Windows: how to get high resolution time in PRNG
hartmans at MIT.EDU
Tue Aug 9 16:09:03 EDT 2011
One of the reasons trunk doesn't build on windows is that the fortuna
code directly calls gettimeofday.
On windows, there is a relatively simple solution:
>From 1e79f99a4e39d5359442d64ec2d8452fd220366a Mon Sep 17 00:00:00 2001
From: Kevin Wasserman <kevin.wasserman at painless-security.com>
Date: Thu, 7 Jul 2011 11:42:59 -0400
Subject: [PATCH] gettimeofday -> krb5_crypto_us_timeofday
gettimeofday() is not available on windows.
Added comment explaining potential performance problem with
krb5_crypto_us_timeofday (it grabs a mutex) and how to resolve it.
Signed-off-by: Kevin Wasserman <kevin.wasserman at painless-security.com>
src/lib/crypto/krb/prng_fortuna.c | 8 +++++++-
1 files changed, 7 insertions(+), 1 deletions(-)
diff --git a/src/lib/crypto/krb/prng_fortuna.c b/src/lib/crypto/krb/prng_fortuna.c
index f559df7..446fd73 100644
@@ -315,7 +315,13 @@ enough_time_passed(struct fortuna_state *st)
struct timeval tv, *last = &st->last_reseed_time;
krb5_boolean ok = FALSE;
- gettimeofday(&tv, NULL);
+ /* We need to get the current time with RESEED_INTERVAL accuracy (currently 0.1sec).
+ The only exposed platform-independent function to do this is
+ krb5_crypto_us_timeofday(). It has the unfortunate side-effect of grabbing
+ a mutex to protect static data that is used to enforce 'never return the same
+ time twice' semantics which we do not require. If this is ever a performance
+ issue, it would be trivial to fix by exposing get_time_now() from c_ustime.c */
+ krb5_crypto_us_timeofday(&tv.tv_sec, &tv.tv_usec);
/* Check how much time has passed. */
if (tv.tv_sec > last->tv_sec + 1)
Unfortunately, despite its name, krb5_crypto_us_timeofday is defined in
libkrb5 not libk5crypto. On Windows, this is not a big deal: they are
the same dll. However the above patch breaks the unix build.
How do we want to fix this?
1) duplicating the code
2) Calling krb5_crypto_us_timeofday on Windows but not other platforms
3) Moving the implementation to libk5crypto but retaining a stub symbol
4) Moving the implementation to the support library and maintaining a
stub in libkrb5
More information about the krbdev