Background:

When libdes was replaced with OpenSSL's libcrypto, there were a few interfaces that the former implemented but the latter did not. Because some software in the base system still depended upon these interfaces, we simply included them in our libcrypto (rnd_keys.c). Now, finally get around to removing the dependencies on these interfaces. There were basically two cases: des_new_random_key -- This is just a wrapper for des_random_key, and these calls were replaced. des_init_random_number_generator et. al. -- A few functions were used by the application to seed libdes's PRNG. These are not necessary when using libcrypto, as OpenSSL internally seeds the PRNG from /dev/random. These calls were simply removed. Again, some of the Kerberos 4 files have been taken off the vendor branch. I do not expect there to be future imports of KTH Kerberos 4.
author: nectar <nectar@FreeBSD.org> 2003-01-29 18:14:29 +0000
committer: nectar <nectar@FreeBSD.org> 2003-01-29 18:14:29 +0000
commit: 637cc179f5d0e82dfd99e85e20f6200d21ad09c9 (patch)
tree: 35ede372953bd23d387eaae5364ee7720ca52d47 /crypto/kerberosIV
parent: 224d4fa7016e3053b02edc999bef91300ba90811 (diff)
download: FreeBSD-src-637cc179f5d0e82dfd99e85e20f6200d21ad09c9.zip
FreeBSD-src-637cc179f5d0e82dfd99e85e20f6200d21ad09c9.tar.gz
7 files changed, 16 insertions, 36 deletions
diff --git a/crypto/kerberosIV/admin/kdb_edit.c b/crypto/kerberosIV/admin/kdb_edit.c
index 1ba6aaf..1c1f95c 100644
--- a/crypto/kerberosIV/admin/kdb_edit.c
+++ b/crypto/kerberosIV/admin/kdb_edit.c
@@ -8,6 +8,7 @@
  * This routine changes the Kerberos encryption keys for principals,
  * i.e., users or services. 
  */
+/* $FreeBSD$ */
 
 /*
  * exit returns 	 0 ==> success -1 ==> error 
@@ -162,7 +163,7 @@ change_principal(void)
 			memset(new_key, 0, sizeof(des_cblock));
 			new_key[0] = 127;
 #else
-			des_new_random_key(&new_key);
+			des_random_key(new_key);
 #endif
 			memset(pw_str, 0, sizeof pw_str);
 		    }
@@ -384,9 +385,6 @@ main(int argc, char **argv)
 						    stdout)) < 0)
       return 1;
 
-    /* Initialize non shared random sequence */
-    des_init_random_number_generator(&master_key);
-
     /* lookup the default values */
     n = kerb_get_principal(KERB_DEFAULT_NAME, KERB_DEFAULT_INST,
 			   &default_princ, 1, &more);
diff --git a/crypto/kerberosIV/admin/kdb_init.c b/crypto/kerberosIV/admin/kdb_init.c
index 0116ea2..ccec1f7 100644
--- a/crypto/kerberosIV/admin/kdb_init.c
+++ b/crypto/kerberosIV/admin/kdb_init.c
@@ -7,6 +7,7 @@
  * program to initialize the database,  reports error if database file
  * already exists. 
  */
+/* $FreeBSD$ */
 
 #include "adm_locl.h"
 
@@ -43,7 +44,7 @@ add_principal(char *name, char *instance, enum ap_op aap_op, int maxlife)
         memset(new_key, 0, sizeof(des_cblock));
 	new_key[0] = 127;
 #else
-	des_new_random_key(&new_key);
+	des_random_key(new_key);
 #endif
 	kdb_encrypt_key (&new_key, &new_key, &master_key, master_key_schedule,
 			 DES_ENCRYPT);
@@ -142,9 +143,6 @@ main(int argc, char **argv)
     fprintf(stderr, "Wrote master key to %s\n", MKEYFILE);
 #endif
 
-    /* Initialize non shared random sequence */
-    des_init_random_number_generator(&master_key);
-
     /* Maximum lifetime for changepw.kerberos (kadmin) tickets, 10 minutes */
 #define ADMLIFE (1 + (CLOCK_SKEW/(5*60)))
 
diff --git a/crypto/kerberosIV/kadmin/kadmin.c b/crypto/kerberosIV/kadmin/kadmin.c
index 76abda5..a0d5d83 100644
--- a/crypto/kerberosIV/kadmin/kadmin.c
+++ b/crypto/kerberosIV/kadmin/kadmin.c
@@ -18,6 +18,7 @@ this software for any purpose.  It is provided "as is" without express
 or implied warranty.
 
