[17073] in Kerberos_V5_Development
Windows: how to get high resolution time in PRNG
daemon@ATHENA.MIT.EDU (Sam Hartman)
Tue Aug 9 16:09:10 2011
From: Sam Hartman <hartmans@mit.edu>
To: krbdev@mit.edu
Date: Tue, 09 Aug 2011 16:09:03 -0400
Message-ID: <tslhb5qmjog.fsf@mit.edu>
MIME-Version: 1.0
Cc: kevin.wasserman@painless-security.com
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
Hi.
One of the reasons trunk doesn't build on windows is that the fortuna
code directly calls gettimeofday.
On windows, there is a relatively simple solution:
>From 1e79f99a4e39d5359442d64ec2d8452fd220366a Mon Sep 17 00:00:00 2001
From: Kevin Wasserman <kevin.wasserman@painless-security.com>
Date: Thu, 7 Jul 2011 11:42:59 -0400
Subject: [PATCH] gettimeofday -> krb5_crypto_us_timeofday
gettimeofday() is not available on windows.
Added comment explaining potential performance problem with
krb5_crypto_us_timeofday (it grabs a mutex) and how to resolve it.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
---
src/lib/crypto/krb/prng_fortuna.c | 8 +++++++-
1 files changed, 7 insertions(+), 1 deletions(-)
diff --git a/src/lib/crypto/krb/prng_fortuna.c b/src/lib/crypto/krb/prng_fortuna.c
index f559df7..446fd73 100644
--- a/src/lib/crypto/krb/prng_fortuna.c
+++ b/src/lib/crypto/krb/prng_fortuna.c
@@ -315,7 +315,13 @@ enough_time_passed(struct fortuna_state *st)
struct timeval tv, *last = &st->last_reseed_time;
krb5_boolean ok = FALSE;
- gettimeofday(&tv, NULL);
+ /* We need to get the current time with RESEED_INTERVAL accuracy (currently 0.1sec).
+ The only exposed platform-independent function to do this is
+ krb5_crypto_us_timeofday(). It has the unfortunate side-effect of grabbing
+ a mutex to protect static data that is used to enforce 'never return the same
+ time twice' semantics which we do not require. If this is ever a performance
+ issue, it would be trivial to fix by exposing get_time_now() from c_ustime.c */
+ krb5_crypto_us_timeofday(&tv.tv_sec, &tv.tv_usec);
/* Check how much time has passed. */
if (tv.tv_sec > last->tv_sec + 1)
--
1.7.4.1
Unfortunately, despite its name, krb5_crypto_us_timeofday is defined in
libkrb5 not libk5crypto. On Windows, this is not a big deal: they are
the same dll. However the above patch breaks the unix build.
How do we want to fix this?
Options include:
1) duplicating the code
2) Calling krb5_crypto_us_timeofday on Windows but not other platforms
3) Moving the implementation to libk5crypto but retaining a stub symbol
in libkrb5
4) Moving the implementation to the support library and maintaining a
stub in libkrb5
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
