From: Greg Hudson Date: Fri, 25 Feb 2011 17:23:54 +0000 (+0000) Subject: Now that all PRNG modules fit nicely into a single source file, X-Git-Tag: krb5-1.10-alpha1~572 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=ef7fa87854b1bb71e05884356e4129e200a58529;p=krb5.git Now that all PRNG modules fit nicely into a single source file, simplify the PRNG abstraction, flattening the implementations into crypto/krb and removing the indirection through function pointers. Move the guts of the NSS PRNG implementation into the nss subdir so that crypto/krb doesn't need to be built with CRYPTO_IMPL_CFLAGS. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24661 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/configure.in b/src/configure.in index 1220f96c6..1d93baa4a 100644 --- a/src/configure.in +++ b/src/configure.in @@ -1123,8 +1123,7 @@ V5_AC_OUTPUT_MAKEFILE(. lib/crypto/krb/old lib/crypto/krb/raw lib/crypto/$CRYPTO_IMPL/sha1 lib/crypto/$CRYPTO_IMPL/sha2 - lib/crypto/krb/arcfour lib/crypto/krb/prng - lib/crypto/krb/prng/$PRNG_ALG + lib/crypto/krb/arcfour lib/crypto/$CRYPTO_IMPL/aes lib/crypto/$CRYPTO_IMPL/camellia lib/crypto/crypto_tests diff --git a/src/lib/crypto/Makefile.in b/src/lib/crypto/Makefile.in index 6016e5fd5..8559653c4 100644 --- a/src/lib/crypto/Makefile.in +++ b/src/lib/crypto/Makefile.in @@ -22,8 +22,7 @@ STOBJLISTS=krb/crc32/OBJS.ST krb/dk/OBJS.ST \ $(CRYPTO_IMPL)/enc_provider/OBJS.ST \ $(CRYPTO_IMPL)/hash_provider/OBJS.ST \ krb/checksum/OBJS.ST krb/prf/OBJS.ST krb/rand2key/OBJS.ST \ - krb/old/OBJS.ST krb/raw/OBJS.ST krb/prng/OBJS.ST \ - krb/prng/$(PRNG_ALG)/OBJS.ST \ + krb/old/OBJS.ST krb/raw/OBJS.ST \ $(CRYPTO_IMPL)/md4/OBJS.ST $(CRYPTO_IMPL)/md5/OBJS.ST \ $(CRYPTO_IMPL)/sha1/OBJS.ST \ $(CRYPTO_IMPL)/sha2/OBJS.ST \ @@ -36,8 +35,7 @@ SUBDIROBJLISTS=krb/crc32/OBJS.ST krb/dk/OBJS.ST \ $(CRYPTO_IMPL)/enc_provider/OBJS.ST \ $(CRYPTO_IMPL)/hash_provider/OBJS.ST \ krb/checksum/OBJS.ST krb/prf/OBJS.ST krb/rand2key/OBJS.ST \ - krb/old/OBJS.ST krb/raw/OBJS.ST krb/prng/OBJS.ST \ - krb/prng/$(PRNG_ALG)/OBJS.ST \ + krb/old/OBJS.ST krb/raw/OBJS.ST \ $(CRYPTO_IMPL)/md4/OBJS.ST $(CRYPTO_IMPL)/md5/OBJS.ST \ $(CRYPTO_IMPL)/sha1/OBJS.ST \ $(CRYPTO_IMPL)/sha2/OBJS.ST \ @@ -59,8 +57,8 @@ SHLIB_LIBDIRS= @SHLIB_LIBDIRS@ SHLIB_RDIRS=$(KRB5_LIBDIR) ##DOS##LIBNAME=$(OUTPRE)crypto.lib -##DOS##OBJFILEDEP=$(OUTPRE)crc32.lst $(OUTPRE)rand2key.lst $(OUTPRE)fortuna.lst $(OUTPRE)prng.lst $(OUTPRE)prf.lst $(OUTPRE)checksum.lst $(OUTPRE)krb.lst $(OUTPRE)old.lst $(OUTPRE)raw.lst $(OUTPRE)arcfour.lst $(OUTPRE)dk.lst $(OUTPRE)aes.lst $(OUTPRE)enc_provider.lst $(OUTPRE)des.lst $(OUTPRE)md5.lst $(OUTPRE)camellia.lst $(OUTPRE)md4.lst $(OUTPRE)hash_provider.lst $(OUTPRE)sha2.lst $(OUTPRE)sha1.lst $(OUTPRE)builtin.lst -##DOS##OBJFILELIST=@$(OUTPRE)crc32.lst @$(OUTPRE)rand2key.lst @$(OUTPRE)fortuna.lst @$(OUTPRE)prng.lst @$(OUTPRE)prf.lst @$(OUTPRE)checksum.lst @$(OUTPRE)krb.lst @$(OUTPRE)old.lst @$(OUTPRE)raw.lst @$(OUTPRE)arcfour.lst @$(OUTPRE)dk.lst @$(OUTPRE)aes.lst @$(OUTPRE)enc_provider.lst @$(OUTPRE)des.lst @$(OUTPRE)md5.lst @$(OUTPRE)camellia.lst @$(OUTPRE)md4.lst @$(OUTPRE)hash_provider.lst @$(OUTPRE)sha2.lst @$(OUTPRE)sha1.lst @$(OUTPRE)builtin.lst +##DOS##OBJFILEDEP=$(OUTPRE)crc32.lst $(OUTPRE)rand2key.lst $(OUTPRE)prf.lst $(OUTPRE)checksum.lst $(OUTPRE)krb.lst $(OUTPRE)old.lst $(OUTPRE)raw.lst $(OUTPRE)arcfour.lst $(OUTPRE)dk.lst $(OUTPRE)aes.lst $(OUTPRE)enc_provider.lst $(OUTPRE)des.lst $(OUTPRE)md5.lst $(OUTPRE)camellia.lst $(OUTPRE)md4.lst $(OUTPRE)hash_provider.lst $(OUTPRE)sha2.lst $(OUTPRE)sha1.lst $(OUTPRE)builtin.lst +##DOS##OBJFILELIST=@$(OUTPRE)crc32.lst @$(OUTPRE)rand2key.lst @$(OUTPRE)prf.lst @$(OUTPRE)checksum.lst @$(OUTPRE)krb.lst @$(OUTPRE)old.lst @$(OUTPRE)raw.lst @$(OUTPRE)arcfour.lst @$(OUTPRE)dk.lst @$(OUTPRE)aes.lst @$(OUTPRE)enc_provider.lst @$(OUTPRE)des.lst @$(OUTPRE)md5.lst @$(OUTPRE)camellia.lst @$(OUTPRE)md4.lst @$(OUTPRE)hash_provider.lst @$(OUTPRE)sha2.lst @$(OUTPRE)sha1.lst @$(OUTPRE)builtin.lst all-unix:: all-liblinks install-unix:: install-libs diff --git a/src/lib/crypto/krb/Makefile.in b/src/lib/crypto/krb/Makefile.in index 29c8897a9..9692fd278 100644 --- a/src/lib/crypto/krb/Makefile.in +++ b/src/lib/crypto/krb/Makefile.in @@ -1,18 +1,18 @@ mydir=lib$(S)crypto$(S)krb BUILDTOP=$(REL)..$(S)..$(S).. -SUBDIRS= arcfour checksum crc32 dk prf rand2key old raw prng +SUBDIRS= arcfour checksum crc32 dk prf rand2key old raw LOCALINCLUDES = -I$(srcdir) -I$(srcdir)/../$(CRYPTO_IMPL)/enc_provider \ -I$(srcdir)/dk -I$(srcdir)/../$(CRYPTO_IMPL)/hash_provider \ -I$(srcdir)/prf -I$(srcdir)/rand2key \ -I$(srcdir)/old -I$(srcdir)/raw \ - -I$(srcdir)/prng \ - -I$(srcdir)/prng/$(PRNG_ALG) \ -I$(srcdir)/../$(CRYPTO_IMPL) \ -I$(srcdir)/../$(CRYPTO_IMPL)/des \ -I$(srcdir)/../$(CRYPTO_IMPL)/aes -I$(srcdir)/arcfour \ + -I$(srcdir)/../$(CRYPTO_IMPL)/sha2 \ -I$(srcdir)/../$(CRYPTO_IMPL)/camellia \ -I$(srcdir)/../$(CRYPTO_IMPL)/sha1 \ -I$(srcdir)/../$(CRYPTO_IMPL) +RUN_SETUP = @KRB5_RUN_ENV@ PROG_LIBPATH=-L$(TOPLIBD) PROG_RPATH=$(KRB5_LIBDIR) DEFS= @@ -55,6 +55,8 @@ STLIBOBJS=\ nfold.o \ old_api_glue.o \ prf.o \ + prng.o \ + prng_$(PRNG_ALG).o \ random_to_key.o \ state.o \ string_to_cksumtype.o \ @@ -94,6 +96,8 @@ OBJS=\ $(OUTPRE)nfold.$(OBJEXT) \ $(OUTPRE)old_api_glue.$(OBJEXT) \ $(OUTPRE)prf.$(OBJEXT) \ + $(OUTPRE)prng.$(OBJEXT) \ + $(OUTPRE)prng_$(PRNG_ALG).$(OBJEXT) \ $(OUTPRE)random_to_key.$(OBJEXT) \ $(OUTPRE)state.$(OBJEXT) \ $(OUTPRE)string_to_cksumtype.$(OBJEXT) \ @@ -132,6 +136,8 @@ SRCS=\ $(srcdir)/nfold.c \ $(srcdir)/old_api_glue.c \ $(srcdir)/prf.c \ + $(srcdir)/prng.c \ + $(srcdir)/prng_$(PRNG_ALG).c \ $(srcdir)/cf2.c \ $(srcdir)/random_to_key.c \ $(srcdir)/state.c \ @@ -143,11 +149,11 @@ SRCS=\ STOBJLISTS=arcfour/OBJS.ST checksum/OBJS.ST crc32/OBJS.ST \ dk/OBJS.ST prf/OBJS.ST rand2key/OBJS.ST \ - old/OBJS.ST raw/OBJS.ST prng/$(PRNG_ALG)/OBJS.ST prng/OBJS.ST OBJS.ST + old/OBJS.ST raw/OBJS.ST OBJS.ST SUBDIROBJLISTS=arcfour/OBJS.ST checksum/OBJS.ST crc32/OBJS.ST \ dk/OBJS.ST prf/OBJS.ST rand2key/OBJS.ST \ - old/OBJS.ST raw/OBJS.ST prng/$(PRNG_ALG)/OBJS.ST