From 5e822947a9cc593baf2b8bcb69136f51607c7ef0 Mon Sep 17 00:00:00 2001 From: Ken Raeburn Date: Tue, 23 Nov 2004 03:15:12 +0000 Subject: [PATCH] KDC on Tru64 was hanging because of another case where Yarrow code assumes locks are recursive. Probably didn't trigger on Linux, Solaris, or NetBSD because they have /dev/random and Tru64 does not. * yarrow.c (yarrow_input_maybe_locking): Renamed from yarrow_input_maybe_locking, made static. New argument indicates whether or not to do locking. (krb5int_yarrow_input): New wrapper function. (yarrow_input_locked): New wrapper function. (Yarrow_detect_fork): Call yarrow_input_locked. ticket: 2755 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16903 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/crypto/yarrow/ChangeLog | 9 ++++++ src/lib/crypto/yarrow/yarrow.c | 50 +++++++++++++++++++++++++-------- 2 files changed, 47 insertions(+), 12 deletions(-) diff --git a/src/lib/crypto/yarrow/ChangeLog b/src/lib/crypto/yarrow/ChangeLog index 666ed1a64..f3e566664 100644 --- a/src/lib/crypto/yarrow/ChangeLog +++ b/src/lib/crypto/yarrow/ChangeLog @@ -1,3 +1,12 @@ +2004-11-22 Ken Raeburn + + * yarrow.c (yarrow_input_maybe_locking): Renamed from + yarrow_input_maybe_locking, made static. New argument indicates + whether or not to do locking. + (krb5int_yarrow_input): New wrapper function. + (yarrow_input_locked): New wrapper function. + (Yarrow_detect_fork): Call yarrow_input_locked. + 2004-11-15 Sam Hartman * ycipher.h: Use AES256 not 3des diff --git a/src/lib/crypto/yarrow/yarrow.c b/src/lib/crypto/yarrow/yarrow.c index ae55801c9..a619c5b2e 100644 --- a/src/lib/crypto/yarrow/yarrow.c +++ b/src/lib/crypto/yarrow/yarrow.c @@ -121,6 +121,11 @@ static void krb5int_yarrow_init_Limits(Yarrow_CTX* y) PRNG state */ #ifdef YARROW_DETECT_FORK +static int +yarrow_input_locked( Yarrow_CTX* y, unsigned source_id, + const void *sample, + size_t size, size_t entropy_bits ); + static int Yarrow_detect_fork(Yarrow_CTX *y) { pid_t newpid; @@ -135,12 +140,12 @@ static int Yarrow_detect_fork(Yarrow_CTX *y) * Then we reseed. This doesn't really increase entropy, but does make the * streams distinct assuming we already have good entropy*/ y->pid = newpid; - TRY (krb5int_yarrow_input (y, 0, &newpid, - sizeof (newpid), 0)); - TRY (krb5int_yarrow_input (y, 0, &newpid, - sizeof (newpid), 0)); - TRY (krb5int_yarrow_reseed (y, YARROW_FAST_POOL)); - } + TRY (yarrow_input_locked (y, 0, &newpid, + sizeof (newpid), 0)); + TRY (yarrow_input_locked (y, 0, &newpid, + sizeof (newpid), 0)); + TRY (krb5int_yarrow_reseed (y, YARROW_FAST_POOL)); + } CATCH: EXCEP_RET; @@ -241,10 +246,11 @@ int krb5int_yarrow_init(Yarrow_CTX* y, const char *filename) EXCEP_RET; } -YARROW_DLL -int krb5int_yarrow_input( Yarrow_CTX* y, unsigned source_id, - const void* sample, - size_t size, size_t entropy_bits ) +static +int yarrow_input_maybe_locking( Yarrow_CTX* y, unsigned source_id, + const void* sample, + size_t size, size_t entropy_bits, + int do_lock ) { EXCEP_DECL; int ret; @@ -264,8 +270,10 @@ int krb5int_yarrow_input( Yarrow_CTX* y, unsigned source_id, THROW( YARROW_BAD_SOURCE ); } - TRY( LOCK() ); - locked = 1; + if (do_lock) { + TRY( LOCK() ); + locked = 1; + } /* hash in the sample */ @@ -330,6 +338,24 @@ int krb5int_yarrow_input( Yarrow_CTX* y, unsigned source_id, EXCEP_RET; } +YARROW_DLL +int krb5int_yarrow_input( Yarrow_CTX* y, unsigned source_id, + const void* sample, + size_t size, size_t entropy_bits ) +{ + return yarrow_input_maybe_locking(y, source_id, sample, size, + entropy_bits, 1); +} + +static int +yarrow_input_locked( Yarrow_CTX* y, unsigned source_id, + const void *sample, + size_t size, size_t entropy_bits ) +{ + return yarrow_input_maybe_locking(y, source_id, sample, size, + entropy_bits, 0); +} + YARROW_DLL int krb5int_yarrow_new_source(Yarrow_CTX* y, unsigned* source_id) { -- 2.26.2