summaryrefslogtreecommitdiffstats
path: root/crypto/kerberosIV
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/kerberosIV')
-rw-r--r--crypto/kerberosIV/admin/kdb_edit.c6
-rw-r--r--crypto/kerberosIV/admin/kdb_init.c6
-rw-r--r--crypto/kerberosIV/kadmin/kadmin.c4
-rw-r--r--crypto/kerberosIV/kadmin/ksrvutil.c14
-rw-r--r--crypto/kerberosIV/kadmin/ksrvutil_get.c12
-rw-r--r--crypto/kerberosIV/kadmin/random_password.c5
-rw-r--r--crypto/kerberosIV/server/kerberos.c5
7 files changed, 16 insertions, 36 deletions
diff --git a/crypto/kerberosIV/admin/kdb_edit.c b/crypto/kerberosIV/admin/kdb_edit.c
index 1ba6aaf..1c1f95c 100644
--- a/crypto/kerberosIV/admin/kdb_edit.c
+++ b/crypto/kerberosIV/admin/kdb_edit.c
@@ -8,6 +8,7 @@
* This routine changes the Kerberos encryption keys for principals,
* i.e., users or services.
*/
+/* $FreeBSD$ */
/*
* exit returns 0 ==> success -1 ==> error
@@ -162,7 +163,7 @@ change_principal(void)
memset(new_key, 0, sizeof(des_cblock));
new_key[0] = 127;
#else
- des_new_random_key(&new_key);
+ des_random_key(new_key);
#endif
memset(pw_str, 0, sizeof pw_str);
}
@@ -384,9 +385,6 @@ main(int argc, char **argv)
stdout)) < 0)
return 1;
- /* Initialize non shared random sequence */
- des_init_random_number_generator(&master_key);
-
/* lookup the default values */
n = kerb_get_principal(KERB_DEFAULT_NAME, KERB_DEFAULT_INST,
&default_princ, 1, &more);
diff --git a/crypto/kerberosIV/admin/kdb_init.c b/crypto/kerberosIV/admin/kdb_init.c
index 0116ea2..ccec1f7 100644
--- a/crypto/kerberosIV/admin/kdb_init.c
+++ b/crypto/kerberosIV/admin/kdb_init.c
@@ -7,6 +7,7 @@
* program to initialize the database, reports error if database file
* already exists.
*/
+/* $FreeBSD$ */
#include "adm_locl.h"
@@ -43,7 +44,7 @@ add_principal(char *name, char *instance, enum ap_op aap_op, int maxlife)
memset(new_key, 0, sizeof(des_cblock));
new_key[0] = 127;
#else
- des_new_random_key(&new_key);
+ des_random_key(new_key);
#endif
kdb_encrypt_key (&new_key, &new_key, &master_key, master_key_schedule,
DES_ENCRYPT);
@@ -142,9 +143,6 @@ main(int argc, char **argv)
fprintf(stderr, "Wrote master key to %s\n", MKEYFILE);
#endif
- /* Initialize non shared random sequence */
- des_init_random_number_generator(&master_key);
-
/* Maximum lifetime for changepw.kerberos (kadmin) tickets, 10 minutes */
#define ADMLIFE (1 + (CLOCK_SKEW/(5*60)))
diff --git a/crypto/kerberosIV/kadmin/kadmin.c b/crypto/kerberosIV/kadmin/kadmin.c
index 76abda5..a0d5d83 100644
--- a/crypto/kerberosIV/kadmin/kadmin.c
+++ b/crypto/kerberosIV/kadmin/kadmin.c
@@ -18,6 +18,7 @@ this software for any purpose. It is provided "as is" without express
or implied warranty.
*/
+/* $FreeBSD$ */
/*
* Kerberos database administrator's tool.
@@ -212,7 +213,7 @@ passwd_to_lowhigh(u_int32_t *low, u_int32_t *high, char *password, int byteswap)
#ifdef NOENCRYPTION
memset(newkey, 0, sizeof(newkey));
#else
- des_new_random_key(&newkey);
+ des_random_key(newkey);
#endif
} else {
#ifdef NOENCRYPTION
@@ -288,7 +289,6 @@ get_admin_password(void)
/* Initialize non shared random sequence from session key. */
memset(&c, 0, sizeof(c));
krb_get_cred(PWSERV_NAME, KADM_SINST, krbrlm, &c);
- des_init_random_number_generator(&c.session);
}
else
status = KDC_PR_UNKNOWN;
diff --git a/crypto/kerberosIV/kadmin/ksrvutil.c b/crypto/kerberosIV/kadmin/ksrvutil.c
index 38722a0..0770a03 100644
--- a/crypto/kerberosIV/kadmin/ksrvutil.c
+++ b/crypto/kerberosIV/kadmin/ksrvutil.c
@@ -18,6 +18,7 @@ this software for any purpose. It is provided "as is" without express
or implied warranty.
