.so prng_fortuna.po $(OUTPRE)prng_fortuna.$(OBJEXT): \
-  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
-  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(srcdir)/../../../builtin/aes/aes.h \
-  $(srcdir)/../../../builtin/aes/uitypes.h $(srcdir)/../../../builtin/enc_provider/enc_provider.h \
-  $(srcdir)/../../../builtin/sha2/sha2.h $(srcdir)/../prng.h \
-  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
-  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
-  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
-  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
-  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
-  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
-  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
-  $(top_srcdir)/include/socket-utils.h prng_fortuna.c
diff --git a/src/lib/crypto/krb/prng/nss/Makefile.in b/src/lib/crypto/krb/prng/nss/Makefile.in
deleted file mode 100644 (file)
index a026076..0000000
+++ /dev/null
@@ -1,32 +0,0 @@
-mydir=lib$(S)crypto$(S)krb$(S)prng$(S)nss
-BUILDTOP=$(REL)..$(S)..$(S)..$(S)..$(S)..
-CRYPTO_IMPL_CFLAGS=@CRYPTO_IMPL_CFLAGS@
-LOCALINCLUDES = -I$(srcdir)/.. -I$(srcdir)/../.. \
-               -I$(srcdir)/../../../$(CRYPTO_IMPL) $(CRYPTO_IMPL_CFLAGS)
-DEFS=
-
-PROG_LIBPATH=-L$(TOPLIBD)
-PROG_RPATH=$(KRB5_LIBDIR)
-
-STLIBOBJS=  prng_nss.o
-OBJS= \
-       $(OUTPRE)prng_nss.$(OBJEXT)
-
-SRCS=\
-       $(srcdir)/prng_nss.c 
-
-all-unix:: all-libobjs
-
-includes:: depend
-
-depend:: $(SRCS)
-
-clean::
-       $(RM) t_nss$(EXEEXT) t_nss.$(OBJEXT)  t_nss_make_oct.result  t_nss_make_oct$(EXEEXT)  t_nss_make_oct.$(OBJEXT)
-
-
-clean-unix:: clean-libobjs
-
-@lib_frag@
-@libobj_frag@
-
diff --git a/src/lib/crypto/krb/prng/nss/deps b/src/lib/crypto/krb/prng/nss/deps
deleted file mode 100644 (file)
index b75e678..0000000
+++ /dev/null
@@ -1,17 +0,0 @@
-# 
-# Generated makefile dependencies follow.
-#
-prng_nss.so prng_nss.po $(OUTPRE)prng_nss.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../../builtin/aes/aes.h \
-  $(srcdir)/../prng.h \
-  $(top_srcdir)/include/k5-buf.h \
-  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
-  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
-  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
-  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
-  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
-  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
-  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
-  prng_nss.c prng_nss.h 
-
similarity index 96%
rename from src/lib/crypto/krb/prng/fortuna/prng_fortuna.c
rename to src/lib/crypto/krb/prng_fortuna.c
index a1ff73035b17f845ce5f42e1137dcc0b5b645492..03cec2544e8cd47d0e6bb66c35a22459b5b5e6b6 100644 (file)
@@ -354,8 +354,8 @@ static struct fortuna_state main_state;
 static pid_t last_pid;
 static krb5_boolean have_entropy = FALSE;
 
-static int
-fortuna_init(void)
+int
+k5_prng_init(void)
 {
     krb5_error_code ret = 0;
     unsigned char osbuf[64];
@@ -374,17 +374,17 @@ fortuna_init(void)
     return 0;
 }
 
-static void
-fortuna_cleanup(void)
+void
+k5_prng_cleanup(void)
 {
     have_entropy = FALSE;
     zap(&main_state, sizeof(main_state));
     k5_mutex_destroy(&fortuna_lock);
 }
 
-static krb5_error_code
-fortuna_add_entropy(krb5_context context, unsigned int randsource,
-                    const krb5_data *indata)
+krb5_error_code KRB5_CALLCONV
+krb5_c_random_add_entropy(krb5_context context, unsigned int randsource,
+                          const krb5_data *indata)
 {
     krb5_error_code ret;
 