prng/OBJS.ST + old/OBJS.ST raw/OBJS.ST ##DOS##LIBOBJS = $(OBJS) @@ -156,6 +162,15 @@ includes:: depend depend:: $(SRCS) +check-unix:: t_fortuna + if [ $(PRNG_ALG) = fortuna ]; then \ + $(RUN_SETUP) $(VALGRIND) ./t_fortuna > t_fortuna.output; \ + cmp t_fortuna.output $(srcdir)/t_fortuna.expected; \ + fi + +t_fortuna: t_fortuna.o $(SUPPORT_DEPLIB) $(CRYPTO_DEPLIB) + $(CC_LINK) -o t_fortuna t_fortuna.o $(K5CRYPTO_LIB) $(SUPPORT_LIB) + clean-unix:: clean-libobjs @lib_frag@ diff --git a/src/lib/crypto/krb/crypto_libinit.c b/src/lib/crypto/krb/crypto_libinit.c index b94a01cc0..f97713501 100644 --- a/src/lib/crypto/krb/crypto_libinit.c +++ b/src/lib/crypto/krb/crypto_libinit.c @@ -1,13 +1,11 @@ /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ #include #include "k5-int.h" +#include "prng.h" MAKE_INIT_FUNCTION(cryptoint_initialize_library); MAKE_FINI_FUNCTION(cryptoint_cleanup_library); -extern int krb5int_prng_init(void); -extern void krb5int_prng_cleanup (void); - /* * Initialize the crypto library. */ @@ -15,7 +13,7 @@ extern void krb5int_prng_cleanup (void); int cryptoint_initialize_library (void) { int err; - err = krb5int_prng_init(); + err = k5_prng_init(); if (err) return err; return krb5int_crypto_impl_init(); @@ -34,6 +32,6 @@ void cryptoint_cleanup_library (void) { if (!INITIALIZER_RAN(cryptoint_initialize_library)) return; - krb5int_prng_cleanup(); + k5_prng_cleanup(); krb5int_crypto_impl_cleanup(); } diff --git a/src/lib/crypto/krb/prng/prng.c b/src/lib/crypto/krb/prng.c similarity index 80% rename from src/lib/crypto/krb/prng/prng.c rename to src/lib/crypto/krb/prng.c index d2bafa57a..b65223b8b 100644 --- a/src/lib/crypto/krb/prng/prng.c +++ b/src/lib/crypto/krb/prng.c @@ -26,62 +26,13 @@ #include "prng.h" -#ifdef FORTUNA -extern struct krb5_prng_provider krb5int_prng_fortuna; -const struct krb5_prng_provider *prng = &krb5int_prng_fortuna; -#elif defined(CRYPTO_IMPL_NSS) -#include "prng_nss.h" -const struct krb5_prng_provider *prng = &krb5int_prng_nss; -#endif - -/* - * krb5int_prng_init - Returns 0 on success - */ -int -krb5int_prng_init(void) -{ - return prng->init(); -} - -/* - * krb5_c_random_add_entropy - Returns 0 on success - */ -krb5_error_code KRB5_CALLCONV -krb5_c_random_add_entropy(krb5_context context, unsigned int randsource, - const krb5_data *data) -{ - return prng->add_entropy(context, randsource, data); -} - -/* - * krb5_c_random_seed - Returns 0 on success - */ krb5_error_code KRB5_CALLCONV krb5_c_random_seed(krb5_context context, krb5_data *data) { return krb5_c_random_add_entropy(context, KRB5_C_RANDSOURCE_OLDAPI, data); } -/* - * krb5_c_random_make_octets - Returns 0 on success - */ -krb5_error_code KRB5_CALLCONV -krb5_c_random_make_octets(krb5_context context, krb5_data *data) -{ - return prng->make_octets(context, data); -} - -void -krb5int_prng_cleanup(void) -{ - prng->cleanup(); -} - - -/* - * Routines to get entropy from the OS. For UNIX we try /dev/urandom - * and /dev/random. Currently we don't do anything for Windows. - */ +/* Routines to