Be friendly to krb5_generate_random_block consumers
Allow them to disable the EGD/profile access and the use of a random seed file. These facilities are not tenable when running in the kernel.
This commit is contained in:

committed by
Nicolas Williams

parent
2107924b37
commit
5dfaa0d10b
@@ -80,6 +80,7 @@ while(<>) {
|
||||
if ("$(DIR_hdbdir)") { print "#define HDB_DB_DIR \"".'$(DIR_hdbdir)'."\"\n"; }
|
||||
if ("$(HAVE_MSLSA_CACHE)") { print "#define HAVE_MSLSA_CACHE 1\n"; }
|
||||
if ("$(NO_LOCALNAME)") { print "#define NO_LOCALNAME 1\n"; }
|
||||
if ("$(NO_RAND_EGD_METHOD)") { print "#define NO_RAND_EGD_METHOD 1\n"; }
|
||||
|
||||
} elsif (m/\@VERSION_OPTDEFS\@/) {
|
||||
|
||||
|
@@ -40,6 +40,7 @@ static HEIMDAL_MUTEX crypto_mutex = HEIMDAL_MUTEX_INITIALIZER;
|
||||
static int
|
||||
seed_something(void)
|
||||
{
|
||||
#ifndef NO_RANDFILE
|
||||
char buf[1024], seedfile[256];
|
||||
|
||||
/* If there is a seed file, load it. But such a file cannot be trusted,
|
||||
@@ -58,11 +59,12 @@ seed_something(void)
|
||||
seedfile[0] = '\0';
|
||||
} else
|
||||
seedfile[0] = '\0';
|
||||
#endif
|
||||
|
||||
/* Calling RAND_status() will try to use /dev/urandom if it exists so
|
||||
we do not have to deal with it. */
|
||||
if (RAND_status() != 1) {
|
||||
#ifndef _WIN32
|
||||
#ifndef NO_RAND_EGD_METHOD
|
||||
krb5_context context;
|
||||
const char *p;
|
||||
|
||||
@@ -81,9 +83,11 @@ seed_something(void)
|
||||
}
|
||||
|
||||
if (RAND_status() == 1) {
|
||||
#ifndef NO_RANDFILE
|
||||
/* Update the seed file */
|
||||
if (seedfile[0])
|
||||
RAND_write_file(seedfile);
|
||||
#endif
|
||||
|
||||
return 0;
|
||||
} else
|
||||
|
@@ -87,6 +87,9 @@ WEAK_CRYPTO=1
|
||||
# Disable use of GSS LOCALNAME support
|
||||
NO_LOCALNAME=1
|
||||
|
||||
# No entropy-gathering daemon on Windows
|
||||
NO_RAND_EGD_METHOD=1
|
||||
|
||||
# Disable build of installers
|
||||
!ifndef NO_INSTALLERS
|
||||
BUILD_INSTALLERS=1
|
||||
|
Reference in New Issue
Block a user