svn rev #24414: branches/nss/src/lib/crypto/krb/
ghudson@MIT.EDU
ghudson at MIT.EDU
Sat Oct 2 10:48:17 EDT 2010
http://src.mit.edu/fisheye/changelog/krb5/?cs=24414
Commit By: ghudson
Log Message:
Be more parsimonious with /dev/random when using the NSS PRNG.
Changed Files:
U branches/nss/src/lib/crypto/krb/prng.c
Modified: branches/nss/src/lib/crypto/krb/prng.c
===================================================================
--- branches/nss/src/lib/crypto/krb/prng.c 2010-10-02 11:48:06 UTC (rev 24413)
+++ branches/nss/src/lib/crypto/krb/prng.c 2010-10-02 14:48:17 UTC (rev 24414)
@@ -47,9 +47,12 @@
#include "../nss/nss_gen.h"
#include <pk11pub.h>
-/* Gather 8K of OS entropy per call, enough to fill the additional data buffer
- * for the built-in PRNG and trigger a reseed. */
-#define OS_ENTROPY_LEN 8192
+/*
+ * NSS gathers its own OS entropy, so it doesn't really matter how much we read
+ * in krb5_c_random_os_entropy. Use the same value as Yarrow (without using a
+ * Yarrow constant), so that we don't read too much from /dev/random.
+ */
+#define OS_ENTROPY_LEN 20
int krb5int_prng_init(void)
{
More information about the cvs-krb5
mailing list