get entropy from the OS. */ #if defined(_WIN32) krb5_boolean diff --git a/src/lib/crypto/krb/prng/prng.h b/src/lib/crypto/krb/prng.h similarity index 72% rename from src/lib/crypto/krb/prng/prng.h rename to src/lib/crypto/krb/prng.h index 728035551..f75d5f731 100644 --- a/src/lib/crypto/krb/prng/prng.h +++ b/src/lib/crypto/krb/prng.h @@ -1,7 +1,6 @@ /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +/* lib/crypto/krb/prng.h - Header for PRNG modules */ /* - * lib/crypto/krb/prng/prng.h - * * Copyright 2010 by the Massachusetts Institute of Technology. * All Rights Reserved. * @@ -31,17 +30,19 @@ #include "k5-int.h" -/* Used by PRNG implementations to gather OS entropy. Returns true on - * success. */ -krb5_boolean k5_get_os_entropy(unsigned char *buf, size_t len); +/* + * PRNG modules must implement the following APIs from krb5.h: + * krb5_c_random_add_entropy + * krb5_c_random_make_octets + * + * PRNG modules should implement these functions. They are called from the + * crypto library init and cleanup functions, and can be used to setup and tear + * down static state without thread safety concerns. + */ +int k5_prng_init(void); +void k5_prng_cleanup(void); -/* prng.h */ -struct krb5_prng_provider { - char prng_name[8]; - krb5_error_code (*make_octets)(krb5_context, krb5_data *); - krb5_error_code (*add_entropy)(krb5_context, unsigned int randsource, const krb5_data*); - int (*init)(void); - void (*cleanup)(void); -}; +/* Used by PRNG modules to gather OS entropy. Returns true on success. */ +krb5_boolean k5_get_os_entropy(unsigned char *buf, size_t len); #endif diff --git a/src/lib/crypto/krb/prng/Makefile.in b/src/lib/crypto/krb/prng/Makefile.in deleted file mode 100644 index 843fdd2f2..000000000 --- a/src/lib/crypto/krb/prng/Makefile.in +++ /dev/null @@ -1,46 +0,0 @@ -mydir=lib$(S)crypto$(S)krb$(S)prng -BUILDTOP=$(REL)..$(S)..$(S)..$(S).. -SUBDIRS= $(PRNG_ALG) -LOCALINCLUDES = -I$(srcdir) -I$(srcdir)/../../$(CRYPTO_IMPL)/enc_provider \ - -I$(srcdir)/../../$(CRYPTO_IMPL)/hash_provider \ - -I$(srcdir)/$(PRNG_ALG) \ - -I$(srcdir)/../../$(CRYPTO_IMPL)/ \ - -I$(srcdir)/../../$(CRYPTO_IMPL)/aes \ - -I$(srcdir)/../../$(CRYPTO_IMPL)/sha1 -I$(srcdir)/../../$(CRYPTO_IMPL)/sha2 -PROG_LIBPATH=-L$(TOPLIBD) -PROG_RPATH=$(KRB5_LIBDIR) -DEFS= - -##DOS##BUILDTOP = ..\..\..\.. -##DOS##PREFIXDIR = krb\prng -##DOS##OBJFILE = ..\..\$(OUTPRE)prng.lst - -PROG_LIBPATH=-L$(TOPLIBD) -PROG_RPATH=$(KRB5_LIBDIR) - -STLIBOBJS=\ - prng.o - -OBJS=\ - $(OUTPRE)prng.$(OBJEXT) - -SRCS=\ - $(srcdir)/prng.c - -##DOS##LIBOBJS = $(OBJS) - -STOBJLISTS= OBJS.ST $(PRNG_ALG)/OBJS.ST - -SUBDIROBJLISTS= $(PRNG_ALG)/OBJS.ST - - -all-unix:: all-libobjs -includes:: depend - -depend:: $(SRCS) - -clean-unix:: clean-libobjs - -@lib_frag@ -@libobj_frag@ - diff --git a/src/lib/crypto/krb/prng/deps b/src/lib/crypto/krb/prng/deps deleted file mode 100644 index ca2553a50..000000000 --- a/src/lib/crypto/krb/prng/deps +++ /dev/null @@ -1,14 +0,0 @@ -# -# Generated makefile dependencies follow. -# -prng.so prng.po $(OUTPRE)prng.