krb5 commit: Always use platform PRNG
Greg Hudson
ghudson at mit.edu
Tue Oct 12 11:07:08 EDT 2021
https://github.com/krb5/krb5/commit/c5b413c3d59725c4e3c9b041e480f102f2188c63
commit c5b413c3d59725c4e3c9b041e480f102f2188c63
Author: Greg Hudson <ghudson at mit.edu>
Date: Mon Sep 27 13:38:10 2021 -0400
Always use platform PRNG
Remove the fortuna and device PRNG modules and PRNG modularity, and
move the prng_os implementation into prng.c. Remove the crypto_mod.h
requirement to implement failure-free AES256 and SHA256. Deprecate
krb5_c_random_add_entropy() and krb5_c_random_os_entropy() and remove
their call sites. Deprecate and ignore the -W (weak random) option to
kadmind and kdb5_util create, and stop using it in the test suite.
ticket: 9032 (new)
.gitignore | 5 -
doc/build/options2configure.rst | 5 -
doc/mitK5features.rst | 7 -
doc/notice.rst | 30 --
doc/thread-safe.txt | 7 -
src/config/pre.in | 1 -
src/config/win-pre.in | 1 -
src/configure.ac | 12 -
src/include/krb5/krb5.hin | 58 +----
src/kadmin/dbutil/kdb5_create.c | 10 +-
src/kadmin/server/ovsec_kadmd.c | 9 +-
src/kdc/dispatch.c | 31 --
src/kdc/main.c | 17 --
src/lib/crypto/builtin/crypto_mod.h | 3 -
src/lib/crypto/crypto_tests/Makefile.in | 10 +-
src/lib/crypto/crypto_tests/t_prng.c | 90 ------
src/lib/crypto/krb/Makefile.in | 14 -
src/lib/crypto/krb/crypto_int.h | 42 +---
src/lib/crypto/krb/crypto_libinit.c | 5 -
src/lib/crypto/krb/prng.c | 37 ++-
src/lib/crypto/krb/prng_device.c | 99 -------
src/lib/crypto/krb/prng_fortuna.c | 470 -------------------------------
src/lib/crypto/krb/prng_os.c | 72 -----
src/lib/crypto/krb/t_fortuna.c | 179 ------------
src/lib/crypto/krb/t_fortuna.expected | 9 -
src/lib/crypto/libk5crypto.exports | 5 -
src/lib/crypto/openssl/Makefile.in | 9 +-
src/lib/crypto/openssl/crypto_mod.h | 7 -
src/lib/crypto/openssl/stubs.c | 69 -----
src/lib/krb5/krb/gen_save_subkey.c | 15 -
src/lib/krb5/krb/gen_seqnum.c | 14 -
src/lib/krb5/krb/gen_subkey.c | 17 --
src/lib/krb5/krb/init_ctx.c | 17 --
src/lib/krb5/krb/sendauth.c | 23 --
src/tests/t_iprop.py | 2 +-
src/util/k5test.py | 4 +-
36 files changed, 51 insertions(+), 1354 deletions(-)
diff --git a/.gitignore b/.gitignore
index a1ba832..8a10057 100644
--- a/.gitignore
+++ b/.gitignore
@@ -292,17 +292,12 @@ local.properties
/src/lib/crypto/crypto_tests/t_nfold
/src/lib/crypto/crypto_tests/t_prf
/src/lib/crypto/crypto_tests/t_prf.output
-/src/lib/crypto/crypto_tests/t_prng
-/src/lib/crypto/crypto_tests/t_prng.output
/src/lib/crypto/crypto_tests/t_sha2
/src/lib/crypto/crypto_tests/t_short
/src/lib/crypto/crypto_tests/t_str2key
/src/lib/crypto/crypto_tests/vk.txt
/src/lib/crypto/crypto_tests/vt.txt
-/src/lib/crypto/krb/t_fortuna
-/src/lib/crypto/krb/t_fortuna.output
-
/src/lib/gssapi/merged-gssapi-header.h
/src/lib/gssapi/generic/errmap.h
diff --git a/doc/build/options2configure.rst b/doc/build/options2configure.rst
index 8606107..9e355dc 100644
--- a/doc/build/options2configure.rst
+++ b/doc/build/options2configure.rst
@@ -337,11 +337,6 @@ Optional packages
implemented crypto backend is ``openssl``. (See
:ref:`mitK5features`)
-**-**\ **-with-prng-alg=**\ *ALG*
- Use specified PRNG algorithm. For example, to use the OS native
- prng specify ``--with-prng-alg=os``. The default is ``fortuna``.