   */
+/* $FreeBSD$ */
 
 /*
  * Kerberos database administrator's tool.  
@@ -212,7 +213,7 @@ passwd_to_lowhigh(u_int32_t *low, u_int32_t *high, char *password, int byteswap)
 #ifdef NOENCRYPTION
 	memset(newkey, 0, sizeof(newkey));
 #else
-	des_new_random_key(&newkey);
+	des_random_key(newkey);
 #endif
     } else {
 #ifdef NOENCRYPTION
@@ -288,7 +289,6 @@ get_admin_password(void)
 	/* Initialize non shared random sequence from session key. */
 	memset(&c, 0, sizeof(c));
 	krb_get_cred(PWSERV_NAME, KADM_SINST, krbrlm, &c);
-	des_init_random_number_generator(&c.session);
     }
     else
 	status = KDC_PR_UNKNOWN;
diff --git a/crypto/kerberosIV/kadmin/ksrvutil.c b/crypto/kerberosIV/kadmin/ksrvutil.c
index 38722a0..0770a03 100644
--- a/crypto/kerberosIV/kadmin/ksrvutil.c
+++ b/crypto/kerberosIV/kadmin/ksrvutil.c
@@ -18,6 +18,7 @@ this software for any purpose.  It is provided "as is" without express
 or implied warranty.
 
   */
+/* $FreeBSD$ */
 
 /*
  * list and update contents of srvtab files
@@ -228,7 +229,7 @@ get_svc_new_key(des_cblock *new_key, char *sname, char *sinst,
 	memset(new_key, 0, sizeof(des_cblock));
 	(*new_key)[0] = (unsigned char) 1;
 #else /* NOENCRYPTION */
-	des_new_random_key(new_key);
+	des_random_key(*new_key);
 #endif /* NOENCRYPTION */
 	return(KADM_SUCCESS);
     }
@@ -494,17 +495,6 @@ main(int argc, char **argv)
 		    printf("Not changing this key.\n");
 		
 		if (change_this_key) {
-		    /*
-		     * This is not a good choice of seed when/if the
-		     * key has been compromised so we also use a
-		     * random sequence number!
-		     */
-		    des_init_random_number_generator(&old_key);
-		    {
-		        des_cblock seqnum;
-			des_generate_random_block(&seqnum);
-			des_set_sequence_number((unsigned char *)&seqnum);
-		    }
 		    /* 
 		     * Pick a new key and determine whether or not
 		     * it is safe to change
diff --git a/crypto/kerberosIV/kadmin/ksrvutil_get.c b/crypto/kerberosIV/kadmin/ksrvutil_get.c
index a08b10d..dc7b6c0 100644
--- a/crypto/kerberosIV/kadmin/ksrvutil_get.c
+++ b/crypto/kerberosIV/kadmin/ksrvutil_get.c
@@ -30,6 +30,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  */
+/* $FreeBSD$ */
 
 #include "kadm_locl.h"
 #include "ksrvutil.h"
@@ -82,11 +83,6 @@ get_admin_password(char *myname, char *myinst, char *myrealm)
     status = krb_get_pw_in_tkt(myname, myinst, myrealm, PWSERV_NAME, 
 			       KADM_SINST, ticket_life, admin_passwd);
     memset(admin_passwd, 0, sizeof(admin_passwd));
-    
-    /* Initialize non shared random sequence from session key. */
-    memset(&c, 0, sizeof(c));
-    krb_get_cred(PWSERV_NAME, KADM_SINST, myrealm, &c);
-    des_init_random_number_generator(&c.session);
   } else
     status = KDC_PR_UNKNOWN;
   