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \ - $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ - $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ - $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ - $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ - $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ - $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \ - $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ - prng.c prng.h diff --git a/src/lib/crypto/krb/prng/fortuna/Makefile.in b/src/lib/crypto/krb/prng/fortuna/Makefile.in deleted file mode 100644 index 1ff36718c..000000000 --- a/src/lib/crypto/krb/prng/fortuna/Makefile.in +++ /dev/null @@ -1,48 +0,0 @@ -mydir=lib$(S)crypto$(S)krb$(S)prng$(S)fortuna -BUILDTOP=$(REL)..$(S)..$(S)..$(S)..$(S).. -LOCALINCLUDES = -I$(srcdir)/.. -I$(srcdir)/../.. \ - -I$(srcdir)/../../../$(CRYPTO_IMPL) \ - -I$(srcdir)/../../../$(CRYPTO_IMPL)/sha2 \ - -I$(srcdir)/../../../$(CRYPTO_IMPL)/aes \ - -I$(srcdir)/../../../$(CRYPTO_IMPL)/enc_provider -DEFS= -RUN_SETUP = @KRB5_RUN_ENV@ -PROG_LIBPATH=-L$(TOPLIBD) -PROG_RPATH=$(KRB5_LIBDIR) - -##DOS##BUILDTOP = ..\..\..\..\.. -##DOS##PREFIXDIR = krb\prng\fortuna -##DOS##OBJFILE = ..\..\..\$(OUTPRE)fortuna.lst - -STLIBOBJS= \ - prng_fortuna.o -OBJS= \ - $(OUTPRE)prng_fortuna.$(OBJEXT) - -SRCS=\ - $(srcdir)/prng_fortuna.c - -##DOS##LIBOBJS = $(OBJS) - -all-unix:: all-libobjs - -includes:: depend - -depend:: $(SRCS) - -t_fortuna: t_fortuna.$(OBJEXT) $(SUPPORT_DEPLIB) - $(CC_LINK) -o t_fortuna t_fortuna.$(OBJEXT) -lcom_err $(SUPPORT_LIB) \ - $(CRYPTO_DEPLIB) - -check-unix:: t_fortuna - $(RUN_SETUP) $(VALGRIND) ./t_fortuna >t_fortuna.output - cmp t_fortuna.output $(srcdir)/t_fortuna.expected - -clean:: - $(RM) t_fortuna t_fortuna.$(OBJEXT) - -clean-unix:: clean-libobjs - -@lib_frag@ -@libobj_frag@ - diff --git a/src/lib/crypto/krb/prng/fortuna/deps b/src/lib/crypto/krb/prng/fortuna/deps deleted file mode 100644 index 2518c95c3..000000000 --- a/src/lib/crypto/krb/prng/fortuna/deps +++ /dev/null @@ -1,17 +0,0 @@ -# -# Generated makefile dependencies follow. -# -prng_fortuna.so prng_fortuna.po $(OUTPRE)prng_fortuna.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(srcdir)/../../../builtin/aes/aes.h \ - $(srcdir)/../../../builtin/aes/uitypes.h $(srcdir)/../../../builtin/enc_provider/enc_provider.h \ - $(srcdir)/../../../builtin/sha2/sha2.h $(srcdir)/../prng.h \ - $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ - $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ - $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ - $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ - $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ - $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ - $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \ - $(top_srcdir)/include/socket-utils.h prng_fortuna.c diff --git a/src/lib/crypto/krb/prng/nss/Makefile.in b/src/lib/crypto/krb/prng/nss/Makefile.in deleted file mode 100644 index a02607672..000000000 --- a/src/lib/crypto/krb/prng/nss/Makefile.in +++ /dev/null @@ -1,32 +0,0 @@ -mydir=lib$(S)crypto$(S)krb$(S)prng$(S)nss -BUILDTOP=$(REL)..