From 5dfaa0d10b8320293e85387778adcdd043dfc1fe Mon Sep 17 00:00:00 2001
From: Ben Kaduk <kaduk@mit.edu>
Date: Tue, 2 Jul 2013 10:59:45 -0400
Subject: [PATCH] Be friendly to krb5_generate_random_block consumers

Allow them to disable the EGD/profile access and the use of a
random seed file.

These facilities are not tenable when running in the kernel.
---
 include/NTMakefile        | 1 +
 lib/krb5/crypto-rand.c    | 6 +++++-
 windows/NTMakefile.config | 3 +++
 3 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/include/NTMakefile b/include/NTMakefile
index 0086ee31a..2a6cfe07f 100644
--- a/include/NTMakefile
+++ b/include/NTMakefile
@@ -80,6 +80,7 @@ while(<>) {
     if ("$(DIR_hdbdir)") { print "#define HDB_DB_DIR \"".'$(DIR_hdbdir)'."\"\n"; }
     if ("$(HAVE_MSLSA_CACHE)") { print "#define HAVE_MSLSA_CACHE 1\n"; }
     if ("$(NO_LOCALNAME)") { print "#define NO_LOCALNAME 1\n"; }
+    if ("$(NO_RAND_EGD_METHOD)") { print "#define NO_RAND_EGD_METHOD 1\n"; }
 
   } elsif (m/\@VERSION_OPTDEFS\@/) {
 
diff --git a/lib/krb5/crypto-rand.c b/lib/krb5/crypto-rand.c
index 49bd67936..226009ca0 100644
--- a/lib/krb5/crypto-rand.c
+++ b/lib/krb5/crypto-rand.c
@@ -40,6 +40,7 @@ static HEIMDAL_MUTEX crypto_mutex = HEIMDAL_MUTEX_INITIALIZER;
 static int
 seed_something(void)
 {
+#ifndef NO_RANDFILE
     char buf[1024], seedfile[256];
 
     /* If there is a seed file, load it. But such a file cannot be trusted,
@@ -58,11 +59,12 @@ seed_something(void)
 	    seedfile[0] = '\0';
     } else
 	seedfile[0] = '\0';
+#endif
 
     /* Calling RAND_status() will try to use /dev/urandom if it exists so
        we do not have to deal with it. */
     if (RAND_status() != 1) {
-#ifndef _WIN32
+#ifndef NO_RAND_EGD_METHOD
 	krb5_context context;
 	const char *p;
 
@@ -81,9 +83,11 @@ seed_something(void)
     }
 
     if (RAND_status() == 1)	{
+#ifndef NO_RANDFILE
 	/* Update the seed file */
 	if (seedfile[0])
 	    RAND_write_file(seedfile);
+#endif
 
 	return 0;
     } else
diff --git a/windows/NTMakefile.config b/windows/NTMakefile.config
index 6fcf1fc56..7e7d454fa 100644
--- a/windows/NTMakefile.config
+++ b/windows/NTMakefile.config
@@ -87,6 +87,9 @@ WEAK_CRYPTO=1
 # Disable use of GSS LOCALNAME support
 NO_LOCALNAME=1
 
+# No entropy-gathering daemon on Windows
+NO_RAND_EGD_METHOD=1
+
 # Disable build of installers
 !ifndef NO_INSTALLERS
 BUILD_INSTALLERS=1