*/
+/* $FreeBSD$ */
/*
* list and update contents of srvtab files
@@ -228,7 +229,7 @@ get_svc_new_key(des_cblock *new_key, char *sname, char *sinst,
memset(new_key, 0, sizeof(des_cblock));
(*new_key)[0] = (unsigned char) 1;
#else /* NOENCRYPTION */
- des_new_random_key(new_key);
+ des_random_key(*new_key);
#endif /* NOENCRYPTION */
return(KADM_SUCCESS);
}
@@ -494,17 +495,6 @@ main(int argc, char **argv)
printf("Not changing this key.\n");
if (change_this_key) {
- /*
- * This is not a good choice of seed when/if the
- * key has been compromised so we also use a
- * random sequence number!
- */
- des_init_random_number_generator(&old_key);
- {
- des_cblock seqnum;
- des_generate_random_block(&seqnum);
- des_set_sequence_number((unsigned char *)&seqnum);
- }
/*
* Pick a new key and determine whether or not
* it is safe to change
diff --git a/crypto/kerberosIV/kadmin/ksrvutil_get.c b/crypto/kerberosIV/kadmin/ksrvutil_get.c
index a08b10d..dc7b6c0 100644
--- a/crypto/kerberosIV/kadmin/ksrvutil_get.c
+++ b/crypto/kerberosIV/kadmin/ksrvutil_get.c
@@ -30,6 +30,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
+/* $FreeBSD$ */
#include "kadm_locl.h"
#include "ksrvutil.h"
@@ -82,11 +83,6 @@ get_admin_password(char *myname, char *myinst, char *myrealm)
status = krb_get_pw_in_tkt(myname, myinst, myrealm, PWSERV_NAME,
KADM_SINST, ticket_life, admin_passwd);
memset(admin_passwd, 0, sizeof(admin_passwd));
-
- /* Initialize non shared random sequence from session key. */
- memset(&c, 0, sizeof(c));
- krb_get_cred(PWSERV_NAME, KADM_SINST, myrealm, &c);
- des_init_random_number_generator(&c.session);
} else
status = KDC_PR_UNKNOWN;
@@ -190,7 +186,7 @@ get_srvtab_ent(int unique_filename, int fd, char *filename,
memset(&values, 0, sizeof(values));
strlcpy(values.name, name, sizeof(values.name));
strlcpy(values.instance, inst, sizeof(values.instance));
- des_new_random_key(&newkey);
+ des_random_key(newkey);
values.key_low = (newkey[0] << 24) | (newkey[1] << 16)
| (newkey[2] << 8) | (newkey[3] << 0);
values.key_high = (newkey[4] << 24) | (newkey[5] << 16)
@@ -295,9 +291,7 @@ ksrvutil_kadm(int unique_filename, int fd, char *filename, struct srv_ent *p)
}
ret = krb_get_cred (PWSERV_NAME, KADM_SINST, u_realm, &c);
- if (ret == KSUCCESS)
- des_init_random_number_generator (&c.session);
- else {
+ if (ret != KSUCCESS) {
umask(077);
/*
diff --git a/crypto/kerberosIV/kadmin/random_password.c b/crypto/kerberosIV/kadmin/random_password.c
index ec8309e..ca9855a 100644
--- a/crypto/kerberosIV/kadmin/random_password.c
+++ b/crypto/kerberosIV/kadmin/random_password.c
@@ -30,6 +30,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
+/* $FreeBSD$ */
#include "kadm_locl.h"
@@ -57,7 +58,7 @@ random_password(char *pw, size_t len, u_int32_t *low, u_int32_t *high)
{
des_cblock newkey;
#ifdef OTP_STYLE
- des_new_random_key(&newkey);
+ des_random_key(&newkey);
otp_print_stddict (newkey, pw, len);
strlwr(pw);
#else
@@ -87,7 +88,7 @@ static int
RND(des_cblock *key, int *left)
{
if(*left == 0){
- des_new_random_key(key);
+ des_random_key(*key);
*left = 8;
}
(*left)--;
diff --git a/crypto/kerberosIV/server/kerberos.c b/crypto/kerberosIV/server/kerberos.c
index 9e0d9b3..f4ffbc1 100644
--- a/crypto/kerberosIV/server/kerberos.c
+++ b/crypto/kerberosIV/server/kerberos.c
@@ -334,7 +334,7 @@ kerberos(unsigned char *buf, int len,
life = min(life, s_name.max_life);
life = min(life, a_name.max_life);
- des_new_random_key(&session);
+ des_random_key(session);
copy_to_key(&s_name.key_low, &s_name.key_high, key);
unseal(&key);
krb_create_ticket(tk, flags, a_name.name, a_name.instance,
@@ -428,7 +428,7 @@ kerberos(unsigned char *buf, int len,
life = min(life, s_name.max_life);
copy_to_key(&s_name.key_low, &s_name.key_high, key);
unseal(&key);
- des_new_random_key(&session);
+ des_random_key(session);
krb_create_ticket(tk, flags, ad.pname, ad.pinst, ad.prealm,
client->sin_addr.s_addr, &session,
life, kerb_time.tv_sec,
@@ -860,7 +860,6 @@ main(int argc, char **argv)
fprintf(stdout, "\nCurrent Kerberos master key version is %d\n",
master_key_version);
- des_init_random_number_generator(&master_key);
if (!rflag) {
/* Look up our local realm */
OpenPOWER on IntegriCloud