Be friendly to krb5_generate_random_block consumers

Allow them to disable the EGD/profile access and the use of a
random seed file.

These facilities are not tenable when running in the kernel.
This commit is contained in:
Ben Kaduk
2013-07-02 10:59:45 -04:00
committed by Nicolas Williams
parent 2107924b37
commit 5dfaa0d10b
3 changed files with 9 additions and 1 deletions

View File

@@ -80,6 +80,7 @@ while(<>) {
if ("$(DIR_hdbdir)") { print "#define HDB_DB_DIR \"".'$(DIR_hdbdir)'."\"\n"; }
if ("$(HAVE_MSLSA_CACHE)") { print "#define HAVE_MSLSA_CACHE 1\n"; }
if ("$(NO_LOCALNAME)") { print "#define NO_LOCALNAME 1\n"; }
if ("$(NO_RAND_EGD_METHOD)") { print "#define NO_RAND_EGD_METHOD 1\n"; }
} elsif (m/\@VERSION_OPTDEFS\@/) {

View File

@@ -40,6 +40,7 @@ static HEIMDAL_MUTEX crypto_mutex = HEIMDAL_MUTEX_INITIALIZER;
static int
seed_something(void)
{
#ifndef NO_RANDFILE
char buf[1024], seedfile[256];
/* If there is a seed file, load it. But such a file cannot be trusted,
@@ -58,11 +59,12 @@ seed_something(void)
seedfile[0] = '\0';
} else
seedfile[0] = '\0';
#endif
/* Calling RAND_status() will try to use /dev/urandom if it exists so
we do not have to deal with it. */
if (RAND_status() != 1) {
#ifndef _WIN32
#ifndef NO_RAND_EGD_METHOD
krb5_context context;
const char *p;
@@ -81,9 +83,11 @@ seed_something(void)
}
if (RAND_status() == 1) {
#ifndef NO_RANDFILE
/* Update the seed file */
if (seedfile[0])
RAND_write_file(seedfile);
#endif
return 0;
} else

View File

@@ -87,6 +87,9 @@ WEAK_CRYPTO=1
# Disable use of GSS LOCALNAME support
NO_LOCALNAME=1
# No entropy-gathering daemon on Windows
NO_RAND_EGD_METHOD=1
# Disable build of installers
!ifndef NO_INSTALLERS
BUILD_INSTALLERS=1