$(S)..$(S)..$(S)..$(S).. -CRYPTO_IMPL_CFLAGS=@CRYPTO_IMPL_CFLAGS@ -LOCALINCLUDES = -I$(srcdir)/.. -I$(srcdir)/../.. \ - -I$(srcdir)/../../../$(CRYPTO_IMPL) $(CRYPTO_IMPL_CFLAGS) -DEFS= - -PROG_LIBPATH=-L$(TOPLIBD) -PROG_RPATH=$(KRB5_LIBDIR) - -STLIBOBJS= prng_nss.o -OBJS= \ - $(OUTPRE)prng_nss.$(OBJEXT) - -SRCS=\ - $(srcdir)/prng_nss.c - -all-unix:: all-libobjs - -includes:: depend - -depend:: $(SRCS) - -clean:: - $(RM) t_nss$(EXEEXT) t_nss.$(OBJEXT) t_nss_make_oct.result t_nss_make_oct$(EXEEXT) t_nss_make_oct.$(OBJEXT) - - -clean-unix:: clean-libobjs - -@lib_frag@ -@libobj_frag@ - diff --git a/src/lib/crypto/krb/prng/nss/deps b/src/lib/crypto/krb/prng/nss/deps deleted file mode 100644 index b75e678ab..000000000 --- a/src/lib/crypto/krb/prng/nss/deps +++ /dev/null @@ -1,17 +0,0 @@ -# -# Generated makefile dependencies follow. -# -prng_nss.so prng_nss.po $(OUTPRE)prng_nss.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../../builtin/aes/aes.h \ - $(srcdir)/../prng.h \ - $(top_srcdir)/include/k5-buf.h \ - $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ - $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ - $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ - $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ - $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ - $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \ - $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ - prng_nss.c prng_nss.h - diff --git a/src/lib/crypto/krb/prng/fortuna/prng_fortuna.c b/src/lib/crypto/krb/prng_fortuna.c similarity index 96% rename from src/lib/crypto/krb/prng/fortuna/prng_fortuna.c rename to src/lib/crypto/krb/prng_fortuna.c index a1ff73035..03cec2544 100644 --- a/src/lib/crypto/krb/prng/fortuna/prng_fortuna.c +++ b/src/lib/crypto/krb/prng_fortuna.c @@ -354,8 +354,8 @@ static struct fortuna_state main_state; static pid_t last_pid; static krb5_boolean have_entropy = FALSE; -static int -fortuna_init(void) +int +k5_prng_init(void) { krb5_error_code ret = 0; unsigned char osbuf[64]; @@ -374,17 +374,17 @@ fortuna_init(void) return 0; } -static void -fortuna_cleanup(void) +void +k5_prng_cleanup(void) { have_entropy = FALSE; zap(&main_state, sizeof(main_state)); k5_mutex_destroy(&fortuna_lock); } -static krb5_error_code -fortuna_add_entropy(krb5_context context, unsigned int randsource, - const krb5_data *indata) +krb5_error_code KRB5_CALLCONV +krb5_c_random_add_entropy(krb5_context context, unsigned int randsource, + const krb5_data *indata) { krb5_error_code ret; @@ -411,8 +411,8 @@ fortuna_add_entropy(krb5_context context, unsigned int randsource, return 0; } -static krb5_error_code -fortuna_make_octets(krb5_context context, krb5_data *outdata) +krb5_error_code KRB5_CALLCONV +krb5_c_random_make_octets(krb5_context context, krb5_data *outdata) { krb5_error_code ret; pid_t pid = getpid(); @@ -438,12 +438,4 @@ fortuna_make_octets(krb5_context context, krb5_data *outdata) return 