diff options
author | nectar <nectar@FreeBSD.org> | 2003-01-29 18:14:29 +0000 |
---|---|---|
committer | nectar <nectar@FreeBSD.org> | 2003-01-29 18:14:29 +0000 |
commit | 637cc179f5d0e82dfd99e85e20f6200d21ad09c9 (patch) | |
tree | 35ede372953bd23d387eaae5364ee7720ca52d47 /crypto/kerberosIV | |
parent | 224d4fa7016e3053b02edc999bef91300ba90811 (diff) | |
download | FreeBSD-src-637cc179f5d0e82dfd99e85e20f6200d21ad09c9.zip FreeBSD-src-637cc179f5d0e82dfd99e85e20f6200d21ad09c9.tar.gz |
Background:
When libdes was replaced with OpenSSL's libcrypto, there were a few
interfaces that the former implemented but the latter did not. Because
some software in the base system still depended upon these interfaces,
we simply included them in our libcrypto (rnd_keys.c).
Now, finally get around to removing the dependencies on these
interfaces. There were basically two cases:
des_new_random_key -- This is just a wrapper for des_random_key, and
these calls were replaced.
des_init_random_number_generator et. al. -- A few functions were used
by the application to seed libdes's PRNG. These are not necessary
when using libcrypto, as OpenSSL internally seeds the PRNG from
/dev/random. These calls were simply removed.
Again, some of the Kerberos 4 files have been taken off the vendor
branch. I do not expect there to be future imports of KTH Kerberos 4.
Diffstat (limited to 'crypto/kerberosIV')
-rw-r--r-- | crypto/kerberosIV/admin/kdb_edit.c | 6 | ||||
-rw-r--r-- | crypto/kerberosIV/admin/kdb_init.c | 6 | ||||
-rw-r--r-- | crypto/kerberosIV/kadmin/kadmin.c | 4 | ||||
-rw-r--r-- | crypto/kerberosIV/kadmin/ksrvutil.c | 14 | ||||
-rw-r--r-- | crypto/kerberosIV/kadmin/ksrvutil_get.c | 12 | ||||
-rw-r--r-- | crypto/kerberosIV/kadmin/random_password.c | 5 | ||||
-rw-r--r-- | crypto/kerberosIV/server/kerberos.c | 5 |
7 files changed, 16 insertions, 36 deletions
diff --git a/crypto/kerberosIV/admin/kdb_edit.c b/crypto/kerberosIV/admin/kdb_edit.c index 1ba6aaf..1c1f95c 100644 --- a/crypto/kerberosIV/admin/kdb_edit.c +++ b/crypto/kerberosIV/admin/kdb_edit.c @@ -8,6 +8,7 @@ * This routine changes the Kerberos encryption keys for principals, * i.e., users or services. */ +/* $FreeBSD$ */ /* * exit returns 0 ==> success -1 ==> error @@ -162,7 +163,7 @@ change_principal(void) memset(new_key, 0, sizeof(des_cblock)); new_key[0] = 127; #else - des_new_random_key(&new_key); + des_random_key(new_key); #endif memset(pw_str, 0, sizeof pw_str); } @@ -384,9 +385,6 @@ main(int argc, char **argv) stdout)) < 0) return 1; - /* Initialize non shared random sequence */ - des_init_random_number_generator(&master_key); - /* lookup the default values */ n = kerb_get_principal(KERB_DEFAULT_NAME, KERB_DEFAULT_INST, &default_princ, 1, &more); diff --git a/crypto/kerberosIV/admin/kdb_init.c b/crypto/kerberosIV/admin/kdb_init.c index 0116ea2..ccec1f7 100644 --- a/crypto/kerberosIV/admin/kdb_init.c +++ b/crypto/kerberosIV/admin/kdb_init.c @@ -7,6 +7,7 @@ * program to initialize the database, reports error if database file * already exists. */ +/* $FreeBSD$ */ #include "adm_locl.h" @@ -43,7 +44,7 @@ add_principal(char *name, char *instance, enum ap_op aap_op, int maxlife) memset(new_key, 0, sizeof(des_cblock)); new_key[0] = 127; #else - des_new_random_key(&new_key); + des_random_key(new_key); #endif kdb_encrypt_key (&new_key, &new_key, &master_key, master_key_schedule, DES_ENCRYPT); @@ -142,9 +143,6 @@ main(int argc, char **argv) fprintf(stderr, "Wrote master key to %s\n", MKEYFILE); #endif - /* Initialize non shared random sequence */ - des_init_random_number_generator(&master_key); - /* Maximum lifetime for changepw.kerberos (kadmin) tickets, 10 minutes */ #define ADMLIFE (1 + (CLOCK_SKEW/(5*60))) diff --git a/crypto/kerberosIV/kadmin/kadmin.c b/crypto/kerberosIV/kadmin/kadmin.c index 76abda5..a0d5d83 100644 --- a/crypto/kerberosIV/kadmin/kadmin.c +++ b/crypto/kerberosIV/kadmin/kadmin.c @@ -18,6 +18,7 @@ this software for any purpose. It is provided "as is" without express or implied warranty. */ +/* $FreeBSD$ */ /* * Kerberos database administrator's tool. @@ -212,7 +213,7 @@ passwd_to_lowhigh(u_int32_t *low, u_int32_t *high, char *password, int byteswap) #ifdef NOENCRYPTION memset(newkey, 0, sizeof(newkey)); #else - des_new_random_key(&newkey); + des_random_key(newkey); #endif } else { #ifdef NOENCRYPTION @@ -288,7 +289,6 @@ get_admin_password(void) /* Initialize non shared random sequence from session key. */ memset(&c, 0, sizeof(c)); krb_get_cred(PWSERV_NAME, KADM_SINST, krbrlm, &c); - des_init_random_number_generator(&c.session); } else