diff --git a/contrib/telnet/libtelnet/enc_des.c b/contrib/telnet/libtelnet/enc_des.c index 5ac693b80b3b..cb70b5777e56 100644 --- a/contrib/telnet/libtelnet/enc_des.c +++ b/contrib/telnet/libtelnet/enc_des.c @@ -54,7 +54,6 @@ static const char sccsid[] = "@(#)enc_des.c 8.3 (Berkeley) 5/30/95"; #include "misc-proto.h" extern int encrypt_debug_mode; -void des_set_random_generator_seed(des_cblock *); /* XXX */ #define CFB 0 #define OFB 1 @@ -75,7 +74,6 @@ struct fb { int need_start; int state[2]; int keyid[2]; - int once; struct stinfo { Block str_output; Block str_feed; @@ -211,7 +209,7 @@ fb64_start(struct fb *fbp, int dir, int server __unused) /* * Create a random feed and send it over. */ - des_new_random_key((Block *)fbp->temp_feed); + des_random_key((Block *)fbp->temp_feed); des_ecb_encrypt((Block *)fbp->temp_feed, (Block *)fbp->temp_feed, fbp->krbdes_sched, 1); p = fbp->fb_feed + 3; @@ -397,10 +395,6 @@ fb64_session(Session_Key *key, int server, struct fb *fbp) fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_ENCRYPT-1]); fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_DECRYPT-1]); - if (fbp->once == 0) { - des_set_random_generator_seed((Block *)fbp->krbdes_key); - fbp->once = 1; - } des_key_sched((Block *)fbp->krbdes_key, fbp->krbdes_sched); /* * Now look to see if krbdes_start() was was waiting for diff --git a/contrib/telnet/libtelnet/kerberos.c b/contrib/telnet/libtelnet/kerberos.c index 39b2dd5c77c5..2380c27daa5e 100644 --- a/contrib/telnet/libtelnet/kerberos.c +++ b/contrib/telnet/libtelnet/kerberos.c @@ -207,8 +207,7 @@ kerberos4_send(Authenticator *ap) register int i; des_key_sched(&cred.session, sched); - des_init_random_number_generator(&cred.session); - des_new_random_key(&session_key); + des_random_key(&session_key); des_ecb_encrypt(&session_key, &session_key, sched, 0); des_ecb_encrypt(&session_key, &challenge, sched, 0); /* @@ -299,11 +298,6 @@ kerberos4_is(Authenticator *ap, unsigned char *data, int cnt) break; } - /* - * Initialize the random number generator since it's - * used later on by the encryption routine. - */ - des_init_random_number_generator(&session_key); des_key_sched(&session_key, sched); memmove((void *)datablock, (void *)data, sizeof(Block)); /* diff --git a/crypto/kerberosIV/admin/kdb_edit.c b/crypto/kerberosIV/admin/kdb_edit.c index 1ba6aaf03424..1c1f95c92e15 100644 --- a/crypto/kerberosIV/admin/kdb_edit.c +++ b/crypto/kerberosIV/admin/kdb_edit.c @@ -8,6 +8,7 @@ * This routine changes the Kerberos encryption keys for principals, * i.e., users or services. */ +/* $FreeBSD$ */ /* * exit returns 0 ==> success -1 ==> error @@ -162,7 +163,7 @@ change_principal(void) memset(new_key, 0, sizeof(des_cblock)); new_key[0] = 127; #else - des_new_random_key(&new_key); + des_random_key(new_key); #endif memset(pw_str, 0, sizeof pw_str); } @@ -384,9 +385,6 @@ main(int argc, char **argv) stdout)) < 0) return 1; - /* Initialize non shared random sequence */ - des_init_random_number_generator(&master_key); - /* lookup the default values */ n = kerb_get_principal(KERB_DEFAULT_NAME, KERB_DEFAULT_INST, &default_princ, 1, &more); diff --git a/crypto/kerberosIV/admin/kdb_init.c b/crypto/kerberosIV/admin/kdb_init.c index 0116ea227cfe..ccec1f7e6ecd 100644 --- a/crypto/kerberosIV/admin/kdb_init.c +++ b/crypto/kerberosIV/admin/kdb_init.c @@ -7,6 +7,7 @@ * program to initialize the database, reports error if database file * already exists. */ +/* $FreeBSD$ */ #include "adm_locl.h" @@ -43,7 +44,7 @@ add_principal(char *name, char *instance, enum ap_op aap_op, int maxlife) memset(new_key, 0, sizeof(des_cblock)); new_key[0] = 127; #else - des_new_random_key(&new_key); + des_random_key(new_key); #endif kdb_encrypt_key (&new_key, &new_key, &master_key, master_key_schedule, DES_ENCRYPT); @@ -142,9 +143,6 @@ main(int argc, char **argv) fprintf(stderr, "Wrote master key to %s\n", MKEYFILE); #endif - /* Initialize non shared random sequence */ - des_init_random_number_generator(&master_key); - /* Maximum lifetime for changepw.kerberos (kadmin) tickets, 10 minutes */ #define ADMLIFE (1 + (CLOCK_SKEW/(5*60))) diff --git a/crypto/kerberosIV/kadmin/kadmin.c b/crypto/kerberosIV/kadmin/kadmin.c index 76abda5db0f2..a0d5d83b6623 100644 --- a/crypto/kerberosIV/kadmin/kadmin.c +++ b/crypto/kerberosIV/kadmin/kadmin.c @@ -18,6 +18,7 @@ this software for any purpose. It is provided "as is" without express or implied warranty. */ +/* $FreeBSD$ */ /* * Kerberos database administrator's tool. @@ -212,7 +213,7 @@ passwd_to_lowhigh(u_int32_t *low, u_int32_t *high, char *password, int byteswap) #ifdef NOENCRYPTION memset(newkey, 0, sizeof(newkey)); #else - des_new_random_key(&newkey); + des_random_key(newkey); #endif } else { #ifdef NOENCRYPTION @@ -288,7 +289,6 @@ get_admin_password(void) /* Initialize non shared random sequence from session key. */ memset(&c, 0, sizeof(c)); krb_get_cred(PWSERV_NAME, KADM_SINST, krbrlm, &c); - des_init_random_number_generator(&c.session); } else status = KDC_PR_UNKNOWN; diff --git a/crypto/kerberosIV/kadmin/ksrvutil.c b/crypto/kerberosIV/kadmin/ksrvutil.c index 38722a0a376b..0770a03f8aca 100644 --- a/crypto/kerberosIV/kadmin/ksrvutil.c +++ b/crypto/kerberosIV/kadmin/ksrvutil.c @@ -18,6 +18,7 @@ this software for any purpose. It is provided "as is" without express or implied warranty. */ +/* $FreeBSD$ */ /* * list and update contents of srvtab files @@ -228,7 +229,7 @@ get_svc_new_key(des_cblock *new_key, char *sname, char *sinst, memset(new_key, 0, sizeof(des_cblock)); (*new_key)[0] = (unsigned char) 1; #else /* NOENCRYPTION */ - des_new_random_key(new_key); + des_random_key(*new_key); #endif /* NOENCRYPTION */ return(KADM_SUCCESS); } @@ -494,17 +495,6 @@ main(int argc, char **argv) printf("Not changing this key.\n"); if (change_this_key) { - /* - * This is not a good choice of seed when/if the - * key has been compromised so we also use a - * random sequence number! - */ - des_init_random_number_generator(&old_key); - { - des_cblock seqnum; - des_generate_random_block(&seqnum); - des_set_sequence_number((unsigned char *)&seqnum); - } /* * Pick a new key and determine whether or not * it is safe to change diff --git a/crypto/kerberosIV/kadmin/ksrvutil_get.c b/crypto/kerberosIV/kadmin/ksrvutil_get.c index a08b10d1417f..dc7b6c0ae564 100644 --- a/crypto/kerberosIV/kadmin/ksrvutil_get.c +++ b/crypto/kerberosIV/kadmin/ksrvutil_get.c @@ -30,6 +30,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ +/* $FreeBSD$ */ #include "kadm_locl.h" #include "ksrvutil.h" @@ -82,11 +83,6 @@ get_admin_password(char *myname, char *myinst, char *myrealm) status = krb_get_pw_in_tkt(myname, myinst, myrealm, PWSERV_NAME, KADM_SINST, ticket_life, admin_passwd); memset(admin_passwd, 0, sizeof(admin_passwd)); - - /* Initialize non shared random sequence from session key. */ - memset(&c, 0, sizeof(c)); - krb_get_cred(PWSERV_NAME, KADM_SINST, myrealm, &c); - des_init_random_number_generator(&c.session); } else status = KDC_PR_UNKNOWN; @@ -190,7 +186,7 @@ get_srvtab_ent(int unique_filename, int fd, char *filename, memset(&values, 0, sizeof(values)); strlcpy(values.name, name, sizeof(values.name)); strlcpy(values.instance, inst, sizeof(values.instance)); - des_new_random_key(&newkey); + des_random_key(newkey); values.key_low = (newkey[0] << 24) | (newkey[1] << 16) | (newkey[2] << 8) | (newkey[3] << 0); values.key_high = (newkey[4] << 24) | (newkey[5] << 16) @@ -295,9 +291,7 @@ ksrvutil_kadm(int unique_filename, int fd, char *filename, struct srv_ent *p) } ret = krb_get_cred (PWSERV_NAME, KADM_SINST, u_realm, &c); - if (ret == KSUCCESS) - des_init_random_number_generator (&c.session); - else { + if (ret != KSUCCESS) { umask(077); /* diff --git a/crypto/kerberosIV/kadmin/random_password.c b/crypto/kerberosIV/kadmin/random_password.c index ec8309ecaf5c..ca9855a93830 100644 --- a/crypto/kerberosIV/kadmin/random_password.c +++ b/crypto/kerberosIV/kadmin/random_password.c @@ -30,6 +30,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ +/* $FreeBSD$ */ #include "kadm_locl.h" @@ -57,7 +58,7 @@ random_password(char *pw, size_t len, u_int32_t *low, u_int32_t *high) { des_cblock newkey; #ifdef OTP_STYLE - des_new_random_key(&newkey); + des_random_key(&newkey); otp_print_stddict (newkey, pw, len); strlwr(pw); #else @@ -87,7 +88,7 @@ static int RND(des_cblock *key, int *left) { if(*left == 0){ - des_new_random_key(key); + des_random_key(*key); *left = 8; } (*left)--; diff --git a/crypto/kerberosIV/server/kerberos.c b/crypto/kerberosIV/server/kerberos.c index 9e0d9b30c31b..f4ffbc1dd58a 100644 --- a/crypto/kerberosIV/server/kerberos.c +++ b/crypto/kerberosIV/server/kerberos.c @@ -334,7 +334,7 @@ kerberos(unsigned char *buf, int len, life = min(life, s_name.max_life); life = min(life, a_name.max_life); - des_new_random_key(&session); + des_random_key(session); copy_to_key(&s_name.key_low, &s_name.key_high, key); unseal(&key); krb_create_ticket(tk, flags, a_name.name, a_name.instance, @@ -428,7 +428,7 @@ kerberos(unsigned char *buf, int len, life = min(life, s_name.max_life); copy_to_key(&s_name.key_low, &s_name.key_high, key); unseal(&key); - des_new_random_key(&session); + des_random_key(session); krb_create_ticket(tk, flags, ad.pname, ad.pinst, ad.prealm, client->sin_addr.s_addr, &session, life, kerb_time.tv_sec, @@ -860,7 +860,6 @@ main(int argc, char **argv) fprintf(stdout, "\nCurrent Kerberos master key version is %d\n", master_key_version); - des_init_random_number_generator(&master_key); if (!rflag) { /* Look up our local realm */ diff --git a/crypto/openssl/crypto/des/rnd_keys.c b/crypto/openssl/crypto/des/rnd_keys.c deleted file mode 100644 index c2626c4839eb..000000000000 --- a/crypto/openssl/crypto/des/rnd_keys.c +++ /dev/null @@ -1,444 +0,0 @@ -/* - * Copyright (c) 1995, 1996, 1997, 1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * $Id$ - * $FreeBSD$ - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#ifndef RETSIGTYPE -#define RETSIGTYPE void -#define SIGRETURN(x) return -#else -#define SIGRETURN(x) return (RETSIGTYPE)(x) -#endif - -/* - * Generate "random" data by checksumming a file. - * - * Returns -1 if there were any problems with permissions or I/O - * errors. - */ -static -int -sumFile (const char *name, int len, void *res) -{ - u_int32_t sum[2]; - u_int32_t buf[1024*2]; - int fd, i; - - fd = open (name, 0); - if (fd < 0) - return -1; - - while (len > 0) - { - int n = read(fd, buf, sizeof(buf)); - if (n < 0) - { - close(fd); - return n; - } - for (i = 