svn rev #24660: trunk/src/ lib/crypto/builtin/ lib/crypto/crypto_tests/ lib/crypto/krb/prng/ ...

ghudson@MIT.EDU ghudson at MIT.EDU
Fri Feb 25 10:05:38 EST 2011 

http://src.mit.edu/fisheye/changelog/krb5/?cs=24660
Commit By: ghudson
Log Message:
Remove Yarrow PRNG implementation.



Changed Files:
U   trunk/src/Makefile.in
D   trunk/src/lib/crypto/builtin/yhash.h
U   trunk/src/lib/crypto/crypto_tests/Makefile.in
U   trunk/src/lib/crypto/crypto_tests/deps
D   trunk/src/lib/crypto/crypto_tests/t_prng.reseedtest
D   trunk/src/lib/crypto/crypto_tests/t_prng.reseedtest-comments
D   trunk/src/lib/crypto/crypto_tests/t_prng.reseedtest-expected
D   trunk/src/lib/crypto/crypto_tests/ytest.c
U   trunk/src/lib/crypto/krb/prng/nss/prng_nss.c
U   trunk/src/lib/crypto/krb/prng/prng.c
U   trunk/src/lib/crypto/krb/prng/prng.h
D   trunk/src/lib/crypto/krb/prng/yarrow/
D   trunk/src/lib/crypto/nss/yhash.h
D   trunk/src/lib/crypto/openssl/yhash.h
Modified: trunk/src/Makefile.in
===================================================================
--- trunk/src/Makefile.in	2011-02-25 15:04:49 UTC (rev 24659)
+++ trunk/src/Makefile.in	2011-02-25 15:05:38 UTC (rev 24660)
@@ -246,8 +246,6 @@
 ##DOS##	$(WCONFIG) config < $@.in > $@
 ##DOS##lib\crypto\krb\prng\fortuna\Makefile: lib\crypto\krb\prng\fortuna\Makefile.in $(MKFDEP)
 ##DOS##	$(WCONFIG) config < $@.in > $@
-##DOS##lib\crypto\krb\prng\yarrow\Makefile: lib\crypto\krb\prng\yarrow\Makefile.in $(MKFDEP)
-##DOS##	$(WCONFIG) config < $@.in > $@
 ##DOS##lib\crypto\krb\prng\Makefile: lib\crypto\krb\prng\Makefile.in $(MKFDEP)
 ##DOS##	$(WCONFIG) config < $@.in > $@
 ##DOS##lib\crypto\krb\prf\Makefile: lib\crypto\krb\prf\Makefile.in $(MKFDEP)
@@ -365,7 +363,7 @@
 	include/krb5/* lib/* lib/crypto/* lib/crypto/krb/* \
 	lib/crypto/krb/crc32/* lib/crypto/krb/rand2key/* \
 	lib/crypto/krb/prng/fortuna/* lib/crypto/krb/prng/nss/* \
-	lib/crypto/krb/prng/yarrow/* lib/crypto/krb/prng/* \
+	lib/crypto/krb/prng/* \
 	lib/crypto/krb/prf/* lib/crypto/krb/checksum/* lib/crypto/krb/old/* \
 	lib/crypto/krb/raw/* lib/crypto/krb/arcfour/* lib/crypto/krb/dk/* \
 	lib/crypto/builtin/aes/* lib/crypto/builtin/enc_provider/* \

Modified: trunk/src/lib/crypto/crypto_tests/Makefile.in
===================================================================
--- trunk/src/lib/crypto/crypto_tests/Makefile.in	2011-02-25 15:04:49 UTC (rev 24659)
+++ trunk/src/lib/crypto/crypto_tests/Makefile.in	2011-02-25 15:05:38 UTC (rev 24660)
@@ -37,17 +37,13 @@
 	$(srcdir)/t_short.c	\
 	$(srcdir)/t_str2key.c	\
 	$(srcdir)/t_derive.c	\
-	$(srcdir)/t_fork.c	\
-	$(srcdir)/ytest.c	
+	$(srcdir)/t_fork.c
 
 ##DOS##BUILDTOP = ..\..\..
 
 # NOTE: The t_cksum known checksum values are primarily for regression
 # testing.  They are not derived a priori, but are known to produce
 # checksums that interoperate.
-#
-# We use the NSS PRNG when NSS is the crypto back end, so don't test
-# against the expected output for Yarrow.
 check-unix:: t_nfold t_encrypt t_decrypt t_prf t_prng t_cmac t_hmac \
 		t_cksum4 t_cksum5 t_cksums \
 		aes-test  \
@@ -58,9 +54,6 @@
 	$(RUN_SETUP) $(VALGRIND) ./t_encrypt
 	$(RUN_SETUP) $(VALGRIND) ./t_decrypt
 	$(RUN_SETUP) $(VALGRIND) ./t_prng <$(srcdir)/t_prng.seed >t_prng.output
-	if [ $(PRNG_ALG) = yarrow ]; then \
-		diff t_prng.output $(srcdir)/t_prng.expected; \
-	fi
 	$(RUN_SETUP) $(VALGRIND) ./t_cmac
 	$(RUN_SETUP) $(VALGRIND) ./t_hmac
 	$(RUN_SETUP) $(VALGRIND) ./t_prf <$(srcdir)/t_prf.in >t_prf.output
@@ -172,11 +165,6 @@
 t_fork$(EXEEXT): t_fork.$(OBJEXT) $(SUPPORT_DEPLIB)
 	$(CC_LINK) -o $@ t_fork.$(OBJEXT) -lkrb5 -lk5crypto -lcom_err $(SUPPORT_LIB)
 