status = KDC_PR_UNKNOWN; diff --git a/crypto/kerberosIV/kadmin/ksrvutil.c b/crypto/kerberosIV/kadmin/ksrvutil.c index 38722a0..0770a03 100644 --- a/crypto/kerberosIV/kadmin/ksrvutil.c +++ b/crypto/kerberosIV/kadmin/ksrvutil.c @@ -18,6 +18,7 @@ this software for any purpose. It is provided "as is" without express or implied warranty. */ +/* $FreeBSD$ */ /* * list and update contents of srvtab files @@ -228,7 +229,7 @@ get_svc_new_key(des_cblock *new_key, char *sname, char *sinst, memset(new_key, 0, sizeof(des_cblock)); (*new_key)[0] = (unsigned char) 1; #else /* NOENCRYPTION */ - des_new_random_key(new_key); + des_random_key(*new_key); #endif /* NOENCRYPTION */ return(KADM_SUCCESS); } @@ -494,17 +495,6 @@ main(int argc, char **argv) printf("Not changing this key.\n"); if (change_this_key) { - /* - * This is not a good choice of seed when/if the - * key has been compromised so we also use a - * random sequence number! - */ - des_init_random_number_generator(&old_key); - { - des_cblock seqnum; - des_generate_random_block(&seqnum); - des_set_sequence_number((unsigned char *)&seqnum); - } /* * Pick a new key and determine whether or not * it is safe to change diff --git a/crypto/kerberosIV/kadmin/ksrvutil_get.c b/crypto/kerberosIV/kadmin/ksrvutil_get.c index a08b10d..dc7b6c0 100644 --- a/crypto/kerberosIV/kadmin/ksrvutil_get.c +++ b/crypto/kerberosIV/kadmin/ksrvutil_get.c @@ -30,6 +30,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ +/* $FreeBSD$ */ #include "kadm_locl.h" #include "ksrvutil.h" @@ -82,11 +83,6 @@ get_admin_password(char *myname, char *myinst, char *myrealm) status = krb_get_pw_in_tkt(myname, myinst, myrealm, PWSERV_NAME, KADM_SINST, ticket_life, admin_passwd); memset(admin_passwd, 0, sizeof(admin_passwd)); - - /* Initialize non shared random sequence from session key. */ - memset(&c, 0, sizeof(c)); - krb_get_cred(PWSERV_NAME, KADM_SINST, myrealm, &c); - des_init_random_number_generator(&c.session); } else status = KDC_PR_UNKNOWN; @@ -190,7 +186,7 @@ get_srvtab_ent(int unique_filename, int fd, char *filename, memset(&values, 0, sizeof(values)); strlcpy(values.name, name, sizeof(values.name)); strlcpy(values.instance, inst, sizeof(values.instance)); - des_new_random_key(&newkey); + des_random_key(newkey); values.key_low = (newkey[0] << 24) | (newkey[1] << 16) | (newkey[2] << 8) | (newkey[3] << 0); values.key_high = (newkey[4] << 24) | (newkey[5] << 16) @@ -295,9 +291,7 @@ ksrvutil_kadm(int unique_filename, int fd, char *filename, struct srv_ent *p) } ret = krb_get_cred (PWSERV_NAME, KADM_SINST, u_realm, &c); - if (ret == KSUCCESS) - des_init_random_number_generator (&c.session); - else { + if (ret != KSUCCESS) { umask(077); /* diff --git a/crypto/kerberosIV/kadmin/random_password.c b/crypto/kerberosIV/kadmin/random_password.c index ec8309e..ca9855a 100644 --- a/crypto/kerberosIV/kadmin/random_password.c +++ b/crypto/kerberosIV/kadmin/random_password.c @@ -30,6 +30,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ +/* $FreeBSD$ */ #include "kadm_locl.h" @@ -57,7 +58,7 @@ random_password(char *pw, size_t len, u_int32_t *low, u_int32_t *high) { des_cblock newkey; #ifdef OTP_STYLE - des_new_random_key(&newkey); + des_random_key(&newkey); otp_print_stddict (newkey, pw, len); strlwr(pw); #else @@ -87,7 +88,7 @@ static int RND(des_cblock *key, int *left) { if(*left == 0){ - des_new_random_key(key); + des_random_key(*key); *left = 8; } (*left)--; diff --git a/crypto/kerberosIV/server/kerberos.c b/crypto/kerberosIV/server/kerberos.c index 9e0d9b3..f4ffbc1 100644 --- a/crypto/kerberosIV/server/kerberos.c +++ b/crypto/kerberosIV/server/kerberos.c @@ -334,7 +334,7 @@ kerberos(unsigned char *buf, int len, life = min(life, s_name.max_life); life = min(life, a_name.max_life); - des_new_random_key(&session); + des_random_key(session); copy_to_key(&s_name.key_low, &s_name.key_high, key); unseal(&key); krb_create_ticket(tk, flags, a_name.name, a_name.instance, @@ -428,7 +428,7 @@ kerberos(unsigned char *buf, int len, life = min(life, s_name.max_life); copy_to_key(&s_name.key_low, &s_name.key_high, key); unseal(&key); - des_new_random_key(&session); + des_random_key(session); krb_create_ticket(tk, flags, ad.pname, ad.pinst, ad.prealm, client->sin_addr.s_addr, &session, life, kerb_time.tv_sec, @@ -860,7 +860,6 @@ main(int argc, char **argv) fprintf(stdout, "\nCurrent Kerberos master key version is %d\n", master_key_version); - des_init_random_number_generator(&master_key); if (!rflag) { /* Look up our local realm */ |