diff options
Diffstat (limited to 'crypto/kerberosIV')
-rw-r--r-- | crypto/kerberosIV/admin/kdb_edit.c | 6 | ||||
-rw-r--r-- | crypto/kerberosIV/admin/kdb_init.c | 6 | ||||
-rw-r--r-- | crypto/kerberosIV/kadmin/kadmin.c | 4 | ||||
-rw-r--r-- | crypto/kerberosIV/kadmin/ksrvutil.c | 14 | ||||
-rw-r--r-- | crypto/kerberosIV/kadmin/ksrvutil_get.c | 12 | ||||
-rw-r--r-- | crypto/kerberosIV/kadmin/random_password.c | 5 | ||||
-rw-r--r-- | crypto/kerberosIV/server/kerberos.c | 5 |
7 files changed, 16 insertions, 36 deletions
diff --git a/crypto/kerberosIV/admin/kdb_edit.c b/crypto/kerberosIV/admin/kdb_edit.c index 1ba6aaf..1c1f95c 100644 --- a/crypto/kerberosIV/admin/kdb_edit.c +++ b/crypto/kerberosIV/admin/kdb_edit.c @@ -8,6 +8,7 @@ * This routine changes the Kerberos encryption keys for principals, * i.e., users or services. */ +/* $FreeBSD$ */ /* * exit returns 0 ==> success -1 ==> error @@ -162,7 +163,7 @@ change_principal(void) memset(new_key, 0, sizeof(des_cblock)); new_key[0] = 127; #else - des_new_random_key(&new_key); + des_random_key(new_key); #endif memset(pw_str, 0, sizeof pw_str); } @@ -384,9 +385,6 @@ main(int argc, char **argv) stdout)) < 0) return 1; - /* Initialize non shared random sequence */ - des_init_random_number_generator(&master_key); - /* lookup the default values */ n = kerb_get_principal(KERB_DEFAULT_NAME, KERB_DEFAULT_INST, &default_princ, 1, &more); diff --git a/crypto/kerberosIV/admin/kdb_init.c b/crypto/kerberosIV/admin/kdb_init.c index 0116ea2..ccec1f7 100644 --- a/crypto/kerberosIV/admin/kdb_init.c +++ b/crypto/kerberosIV/admin/kdb_init.c @@ -7,6 +7,7 @@ * program to initialize the database, reports error if database file * already exists. */ +/* $FreeBSD$ */ #include "adm_locl.h" @@ -43,7 +44,7 @@ add_principal(char *name, char *instance, enum ap_op aap_op, int maxlife) memset(new_key, 0, sizeof(des_cblock)); new_key[0] = 127; #else - des_new_random_key(&new_key); + des_random_key(new_key); #endif kdb_encrypt_key (&new_key, &new_key, &master_key, master_key_schedule, DES_ENCRYPT); @@ -142,9 +143,6 @@ main(int argc, char **argv) fprintf(stderr, "Wrote master key to %s\n", MKEYFILE); #endif - /* Initialize non shared random sequence */ - des_init_random_number_generator(&master_key); - /* Maximum lifetime for changepw.kerberos (kadmin) tickets, 10 minutes */ #define ADMLIFE (1 + (CLOCK_SKEW/(5*60))) diff --git a/crypto/kerberosIV/kadmin/kadmin.c b/crypto/kerberosIV/kadmin/kadmin.c index 76abda5..a0d5d83 100644 --- a/crypto/kerberosIV/kadmin/kadmin.c +++ b/crypto/kerberosIV/kadmin/kadmin.c @@ -18,6 +18,7 @@ this software for any purpose. It is provided "as is" without express or implied warranty. */ +/* $FreeBSD$ */ /* * Kerberos database administrator's tool. @@ -212,7 +213,7 @@ passwd_to_lowhigh(u_int32_t *low, u_int32_t *high, char *password, int byteswap) #ifdef NOENCRYPTION memset(newkey, 0, sizeof(newkey)); #else - des_new_random_key(&newkey); + des_random_key(newkey); #endif } else { #ifdef NOENCRYPTION @@ -288,7 +289,6 @@ get_admin_password(void) /* Initialize non shared random sequence from session key. */ memset(&c, 0, sizeof(c)); krb_get_cred(PWSERV_NAME, KADM_SINST, krbrlm, &c); - des_init_random_number_generator(&c.session); } else status = KDC_PR_UNKNOWN; diff --git a/crypto/kerberosIV/kadmin/ksrvutil.c b/crypto/kerberosIV/kadmin/ksrvutil.c index 38722a0..0770a03 100644 --- a/crypto/kerberosIV/kadmin/ksrvutil.c +++ b/crypto/kerberosIV/kadmin/ksrvutil.c @@ -18,6 +18,7 @@ this software for any purpose. It is provided "as is" without express or implied warranty. */ +/* $FreeBSD$ */ /* * list and update contents of srvtab files @@ -228,7 +229,7 @@ get_svc_new_key(des_cblock *new_key, char *sname, char *sinst, memset(new_key, 0, sizeof(des_cblock)); (*new_key)[0] = (unsigned char) 1; #else /* NOENCRYPTION */ - des_new_random_key(new_key); + des_random_key(*new_key); #endif /* NOENCRYPTION */ return(KADM_SUCCESS); } @@ -494,17 +495,6 @@ main(int argc, char **argv) printf("Not changing this key.