Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Browse files

Be more parsimonious with /dev/random when using the NSS PRNG.

git-svn-id: svn:// dc483132-0cff-0310-8789-dd5450dbe970
  • Loading branch information...
commit 22873662ca6fa44e16bd24af492ef34f8e4f45df 1 parent 16220c2
ghudson authored
Showing with 6 additions and 3 deletions.
  1. +6 −3 src/lib/crypto/krb/prng.c
9 src/lib/crypto/krb/prng.c
@@ -47,9 +47,12 @@ k5_mutex_t yarrow_lock = K5_MUTEX_PARTIAL_INITIALIZER;
#include "../nss/nss_gen.h"
#include <pk11pub.h>
-/* Gather 8K of OS entropy per call, enough to fill the additional data buffer
- * for the built-in PRNG and trigger a reseed. */
-#define OS_ENTROPY_LEN 8192
+ * NSS gathers its own OS entropy, so it doesn't really matter how much we read
+ * in krb5_c_random_os_entropy. Use the same value as Yarrow (without using a
+ * Yarrow constant), so that we don't read too much from /dev/random.
+ */
+#define OS_ENTROPY_LEN 20
int krb5int_prng_init(void)

0 comments on commit 2287366

Please sign in to comment.
Something went wrong with that request. Please try again.