0; } -const struct krb5_prng_provider krb5int_prng_fortuna = { - "fortuna", - fortuna_make_octets, - fortuna_add_entropy, - fortuna_init, - fortuna_cleanup -}; - #endif /* not TEST */ diff --git a/src/lib/crypto/krb/prng/nss/prng_nss.c b/src/lib/crypto/krb/prng_nss.c similarity index 53% rename from src/lib/crypto/krb/prng/nss/prng_nss.c rename to src/lib/crypto/krb/prng_nss.c index 01eeb094f..4d2b9c4a0 100644 --- a/src/lib/crypto/krb/prng/nss/prng_nss.c +++ b/src/lib/crypto/krb/prng_nss.c @@ -30,63 +30,34 @@ #include #include "k5-thread.h" -#ifdef CRYPTO_IMPL_NSS - /* - * Using Fortuna with NSS is a bit problematic because the MD5 contexts it - * holds open for the entropy pools would be invalidated by a fork(), causing - * us to lose the entropy contained therein. - * - * Therefore, use the NSS PRNG if NSS is the crypto implementation. + * This PRNG module should be used whenever the NSS crypto implementation is + * used. The Fortuna module does not work with NSS because it needs to hold + * AES-256 and SHA-256 contexts across forks. */ -#include "../nss/nss_gen.h" -#include +#include "nss_prng.h" -static int -nss_init(void) +int +k5_prng_init(void) { return 0; } -static krb5_error_code -nss_add_entropy(krb5_context context, unsigned int randsource, - const krb5_data *data) +void +k5_prng_cleanup(void) { - krb5_error_code ret; - - ret = k5_nss_init(); - if (ret) - return ret; - if (PK11_RandomUpdate(data->data, data->length) != SECSuccess) - return k5_nss_map_last_error(); - return 0; } -static krb5_error_code -nss_make_octets(krb5_context context, krb5_data *data) +krb5_error_code KRB5_CALLCONV +krb5_c_random_add_entropy(krb5_context context, unsigned int randsource, + const krb5_data *indata) { - krb5_error_code ret; - - ret = k5_nss_init(); - if (ret) - return ret; - if (PK11_GenerateRandom((unsigned char *)data->data, - data->length) != SECSuccess) - return k5_nss_map_last_error(); - return 0; + return k5_nss_prng_add_entropy(context, indata); } -static void -nss_cleanup (void) +krb5_error_code KRB5_CALLCONV +krb5_c_random_make_octets(krb5_context context, krb5_data *outdata) { + return k5_nss_prng_make_octets(context, outdata); } - -const struct krb5_prng_provider krb5int_prng_nss = { - "nss", - nss_make_octets, - nss_add_entropy, - nss_init, - nss_cleanup -}; -#endif diff --git a/src/lib/crypto/krb/prng/fortuna/t_fortuna.c b/src/lib/crypto/krb/t_fortuna.c similarity index 98% rename from src/lib/crypto/krb/prng/fortuna/t_fortuna.c rename to src/lib/crypto/krb/t_fortuna.c index bd0002566..14149b9d2 100644 --- a/src/lib/crypto/krb/prng/fortuna/t_fortuna.c +++ b/src/lib/crypto/krb/t_fortuna.c @@ -56,6 +56,9 @@ * or implied warranty. */ +#include "k5-int.h" +#ifdef FORTUNA + /* Include most of prng_fortuna.c so we can test the PRNG internals. */ #define TEST #include "prng_fortuna.c" @@ -163,3 +166,13 @@ main(int argc, char **argv) head_tail_test(st); return 0; } + +#else /* FORTUNA */ + +int +main() +{ + return 0; +} + +#endif /* FORTUNA */ diff --git