From 4531ba725b82df5c1232d763eed82930b09ec234 Mon Sep 17 00:00:00 2001
From: Ken Raeburn <raeburn@mit.edu>
Date: Sat, 3 Mar 2001 22:02:00 +0000
Subject: [PATCH] init_os_ctx.c: On UNIX, seed PRNG with data from
 /dev/[u]random if available

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13050 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/lib/krb5/os/ChangeLog     |  7 ++++++
 src/lib/krb5/os/init_os_ctx.c | 41 +++++++++++++++++++++++++++++++++++
 2 files changed, 48 insertions(+)

diff --git a/src/lib/krb5/os/ChangeLog b/src/lib/krb5/os/ChangeLog
index 92b42a6b2..9fcc89b73 100644
--- a/src/lib/krb5/os/ChangeLog
+++ b/src/lib/krb5/os/ChangeLog
@@ -1,3 +1,10 @@
+2001-03-03  Ken Raeburn  <raeburn@mit.edu>
+
+	* init_os_ctx.c: If not Mac or Windows, define USE_RANDOM_DEVICE
+	and include sys/ioctl.h.
+	(krb5_os_init_context) [USE_RANDOM_DEVICE]: Read some bytes from
+	/dev/urandom or /dev/random and use them to re-seed the PRNG.
+
 2001-02-05  Tom Yu  <tlyu@mit.edu>
 
 	* prompter.c (krb5_prompter_posix): Fix up terminal modes if we're
diff --git a/src/lib/krb5/os/init_os_ctx.c b/src/lib/krb5/os/init_os_ctx.c
index 4168dfe46..f72d643f1 100644
--- a/src/lib/krb5/os/init_os_ctx.c
+++ b/src/lib/krb5/os/init_os_ctx.c
@@ -33,6 +33,11 @@
 #include <PreferencesLib.h>
 #endif /* macintosh */
 
+#if !defined(macintosh) && !defined(_MSDOS) && !defined(_WIN32)
+#define USE_RANDOM_DEVICE
+#include <sys/ioctl.h> /* for FIONBIO */
+#endif
+
 #if defined(_MSDOS) || defined(_WIN32)
 
 static krb5_error_code
@@ -443,6 +448,42 @@ krb5_os_init_context(ctx)
 	os_ctx->default_ccname = 0;
 	os_ctx->default_ccprincipal = 0;
 
+#ifdef USE_RANDOM_DEVICE
+	/* If the OS provides us with random or even pseudorandom
+	   data, use it.  It'll be far better than what we've got
+	   above, but not all systems provide it (yet).
+
+	   Typical setup seems to be /dev/urandom is pseudo-random, as
+	   good as the system can provide, but never blocking;
+	   /dev/random is supposedly truly random (the metrics are
+	   sometimes suspect), and may block.  */
+	{
+		char rndbytes[128];
+		krb5_data seed;
+		int tmp;
+
+		tmp = open ("/dev/urandom", O_RDONLY);
+		if (tmp == -1) {
+			int dontblock = 1;
+			tmp = open ("/dev/random", O_RDONLY);
+			(void) ioctl (tmp, FIONBIO, (char *) &dontblock);
+		}
+		if (tmp != -1) {
+			/* If this doesn't work, should we continue or
+			   report an error that'll cause all Kerberos
+			   programs to fail?  */
+			(void) read (tmp, &rndbytes, sizeof (rndbytes));
+			close (tmp);
+		}
+		/* Okay.  Take whatever we've got, and seed the
+		   PRNG.  */
+		seed.length = sizeof(rndbytes);
+		seed.data = (char *) &rndbytes;
+		if ((retval = krb5_c_random_seed(ctx, &seed)))
+			return retval;
+	}
+#endif
+
 	krb5_cc_set_default_name(ctx, NULL);
 
 	retval = os_init_paths(ctx);
-- 
2.26.2