[krbdev.mit.edu #9032] git commit

Tue Oct 12 11:07:17 EDT 2021

Tue Oct 12 11:07:17 2021: Request 9032 was acted upon.
 Transaction: Ticket created by ghudson at mit.edu
       Queue: krb5
     Subject: git commit
       Owner: ghudson at mit.edu
  Requestors: 
      Status: new
 Ticket <URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=9032 >

Always use platform PRNG

Remove the fortuna and device PRNG modules and PRNG modularity, and
move the prng_os implementation into prng.c.  Remove the crypto_mod.h
requirement to implement failure-free AES256 and SHA256.  Deprecate
krb5_c_random_add_entropy() and krb5_c_random_os_entropy() and remove
their call sites.  Deprecate and ignore the -W (weak random) option to
kadmind and kdb5_util create, and stop using it in the test suite.

https://github.com/krb5/krb5/commit/c5b413c3d59725c4e3c9b041e480f102f2188c63
Author: Greg Hudson <ghudson at mit.edu>
Commit: c5b413c3d59725c4e3c9b041e480f102f2188c63
Branch: master
 .gitignore                              |    5 -
 doc/build/options2configure.rst         |    5 -
 doc/mitK5features.rst                   |    7 -
 doc/notice.rst                          |   30 --
 doc/thread-safe.txt                     |    7 -
 src/config/pre.in                       |    1 -
 src/config/win-pre.in                   |    1 -
 src/configure.ac                        |   12 -
 src/include/krb5/krb5.hin               |   58 +----
 src/kadmin/dbutil/kdb5_create.c         |   10 +-
 src/kadmin/server/ovsec_kadmd.c         |    9 +-
 src/kdc/dispatch.c                      |   31 --
 src/kdc/main.c                          |   17 --
 src/lib/crypto/builtin/crypto_mod.h     |    3 -
 src/lib/crypto/crypto_tests/Makefile.in |   10 +-
 src/lib/crypto/crypto_tests/t_prng.c    |   90 ------
 src/lib/crypto/krb/Makefile.in          |   14 -
 src/lib/crypto/krb/crypto_int.h         |   42 +---
 src/lib/crypto/krb/crypto_libinit.c     |    5 -
 src/lib/crypto/krb/prng.c               |   37 ++-
 src/lib/crypto/krb/prng_device.c        |   99 -------
 src/lib/crypto/krb/prng_fortuna.c       |  470 -------------------------------
 src/lib/crypto/krb/prng_os.c            |   72 -----
 src/lib/crypto/krb/t_fortuna.c          |  179 ------------
 src/lib/crypto/krb/t_fortuna.expected   |    9 -
 src/lib/crypto/libk5crypto.exports      |    5 -
 src/lib/crypto/openssl/Makefile.in      |    9 +-
 src/lib/crypto/openssl/crypto_mod.h     |    7 -
 src/lib/crypto/openssl/stubs.c          |   69 -----
 src/lib/krb5/krb/gen_save_subkey.c      |   15 -
 src/lib/krb5/krb/gen_seqnum.c           |   14 -
 src/lib/krb5/krb/gen_subkey.c           |   17 --
 src/lib/krb5/krb/init_ctx.c             |   17 --
 src/lib/krb5/krb/sendauth.c             |   23 --
 src/tests/t_iprop.py                    |    2 +-
 src/util/k5test.py                      |    4 +-
 36 files changed, 51 insertions(+), 1354 deletions(-)