\n"); if (change_this_key) { - /* - * This is not a good choice of seed when/if the - * key has been compromised so we also use a - * random sequence number! - */ - des_init_random_number_generator(&old_key); - { - des_cblock seqnum; - des_generate_random_block(&seqnum); - des_set_sequence_number((unsigned char *)&seqnum); - } /* * Pick a new key and determine whether or not * it is safe to change diff --git a/crypto/kerberosIV/kadmin/ksrvutil_get.c b/crypto/kerberosIV/kadmin/ksrvutil_get.c index a08b10d..dc7b6c0 100644 --- a/crypto/kerberosIV/kadmin/ksrvutil_get.c +++ b/crypto/kerberosIV/kadmin/ksrvutil_get.c @@ -30,6 +30,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ +/* $FreeBSD$ */ #include "kadm_locl.h" #include "ksrvutil.h" @@ -82,11 +83,6 @@ get_admin_password(char *myname, char *myinst, char *myrealm) status = krb_get_pw_in_tkt(myname, myinst, myrealm, PWSERV_NAME, KADM_SINST, ticket_life, admin_passwd); memset(admin_passwd, 0, sizeof(admin_passwd)); - - /* Initialize non shared random sequence from session key. */ - memset(&c, 0, sizeof(c)); - krb_get_cred(PWSERV_NAME, KADM_SINST, myrealm, &c); - des_init_random_number_generator(&c.session); } else status = KDC_PR_UNKNOWN; @@ -190,7 +186,7 @@ get_srvtab_ent(int unique_filename, int fd, char *filename, memset(&values, 0, sizeof(values)); strlcpy(values.name, name, sizeof(values.name)); strlcpy(values.instance, inst, sizeof(values.instance)); - des_new_random_key(&newkey); + des_random_key(newkey); values.key_low = (newkey[0] << 24) | (newkey[1] << 16) | (newkey[2] << 8) | (newkey[3] << 0); values.key_high = (newkey[4] << 24) | (newkey[5] << 16) @@ -295,9 +291,7 @@ ksrvutil_kadm(int unique_filename, int fd, char *filename, struct srv_ent *p) } ret = krb_get_cred (PWSERV_NAME, KADM_SINST, u_realm, &c); - if (ret == KSUCCESS) - des_init_random_number_generator (&c.session); - else { + if (ret != KSUCCESS) { umask(077); /* diff --git a/crypto/kerberosIV/kadmin/random_password.c b/crypto/kerberosIV/kadmin/random_password.c index ec8309e..ca9855a 100644 --- a/crypto/kerberosIV/kadmin/random_password.c +++ b/crypto/kerberosIV/kadmin/random_password.c @@ -30,6 +30,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ +/* $FreeBSD$ */ #include "kadm_locl.h" @@ -57,7 +58,7 @@ random_password(char *pw, size_t len, u_int32_t *low, u_int32_t *high) { des_cblock newkey; #ifdef OTP_STYLE - des_new_random_key(&newkey); + des_random_key(&newkey); otp_print_stddict (newkey, pw, len); strlwr(pw); #else @@ -87,7 +88,7 @@ static int RND(des_cblock *key, int *left) { if(*left == 0){ - des_new_random_key(key); + des_random_key(*key); *left = 8; } (*left)--; diff --git a/crypto/kerberosIV/server/kerberos.c b/crypto/kerberosIV/server/kerberos.c index 9e0d9b3..f4ffbc1 100644 --- a/crypto/kerberosIV/server/kerberos.c +++ b/crypto/kerberosIV/server/kerberos.c @@ -334,7 +334,7 @@ kerberos(unsigned char *buf, int len, life = min(life, s_name.max_life); life = min(life, a_name.max_life); - des_new_random_key(&session); + des_random_key(session); copy_to_key(&s_name.key_low, &s_name.key_high, key); unseal(&key); krb_create_ticket(tk, flags, a_name.name, a_name.instance, @@ -428,7 +428,7 @@ kerberos(unsigned char *buf, int len, life = min(life, s_name.max_life); copy_to_key(&s_name.key_low, &s_name.key_high, key); unseal(&key); - des_new_random_key(&session); + des_random_key(session); krb_create_ticket(tk, flags, ad.pname, ad.pinst, ad.prealm, client->sin_addr.s_addr, &session, life, kerb_time.tv_sec, @@ -860,7 +860,6 @@ main(int argc, char **argv) fprintf(stdout, "\nCurrent Kerberos master key version is %d\n", master_key_version); - des_init_random_number_generator(&master_key); if (!rflag) { /* Look up our local realm */ |