0; i < (n/sizeof(buf[0])); i++) - { - sum[0] += buf[i]; - i++; - sum[1] += buf[i]; - } - len -= n; - } - close (fd); - memcpy (res, &sum, sizeof(sum)); - return 0; -} - -/* - * Create a sequence of random 64 bit blocks. - * The sequence is indexed with a long long and - * based on an initial des key used as a seed. - */ -static des_key_schedule sequence_seed; -static u_int32_t sequence_index[2]; - -/* - * Random number generator based on ideas from truerand in cryptolib - * as described on page 424 in Applied Cryptography 2 ed. by Bruce - * Schneier. - */ - -static volatile int counter; -static volatile unsigned char *gdata; /* Global data */ -static volatile int igdata; /* Index into global data */ -static int gsize; - -#if !defined(WIN32) && !defined(__EMX__) && !defined(__OS2__) && !defined(__CYGWIN32__) -/* Visual C++ 4.0 (Windows95/NT) */ - -static -RETSIGTYPE -sigALRM(int sig) -{ - if (igdata < gsize) - gdata[igdata++] ^= counter & 0xff; - -#ifndef HAVE_SIGACTION - signal(SIGALRM, sigALRM); /* Reinstall SysV signal handler */ -#endif - SIGRETURN(0); -} - -#endif - -#if !defined(HAVE_RANDOM) && defined(HAVE_RAND) -#ifndef srandom -#define srandom srand -#endif -#ifndef random -#define random rand -#endif -#endif - -static void -des_not_rand_data(unsigned char *data, int size) -{ - int i; - - srandom (time (NULL)); - - for(i = 0; i < size; ++i) - data[i] ^= random() % 0x100; -} - -#if !defined(WIN32) && !defined(__EMX__) && !defined(__OS2__) && !defined(__CYGWIN32__) - -#ifndef HAVE_SETITIMER -static void -pacemaker(struct timeval *tv) -{ - fd_set fds; - pid_t pid; - pid = getppid(); - while(1){ - FD_ZERO(&fds); - FD_SET(0, &fds); - select(1, &fds, NULL, NULL, tv); - kill(pid, SIGALRM); - } -} -#endif - -#ifdef HAVE_SIGACTION -/* XXX ugly hack, should perhaps use function from roken */ -static RETSIGTYPE -(*fake_signal(int sig, RETSIGTYPE (*f)(int)))(int) -{ - struct sigaction sa, osa; - sa.sa_handler = f; - sa.sa_flags = 0; - sigemptyset(&sa.sa_mask); - sigaction(sig, &sa, &osa); - return osa.sa_handler; -} -#define signal(S, F) fake_signal((S), (F)) -#endif - -/* - * Generate size bytes of "random" data using timed interrupts. - * It takes about 40ms/byte random data. - * It's not neccessary to be root to run it. - */ -void -des_rand_data(unsigned char *data, int size) -{ - struct itimerval tv; -#ifdef HAVE_SETITIMER - struct itimerval otv; -#endif - RETSIGTYPE (*osa)(int); - int i, j; -#ifndef HAVE_SETITIMER - RETSIGTYPE (*ochld)(int); - pid_t pid; -#endif - char *rnd_devices[] = {"/dev/random", - "/dev/srandom", - "/dev/urandom", - NULL}; - char **p; - - for(p = rnd_devices; *p; p++) { - int fd = open(*p, O_RDONLY | O_NDELAY); - - if(fd >= 0 && read(fd, data, size) == size) { - close(fd); - return; - } - close(fd); - } - - /* Paranoia? Initialize data from /dev/mem if we can read it. */ - if (size >= 8) - sumFile("/dev/mem", (1024*1024*2), data); - - gdata = data; - gsize = size; - igdata = 0; - - osa = signal(SIGALRM, sigALRM); - - /* Start timer */ - tv.it_value.tv_sec = 0; - tv.it_value.tv_usec = 10 * 1000; /* 10 ms */ - tv.it_interval = tv.it_value; -#ifdef HAVE_SETITIMER - setitimer(ITIMER_REAL, &tv, &otv); -#else - ochld = signal(SIGCHLD, SIG_IGN); - pid = fork(); - if(pid == -1){ - signal(SIGCHLD, ochld != SIG_ERR ? ochld : SIG_DFL); - des_not_rand_data(data, size); - return; - } - if(pid == 0) - pacemaker(&tv.it_interval); -#endif - - for(i = 0; i < 4; i++) { - for (igdata = 0; igdata < size;) /* igdata++ in