-ytest: ytest.o shs.o $(SUPPORT_DEPLIB) $(CRYPTO_DEPLIB)
-	$(CC_LINK) -o ytest ytest.o  $(SUPPORT_LIB)  $(CRYPTO_DEPLIB)
-
-
-
 clean::
 	$(RM) t_nfold.o t_nfold nfold.$(OBJEXT) t_encrypt t_encrypt.o \
 		t_decrypt.o t_decrypt t_prng.o t_prng t_cmac.o t_cmac \

Modified: trunk/src/lib/crypto/crypto_tests/deps
===================================================================
--- trunk/src/lib/crypto/crypto_tests/deps	2011-02-25 15:04:49 UTC (rev 24659)
+++ trunk/src/lib/crypto/crypto_tests/deps	2011-02-25 15:05:38 UTC (rev 24660)
@@ -207,17 +207,3 @@
   $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/plugin.h \
   $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
   $(top_srcdir)/include/socket-utils.h t_fork.c
-$(OUTPRE)ytest.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../builtin/sha1/shs.h \
-  $(srcdir)/../builtin/yhash.h $(srcdir)/../krb/prng/yarrow/yarrow.h \
-  $(srcdir)/../krb/prng/yarrow/ycipher.h $(srcdir)/../krb/prng/yarrow/yexcep.h \
-  $(srcdir)/../krb/prng/yarrow/ytypes.h $(top_srcdir)/include/k5-buf.h \
-  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
-  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
-  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
-  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
-  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
-  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/plugin.h \
-  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
-  $(top_srcdir)/include/socket-utils.h ytest.c

Modified: trunk/src/lib/crypto/krb/prng/nss/prng_nss.c
===================================================================
--- trunk/src/lib/crypto/krb/prng/nss/prng_nss.c	2011-02-25 15:04:49 UTC (rev 24659)
+++ trunk/src/lib/crypto/krb/prng/nss/prng_nss.c	2011-02-25 15:05:38 UTC (rev 24660)
@@ -33,9 +33,9 @@
 #ifdef CRYPTO_IMPL_NSS
 
 /*
- * Using Yarrow with NSS is a bit problematic because the MD5 contexts it holds
- * open for the entropy pools would be invalidated by a fork(), causing us to
- * lose the entropy contained therein.
+ * Using Fortuna with NSS is a bit problematic because the MD5 contexts it
+ * holds open for the entropy pools would be invalidated by a fork(), causing
+ * us to lose the entropy contained therein.
  *
  * Therefore, use the NSS PRNG if NSS is the crypto implementation.
  */

Modified: trunk/src/lib/crypto/krb/prng/prng.c
===================================================================
--- trunk/src/lib/crypto/krb/prng/prng.c	2011-02-25 15:04:49 UTC (rev 24659)
+++ trunk/src/lib/crypto/krb/prng/prng.c	2011-02-25 15:05:38 UTC (rev 24660)
@@ -32,9 +32,6 @@
 #elif defined(CRYPTO_IMPL_NSS)
 #include "prng_nss.h"
 const struct krb5_prng_provider *prng = &krb5int_prng_nss;
-#else
-#include "yarrow.h"
-const struct krb5_prng_provider *prng = &krb5int_prng_yarrow;
 #endif
 
 /*
@@ -168,7 +165,7 @@
 add_entropy_from_device(krb5_context context, const char *device)
 {
     krb5_data data;
-    unsigned char buf[ENTROPY_BUFSIZE];
+    unsigned char buf[64];
 
     if (!read_entropy_from_device(device, buf, sizeof(buf)))
         return FALSE;

Modified: trunk/src/lib/crypto/krb/prng/prng.h
===================================================================
--- trunk/src/lib/crypto/krb/prng/prng.h	2011-02-25 15:04:49 UTC (rev 24659)
+++ trunk/src/lib/crypto/krb/prng/prng.h	2011-02-25 15:05:38 UTC (rev 24660)
@@ -31,19 +31,6 @@
 
 #include "k5-int.h"
 
-#if defined(FORTUNA)
-#define ENTROPY_BUFSIZE 32  /* SHA256 digest length */
-#elif defined(CRYPTO_IMPL_NSS)
-/*
- * NSS gathers its own OS entropy, so it doesn't really matter how much we read
- * in krb5_c_random_os_entropy.  Use the same value as Yarrow (without using a
- * Yarrow constant), so that we don't read too much from /dev/random.
- */
-#define ENTROPY_BUFSIZE 20
-#else
-#define ENTROPY_BUFSIZE YARROW_SLOW_THRESH/8  /* SHA1 digest length*/
-#endif
-
 /* Used by PRNG implementations to gather OS entropy.  Returns true on
  * success. */
 krb5_boolean k5_get_os_entropy(unsigned char *buf, size_t len);

More information about the cvs-krb5 mailing list