@@ -411,8 +411,8 @@ fortuna_add_entropy(krb5_context context, unsigned int randsource,
     return 0;
 }
 
-static krb5_error_code
-fortuna_make_octets(krb5_context context, krb5_data *outdata)
+krb5_error_code KRB5_CALLCONV
+krb5_c_random_make_octets(krb5_context context, krb5_data *outdata)
 {
     krb5_error_code ret;
     pid_t pid = getpid();
@@ -438,12 +438,4 @@ fortuna_make_octets(krb5_context context, krb5_data *outdata)
     return 0;
 }
 
-const struct krb5_prng_provider krb5int_prng_fortuna = {
-    "fortuna",
-    fortuna_make_octets,
-    fortuna_add_entropy,
-    fortuna_init,
-    fortuna_cleanup
-};
-
 #endif /* not TEST */
similarity index 53%
rename from src/lib/crypto/krb/prng/nss/prng_nss.c
rename to src/lib/crypto/krb/prng_nss.c
index 01eeb094ff0acc0437eb256d52f52df121916cdb..4d2b9c4a0d08a3b1fef84106e544d819ed80457e 100644 (file)
 #include <assert.h>
 #include "k5-thread.h"
 
-#ifdef CRYPTO_IMPL_NSS
-
 /*
- * Using Fortuna with NSS is a bit problematic because the MD5 contexts it
- * holds open for the entropy pools would be invalidated by a fork(), causing
- * us to lose the entropy contained therein.
- *
- * Therefore, use the NSS PRNG if NSS is the crypto implementation.
+ * This PRNG module should be used whenever the NSS crypto implementation is
+ * used.  The Fortuna module does not work with NSS because it needs to hold
+ * AES-256 and SHA-256 contexts across forks.
  */
 
-#include "../nss/nss_gen.h"
-#include <pk11pub.h>
+#include "nss_prng.h"
 
-static int
-nss_init(void)
+int
+k5_prng_init(void)
 {
     return 0;
 }
 
-static krb5_error_code
-nss_add_entropy(krb5_context context, unsigned int randsource,
-                          const krb5_data *data)
+void
+k5_prng_cleanup(void)
 {
-    krb5_error_code ret;
-
-    ret = k5_nss_init();
-    if (ret)
-        return ret;
-    if (PK11_RandomUpdate(data->data, data->length) != SECSuccess)
-        return k5_nss_map_last_error();
-    return 0;
 }
 
-static krb5_error_code
-nss_make_octets(krb5_context context, krb5_data *data)
+krb5_error_code KRB5_CALLCONV
+krb5_c_random_add_entropy(krb5_context context, unsigned int randsource,
+                          const krb5_data *indata)
 {
-    krb5_error_code ret;
-
-    ret = k5_nss_init();
-    if (ret)
-        return ret;
-    if (PK11_GenerateRandom((unsigned char *)data->data,
-                            data->length) != SECSuccess)
-        return k5_nss_map_last_error();
-    return 0;
+    return k5_nss_prng_add_entropy(context, indata);
 }
 
-static void
-nss_cleanup (void)
+krb5_error_code KRB5_CALLCONV
+krb5_c_random_make_octets(krb5_context context, krb5_data *outdata)
 {
+    return k5_nss_prng_make_octets(context, outdata);
 }
-
-const struct krb5_prng_provider krb5int_prng_nss = {
-    "nss",
-    nss_make_octets,
-    nss_add_entropy,
-    nss_init,
-    nss_cleanup
-};
-#endif
similarity index 98%
rename from src/lib/crypto/krb/prng/fortuna/t_fortuna.c
rename to src/lib/crypto/krb/t_fortuna.c
index bd0002566f2192e65b62cc8b04275747b3cace22..14149b9d20a6a32f0cfb8b6331c07abca738245e 100644 (file)
@@ -56,6 +56,9 @@
  * or implied warranty.
  */
 