sigALRM */ - counter++; - for (j = 0; j < size; j++) /* Only use 2 bits each lap */ - gdata[j] = (gdata[j]>>2) | (gdata[j]<<6); - } -#ifdef HAVE_SETITIMER - setitimer(ITIMER_REAL, &otv, 0); -#else - kill(pid, SIGKILL); - while(waitpid(pid, NULL, 0) != pid); - signal(SIGCHLD, ochld != SIG_ERR ? ochld : SIG_DFL); -#endif - signal(SIGALRM, osa != SIG_ERR ? osa : SIG_DFL); -} -#else -void -des_rand_data(unsigned char *p, int s) -{ - des_not_rand_data (p, s); -} -#endif - -void -des_generate_random_block(des_cblock *block) -{ - des_rand_data((unsigned char *)block, sizeof(*block)); -} - -/* - * Generate a "random" DES key. - */ -void -des_rand_data_key(des_cblock *key) -{ - unsigned char data[8]; - des_key_schedule sched; - do { - des_rand_data(data, sizeof(data)); - des_rand_data((unsigned char*)key, sizeof(des_cblock)); - des_set_odd_parity(key); - des_key_sched(key, sched); - des_ecb_encrypt(&data, key, sched, DES_ENCRYPT); - memset(&data, 0, sizeof(data)); - memset(&sched, 0, sizeof(sched)); - des_set_odd_parity(key); - } while(des_is_weak_key(key)); -} - -/* - * Generate "random" data by checksumming /dev/mem - * - * It's neccessary to be root to run it. Returns -1 if there were any - * problems with permissions. - */ -int -des_mem_rand8(unsigned char *data) -{ - return 1; -} - -/* - * In case the generator does not get initialized use this as fallback. - */ -static int initialized; - -static void -do_initialize(void) -{ - des_cblock default_seed; - do { - des_generate_random_block(&default_seed); - des_set_odd_parity(&default_seed); - } while (des_is_weak_key(&default_seed)); - des_init_random_number_generator(&default_seed); -} - -#define zero_long_long(ll) do { ll[0] = ll[1] = 0; } while (0) - -#define incr_long_long(ll) do { if (++ll[0] == 0) ++ll[1]; } while (0) - -#define set_sequence_number(ll) \ -memcpy((char *)sequence_index, (ll), sizeof(sequence_index)); - -/* - * Set the sequnce number to this value (a long long). - */ -void -des_set_sequence_number(unsigned char *ll) -{ - set_sequence_number(ll); -} - -/* - * Set the generator seed and reset the sequence number to 0. - */ -void -des_set_random_generator_seed(des_cblock *seed) -{ - des_key_sched(seed, sequence_seed); - zero_long_long(sequence_index); - initialized = 1; -} - -/* - * Generate a sequence of random des keys - * using the random block sequence, fixup - * parity and skip weak keys. - */ -int -des_new_random_key(des_cblock *key) -{ - if (!initialized) - do_initialize(); - - do { - des_ecb_encrypt((des_cblock *) sequence_index, - key, - sequence_seed, - DES_ENCRYPT); - incr_long_long(sequence_index); - /* random key must have odd parity and not be weak */ - des_set_odd_parity(key); - } while (des_is_weak_key(key)); - return(0); -} - -/* - * des_init_random_number_generator: - * - * Initialize the sequence of random 64 bit blocks. The input seed - * can be a secret key since it should be well hidden and is also not - * kept. - * - */ -void -des_init_random_number_generator(des_cblock *seed) -{ - struct timeval now; - des_cblock uniq; - des_cblock new_key; - - gettimeofday(&now, (struct timezone *)0); - des_generate_random_block(&uniq); - - /* Pick a unique random key from the shared sequence. */ - des_set_random_generator_seed(seed); - set_sequence_number((unsigned char *)&uniq); - des_new_random_key(&new_key); - - /* Select a new nonshared sequence, */ - des_set_random_generator_seed(&new_key); - - /* and use the current time to pick a key for the new