* yarrow.c (yarrow_reseed_locked): Renamed from krb5int_yarrow_reseed and made

static.
(Yarrow_detect_fork, yarrow_input_maybe_locking, krb5int_yarrow_output_Block):
Call it.
(krb5int_yarrow_reseed): New function, grabs lock and calls the old version.
(krb5int_yarrow_final): Hold the lock until after clearing the Yarrow context
data.

ticket: 2878
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17032 dc483132-0cff-0310-8789-dd5450dbe970

2 files changed, 27 insertions, 6 deletions

diff --git a/src/lib/crypto/yarrow/ChangeLog b/src/lib/crypto/yarrow/ChangeLog
index 5aa069bf2..cf08dc9ed 100644
--- a/src/lib/crypto/yarrow/ChangeLog
+++ b/src/lib/crypto/yarrow/ChangeLog
@@ -1,3 +1,14 @@
+2005-01-13  Ken Raeburn  <raeburn@mit.edu>
+
+	* yarrow.c (yarrow_reseed_locked): Renamed from
+	krb5int_yarrow_reseed and made static.
+	(Yarrow_detect_fork, yarrow_input_maybe_locking,
+	krb5int_yarrow_output_Block): Call it.
+	(krb5int_yarrow_reseed): New function, grabs lock and calls the
+	old version.
+	(krb5int_yarrow_final): Hold the lock until after clearing the
+	Yarrow context data.
+
 2005-01-13  Ezra Peisach  <epeisach@mit.edu>
 
 	* yarrow.c: Declare yarrow_gate_locked static before first use.
diff --git a/src/lib/crypto/yarrow/yarrow.c b/src/lib/crypto/yarrow/yarrow.c
index 54d30e1fa..29c10f79e 100644
--- a/src/lib/crypto/yarrow/yarrow.c
+++ b/src/lib/crypto/yarrow/yarrow.c
@@ -119,6 +119,8 @@ static void krb5int_yarrow_init_Limits(Yarrow_CTX* y)
     }
 }
 
+static int yarrow_reseed_locked( Yarrow_CTX* y, int pool );
+
 /* if the program was forked, the child must not operate on the same
    PRNG state */
 #ifdef YARROW_DETECT_FORK
@@ -146,7 +148,7 @@ static int Yarrow_detect_fork(Yarrow_CTX *y)
 				  sizeof (newpid), 0));
 	TRY (yarrow_input_locked (y, 0, &newpid,
 				  sizeof (newpid), 0));
-	TRY (krb5int_yarrow_reseed (y, YARROW_FAST_POOL));
+	TRY (yarrow_reseed_locked (y, YARROW_FAST_POOL));
     }
 
  CATCH:
@@ -304,7 +306,7 @@ int yarrow_input_maybe_locking( Yarrow_CTX* y, unsigned source_id,
 	{
 	    if (source->entropy[YARROW_FAST_POOL] >= y->fast_thresh)
 	    {
-		ret = krb5int_yarrow_reseed(y, YARROW_FAST_POOL);
+		ret = yarrow_reseed_locked(y, YARROW_FAST_POOL);
 		if ( ret != YARROW_OK && ret != YARROW_NOT_SEEDED )
 		{
 		    THROW( ret );
@@ -321,7 +323,7 @@ int yarrow_input_maybe_locking( Yarrow_CTX* y, unsigned source_id,
 		if (y->slow_k_of_n >= y->slow_k_of_n_thresh)
 		{
 		    y->slow_k_of_n = 0;
-		    ret = krb5int_yarrow_reseed(y, YARROW_SLOW_POOL);
+		    ret = yarrow_reseed_locked(y, YARROW_SLOW_POOL);
 		    if ( ret != YARROW_OK && ret != YARROW_NOT_SEEDED )
 		    {
 			THROW( ret );
@@ -435,7 +437,7 @@ static int krb5int_yarrow_output_Block( Yarrow_CTX* y, void* out )
 	    
 	    TRACE( printf( "OUTPUT LIMIT REACHED," ); );
 
-	    TRY( krb5int_yarrow_reseed( y, YARROW_SLOW_POOL ) );
+	    TRY( yarrow_reseed_locked( y, YARROW_SLOW_POOL ) );
 	}
     }
   
@@ -667,7 +669,7 @@ static int Yarrow_Save_State( Yarrow_CTX *y )
 
 #endif
 
-int krb5int_yarrow_reseed(Yarrow_CTX* y, int pool)
+static int yarrow_reseed_locked(Yarrow_CTX* y, int pool)
 {
     EXCEP_DECL;
     HASH_CTX* fast_pool = &y->pool[YARROW_FAST_POOL];
@@ -814,6 +816,14 @@ int krb5int_yarrow_reseed(Yarrow_CTX* y, int pool)
 
     EXCEP_RET;
 }
+int krb5int_yarrow_reseed(Yarrow_CTX* y, int pool)
+{
+	int r;
+	LOCK();
+	r = yarrow_reseed_locked(y, pool);
+	UNLOCK();
+	return r;
+}
 
 int krb5int_yarrow_stretch(const byte* m, size_t size, byte* out, size_t out_size)
 {
@@ -907,9 +917,9 @@ int krb5int_yarrow_final(Yarrow_CTX* y)
 #endif
 
  CATCH:
-    if ( locked ) { TRY( UNLOCK() ); }
     krb5int_yarrow_cipher_final(&y->cipher);
     mem_zero( y, sizeof(Yarrow_CTX) );
+    if ( locked ) { TRY( UNLOCK() ); }
     EXCEP_RET;
 }