a/src/lib/crypto/krb/prng/fortuna/t_fortuna.expected b/src/lib/crypto/krb/t_fortuna.expected similarity index 100% rename from src/lib/crypto/krb/prng/fortuna/t_fortuna.expected rename to src/lib/crypto/krb/t_fortuna.expected diff --git a/src/lib/crypto/nss/Makefile.in b/src/lib/crypto/nss/Makefile.in index a1d587887..c2a2e4e9c 100644 --- a/src/lib/crypto/nss/Makefile.in +++ b/src/lib/crypto/nss/Makefile.in @@ -21,16 +21,19 @@ DEFS= STLIBOBJS=\ hmac.o \ pbkdf2.o \ + prng.o \ stubs.o OBJS=\ $(OUTPRE)hmac.$(OBJEXT) \ $(OUTPRE)pbkdf2.$(OBJEXT) \ + $(OUTPRE)prng.$(OBJEXT) \ $(OUTPRE)stubs.$(OBJEXT) SRCS=\ $(srcdir)/hmac.c \ $(srcdir)/pbkdf2.c \ + $(srcdir)/prng.c \ $(srcdir)/stubs.c STOBJLISTS= des/OBJS.ST md4/OBJS.ST \ diff --git a/src/lib/crypto/krb/prng/nss/prng_nss.h b/src/lib/crypto/nss/nss_prng.h similarity index 75% rename from src/lib/crypto/krb/prng/nss/prng_nss.h rename to src/lib/crypto/nss/nss_prng.h index 3a23be5a1..11bf9edc1 100644 --- a/src/lib/crypto/krb/prng/nss/prng_nss.h +++ b/src/lib/crypto/nss/nss_prng.h @@ -1,9 +1,8 @@ /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +/* lib/crypto/nss/nss_prng.h - Declarations for NSS PRNG wrappers */ /* - * lib/crypto/krb/prng/nss/prng_nss.h - * - * Copyright 2010 by the Massachusetts Institute of Technology. - * All Rights Reserved. + * Copyright (C) 2011 by the Massachusetts Institute of Technology. + * All rights reserved. * * Export of this software from the United States of America may * require a specific license from the United States Government. @@ -25,12 +24,13 @@ * or implied warranty. */ -#ifndef PRNG_NSS_H -#define PRNG_NSS_H +#ifndef NSS_PRNG_H +#define NSS_PRNG_H -#include "k5-int.h" -#include "prng.h" +krb5_error_code +k5_nss_prng_add_entropy(krb5_context context, const krb5_data *indata); -extern const struct krb5_prng_provider krb5int_prng_nss; +krb5_error_code +k5_nss_prng_make_octets(krb5_context context, krb5_data *outdata); -#endif +#endif /* NSS_PRNG_H */ diff --git a/src/lib/crypto/nss/prng.c b/src/lib/crypto/nss/prng.c new file mode 100644 index 000000000..61039171b --- /dev/null +++ b/src/lib/crypto/nss/prng.c @@ -0,0 +1,57 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +/* lib/crypto/nss/prng.c - NSS prng functions */ +/* + * Copyright (C) 2011 by the Massachusetts Institute of Technology. + * All rights reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ + +#include "k5-int.h" +#include "nss_gen.h" +#include "nss_prng.h" +#include + +krb5_error_code +k5_nss_prng_add_entropy(krb5_context context, const krb5_data *indata) +{ + krb5_error_code ret; + + ret = k5_nss_init(); + if (ret) + return ret; + if (PK11_RandomUpdate(indata->data, indata->length) != SECSuccess) + return k5_nss_map_last_error(); + return 0; +} + +krb5_error_code +k5_nss_prng_make_octets(krb5_context context, krb5_data *outdata) +{ + krb5_error_code ret; + + ret = k5_nss_init(); + if (ret) + return ret; + if (PK11_GenerateRandom((unsigned char *)outdata->data, + outdata->length) != SECSuccess) + return k5_nss_map_last_error(); + return 0; +}