sequence. */ - set_sequence_number((unsigned char *)&now); - des_new_random_key(&new_key); - des_set_random_generator_seed(&new_key); -} - -#ifdef TESTRUN -int -main() -{ - unsigned char data[8]; - int i; - - while (1) - { - if (sumFile("/dev/mem", (1024*1024*8), data) != 0) - { perror("sumFile"); exit(1); } - for (i = 0; i < 8; i++) - printf("%02x", data[i]); - printf("\n"); - } -} -#endif - -#ifdef TESTRUN2 -int -main() -{ - des_cblock data; - int i; - - while (1) - { - do_initialize(); - des_random_key(data); - for (i = 0; i < 8; i++) - printf("%02x", data[i]); - printf("\n"); - } -} -#endif diff --git a/crypto/telnet/libtelnet/enc_des.c b/crypto/telnet/libtelnet/enc_des.c index 5ac693b80b3b..cb70b5777e56 100644 --- a/crypto/telnet/libtelnet/enc_des.c +++ b/crypto/telnet/libtelnet/enc_des.c @@ -54,7 +54,6 @@ static const char sccsid[] = "@(#)enc_des.c 8.3 (Berkeley) 5/30/95"; #include "misc-proto.h" extern int encrypt_debug_mode; -void des_set_random_generator_seed(des_cblock *); /* XXX */ #define CFB 0 #define OFB 1 @@ -75,7 +74,6 @@ struct fb { int need_start; int state[2]; int keyid[2]; - int once; struct stinfo { Block str_output; Block str_feed; @@ -211,7 +209,7 @@ fb64_start(struct fb *fbp, int dir, int server __unused) /* * Create a random feed and send it over. */ - des_new_random_key((Block *)fbp->temp_feed); + des_random_key((Block *)fbp->temp_feed); des_ecb_encrypt((Block *)fbp->temp_feed, (Block *)fbp->temp_feed, fbp->krbdes_sched, 1); p = fbp->fb_feed + 3; @@ -397,10 +395,6 @@ fb64_session(Session_Key *key, int server, struct fb *fbp) fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_ENCRYPT-1]); fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_DECRYPT-1]); - if (fbp->once == 0) { - des_set_random_generator_seed((Block *)fbp->krbdes_key); - fbp->once = 1; - } des_key_sched((Block *)fbp->krbdes_key, fbp->krbdes_sched); /* * Now look to see if krbdes_start() was was waiting for diff --git a/crypto/telnet/libtelnet/kerberos.c b/crypto/telnet/libtelnet/kerberos.c index 39b2dd5c77c5..2380c27daa5e 100644 --- a/crypto/telnet/libtelnet/kerberos.c +++ b/crypto/telnet/libtelnet/kerberos.c @@ -207,8 +207,7 @@ kerberos4_send(Authenticator *ap) register int i; des_key_sched(&cred.session, sched); - des_init_random_number_generator(&cred.session); - des_new_random_key(&session_key); + des_random_key(&session_key); des_ecb_encrypt(&session_key, &session_key, sched, 0); des_ecb_encrypt(&session_key, &challenge, sched, 0); /* @@ -299,11 +298,6 @@ kerberos4_is(Authenticator *ap, unsigned char *data, int cnt) break; } - /* - * Initialize the random number generator since it's - * used later on by the encryption routine. - */ - des_init_random_number_generator(&session_key); des_key_sched(&session_key, sched); memmove((void *)datablock, (void *)data, sizeof(Block)); /* diff --git a/secure/lib/libcrypto/Makefile b/secure/lib/libcrypto/Makefile index 887f74262aa1..35dadb39bed3 100644 --- a/secure/lib/libcrypto/Makefile +++ b/secure/lib/libcrypto/Makefile @@ -60,7 +60,7 @@ SRCS+= conf_api.c conf_def.c conf_err.c conf_lib.c conf_mall.c conf_mod.c conf_s SRCS+= cbc3_enc.c cbc_cksm.c cbc_enc.c cfb64ede.c cfb64enc.c cfb_enc.c \ des_enc.c des_old.c des_old2.c ecb3_enc.c ecb_enc.c ede_cbcm_enc.c \ enc_read.c enc_writ.c fcrypt.c fcrypt_b.c ofb64ede.c ofb64enc.c \ - ofb_enc.c pcbc_enc.c qud_cksm.c rand_key.c read2pwd.c rnd_keys.c \ + ofb_enc.c pcbc_enc.c qud_cksm.c rand_key.c read2pwd.c \ rpc_enc.c set_key.c str2key.c xcbc_enc.c # dh