@@ -190,7 +186,7 @@ get_srvtab_ent(int unique_filename, int fd, char *filename,
     memset(&values, 0, sizeof(values));
     strlcpy(values.name, name, sizeof(values.name));
     strlcpy(values.instance, inst, sizeof(values.instance));
-    des_new_random_key(&newkey);
+    des_random_key(newkey);
     values.key_low = (newkey[0] << 24) | (newkey[1] << 16)
 	| (newkey[2] << 8) | (newkey[3] << 0);
     values.key_high = (newkey[4] << 24) | (newkey[5] << 16)
@@ -295,9 +291,7 @@ ksrvutil_kadm(int unique_filename, int fd, char *filename, struct srv_ent *p)
   }
   
   ret = krb_get_cred (PWSERV_NAME, KADM_SINST, u_realm, &c);
-  if (ret == KSUCCESS)
-    des_init_random_number_generator (&c.session);
-  else {
+  if (ret != KSUCCESS) {
     umask(077);
        
     /*
diff --git a/crypto/kerberosIV/kadmin/random_password.c b/crypto/kerberosIV/kadmin/random_password.c
index ec8309e..ca9855a 100644
--- a/crypto/kerberosIV/kadmin/random_password.c
+++ b/crypto/kerberosIV/kadmin/random_password.c
@@ -30,6 +30,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
  * SUCH DAMAGE. 
  */
+/* $FreeBSD$ */
 
 #include "kadm_locl.h"
 
@@ -57,7 +58,7 @@ random_password(char *pw, size_t len, u_int32_t *low, u_int32_t *high)
 {
     des_cblock newkey;
 #ifdef OTP_STYLE
-    des_new_random_key(&newkey);
+    des_random_key(&newkey);
     otp_print_stddict (newkey, pw, len);
     strlwr(pw);
 #else
@@ -87,7 +88,7 @@ static int
 RND(des_cblock *key, int *left)
 {
     if(*left == 0){
-	des_new_random_key(key);
+	des_random_key(*key);
 	*left = 8;
     }
     (*left)--;
diff --git a/crypto/kerberosIV/server/kerberos.c b/crypto/kerberosIV/server/kerberos.c
index 9e0d9b3..f4ffbc1 100644
--- a/crypto/kerberosIV/server/kerberos.c
+++ b/crypto/kerberosIV/server/kerberos.c
@@ -334,7 +334,7 @@ kerberos(unsigned char *buf, int len,
 	life = min(life, s_name.max_life);
 	life = min(life, a_name.max_life);
     
-	des_new_random_key(&session);
+	des_random_key(session);
 	copy_to_key(&s_name.key_low, &s_name.key_high, key);
 	unseal(&key);
 	krb_create_ticket(tk, flags, a_name.name, a_name.instance, 
@@ -428,7 +428,7 @@ kerberos(unsigned char *buf, int len,
 	life = min(life, s_name.max_life);
 	copy_to_key(&s_name.key_low, &s_name.key_high, key);
 	unseal(&key);
-	des_new_random_key(&session);
+	des_random_key(session);
 	krb_create_ticket(tk, flags, ad.pname, ad.pinst, ad.prealm,
 			  client->sin_addr.s_addr, &session,
 			  life, kerb_time.tv_sec,
@@ -860,7 +860,6 @@ main(int argc, char **argv)
 
     fprintf(stdout, "\nCurrent Kerberos master key version is %d\n",
 	    master_key_version);
-    des_init_random_number_generator(&master_key);
 
     if (!rflag) {
 	/* Look up our local realm */
author	nectar <nectar@FreeBSD.org>	2003-01-29 18:14:29 +0000
committer	nectar <nectar@FreeBSD.org>	2003-01-29 18:14:29 +0000
commit	637cc179f5d0e82dfd99e85e20f6200d21ad09c9 (patch)
tree	35ede372953bd23d387eaae5364ee7720ca52d47 /crypto/kerberosIV
parent	224d4fa7016e3053b02edc999bef91300ba90811 (diff)
download	FreeBSD-src-637cc179f5d0e82dfd99e85e20f6200d21ad09c9.zip FreeBSD-src-637cc179f5d0e82dfd99e85e20f6200d21ad09c9.tar.gz