+#include "k5-int.h"
+#ifdef FORTUNA
+
 /* Include most of prng_fortuna.c so we can test the PRNG internals. */
 #define TEST
 #include "prng_fortuna.c"
@@ -163,3 +166,13 @@ main(int argc, char **argv)
     head_tail_test(st);
     return 0;
 }
+
+#else /* FORTUNA */
+
+int
+main()
+{
+    return 0;
+}
+
+#endif /* FORTUNA */
index a1d587887b5017f83a41814c4dfbe35da4dc2d43..c2a2e4e9c669252ae24070378168734b4d57d6e9 100644 (file)
@@ -21,16 +21,19 @@ DEFS=
 STLIBOBJS=\
        hmac.o  \
        pbkdf2.o \
+       prng.o \
        stubs.o
 
 OBJS=\
        $(OUTPRE)hmac.$(OBJEXT) \
        $(OUTPRE)pbkdf2.$(OBJEXT) \
+       $(OUTPRE)prng.$(OBJEXT) \
        $(OUTPRE)stubs.$(OBJEXT)
 
 SRCS=\
        $(srcdir)/hmac.c        \
        $(srcdir)/pbkdf2.c      \
+       $(srcdir)/prng.c        \
        $(srcdir)/stubs.c
 
 STOBJLISTS= des/OBJS.ST md4/OBJS.ST    \
similarity index 75%
rename from src/lib/crypto/krb/prng/nss/prng_nss.h
rename to src/lib/crypto/nss/nss_prng.h
index 3a23be5a12e01da4cc3897839b2f1a87a12deea3..11bf9edc1be5b7e8b93c97421e2f0a4d4d57ce57 100644 (file)
@@ -1,9 +1,8 @@
 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/nss/nss_prng.h - Declarations for NSS PRNG wrappers */
 /*
- * lib/crypto/krb/prng/nss/prng_nss.h
- *
- * Copyright 2010 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
+ * Copyright (C) 2011 by the Massachusetts Institute of Technology.
+ * All rights reserved.
  *
  * Export of this software from the United States of America may
  *   require a specific license from the United States Government.
  * or implied warranty.
  */
 
-#ifndef PRNG_NSS_H
-#define PRNG_NSS_H
+#ifndef NSS_PRNG_H
+#define NSS_PRNG_H
 
-#include "k5-int.h"
-#include "prng.h"
+krb5_error_code
+k5_nss_prng_add_entropy(krb5_context context, const krb5_data *indata);
 
-extern const struct krb5_prng_provider krb5int_prng_nss;
+krb5_error_code
+k5_nss_prng_make_octets(krb5_context context, krb5_data *outdata);
 
-#endif
+#endif /* NSS_PRNG_H */
diff --git a/src/lib/crypto/nss/prng.c b/src/lib/crypto/nss/prng.c
new file mode 100644 (file)
index 0000000..6103917
--- /dev/null
@@ -0,0 +1,57 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/nss/prng.c - NSS prng functions */
+/*
+ * Copyright (C) 2011 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "nss_gen.h"
+#include "nss_prng.h"
+#include <pk11pub.h>
+
+krb5_error_code
+k5_nss_prng_add_entropy(krb5_context context, const krb5_data *indata)
+{
+    krb5_error_code ret;
+
+    ret = k5_nss_init();
+    if (ret)
+        return ret;
+    if (PK11_RandomUpdate(indata->data, indata->length) != SECSuccess)
+        return k5_nss_map_last_error();
+    return 0;
+}
+
+krb5_error_code
+k5_nss_prng_make_octets(krb5_context context, krb5_data *outdata)
+{
+    krb5_error_code ret;
+
+    ret = k5_nss_init();
+    if (ret)
+        return ret;
+    if (PK11_GenerateRandom((unsigned char *)outdata->data,
+                            outdata->length) != SECSuccess)
+        return k5_nss_map_last_error();
+    return 0;
+}