- (See :ref:`mitK5features`)
-
**-**\ **-without-libedit**
Do not compile and link against libedit. Some utilities will no
longer offer command history or completion in interactive mode if
diff --git a/doc/mitK5features.rst b/doc/mitK5features.rst
index 4954bb3..afaf531 100644
--- a/doc/mitK5features.rst
+++ b/doc/mitK5features.rst
@@ -606,10 +606,3 @@ User experience:
- S4U-X509-USER (release 1.8) https://msdn.microsoft.com/en-us/library/cc246091
- OTP (release 1.12) :ref:`otp_preauth`
- SPAKE (release 1.17) :ref:`spake`
-
-`PRNG`
-
-- modularity (release 1.9)
-- Yarrow PRNG (release < 1.10)
-- Fortuna PRNG (release 1.9) https://www.schneier.com/book-practical.html
-- OS PRNG (release 1.10) OS's native PRNG
diff --git a/doc/notice.rst b/doc/notice.rst
index 1c96e11..a9630d6 100644
--- a/doc/notice.rst
+++ b/doc/notice.rst
@@ -727,36 +727,6 @@ have the following copyright and permission notice:
-------------------
-Portions of the implementation of the Fortuna-like PRNG are subject to
-the following notice:
-
- | Copyright |copy| 2005 Marko Kreen
- | All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions
- are met:
-
- 1. Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimer.
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" AND
- ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- SUCH DAMAGE.
-
-..
-
Copyright |copy| 1994 by the University of Southern California
EXPORT OF THIS SOFTWARE from the United States of America may
diff --git a/doc/thread-safe.txt b/doc/thread-safe.txt
index 2aa49cf..d6c8c6e 100644
--- a/doc/thread-safe.txt
+++ b/doc/thread-safe.txt
@@ -116,11 +116,6 @@ trees, and a mutex to protect it.
libk5crypto
-Uses of the Yarrow code from the krb5 crypto interface are protected
-by a single mutex. Initialization of the Yarrow state will be done
-once, the first time these routines are called. Calls directly to the
-Yarrow functions are not protected.
-
Uses ctype macros; what happens if the locale is changed in a
multi-threaded program?
@@ -128,8 +123,6 @@ Debug var in pbkdf2.c.
Statics: pbkdf2.c: debug variable.
-Statics: prng.c: Global Yarrow data and mutex.
-
Statics: crypto_libinit.c: library initializer aux data.
----------------
diff --git a/src/config/pre.in b/src/config/pre.in
index 5b648dd..13f95c6 100644
--- a/src/config/pre.in
+++ b/src/config/pre.in
@@ -405,7 +405,6 @@ RUN_TEST=$(RUN_SETUP) KRB5_CONFIG=$(top_srcdir)/config-files/krb5.conf \
# Crypto and PRNG back-end selections
CRYPTO_IMPL = @CRYPTO_IMPL@
-PRNG_ALG = @PRNG_ALG@
# TLS implementation selection
TLS_IMPL = @TLS_IMPL@
diff --git a/src/config/win-pre.in b/src/config/win-pre.in
index 0e696e2..9158532 100644
--- a/src/config/win-pre.in
+++ b/src/config/win-pre.in
@@ -210,7 +210,6 @@ MAKE=-$(MAKE)
!endif
CRYPTO_IMPL = builtin
-PRNG_ALG = fortuna
CFLAGS = $(CCOPTS)
ALL_CFLAGS = $(DEFS) $(DEFINES) $(LOCALINCLUDES) $(CPPFLAGS) $(CFLAGS)
diff --git a/src/configure.ac b/src/configure.ac
index d7b7a74..a244f95 100644
--- a/src/configure.ac
+++ b/src/configure.ac
@@ -285,18 +285,6 @@ AC_SUBST(CRYPTO_IMPL)
AC_SUBST(CRYPTO_IMPL_CFLAGS)
AC_SUBST(CRYPTO_IMPL_LIBS)
-AC_ARG_WITH([prng-alg],
- [AS_HELP_STRING([--with-prng-alg=ALG],
- [use specified PRNG algorithm. @<:@fortuna@:>@])],
- [PRNG_ALG=$withval
- AC_MSG_NOTICE(k5crypto will use '$withval')],
- [PRNG_ALG=fortuna])
-AC_CONFIG_COMMANDS(PRNG_ALG, , PRNG_ALG=$PRNG_ALG)
-AC_SUBST(PRNG_ALG)
-if test "$PRNG_ALG" = fortuna; then
- AC_DEFINE(FORTUNA,1,[Define if Fortuna PRNG is selected])
-fi
-
# WITH_TLS_IMPL
AC_ARG_WITH([tls-impl],
diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin
index 7017837..d083b92 100644
--- a/src/include/krb5/krb5.hin
+++ b/src/include/krb5/krb5.hin
@@ -464,27 +464,14 @@ typedef struct _krb5_crypto_iov {
#define CKSUMTYPE_MD5_HMAC_ARCFOUR -137 /* Microsoft netlogon */
#define CKSUMTYPE_HMAC_MD5_ARCFOUR -138 /**< RFC 4757 */
-/*
- * The following are entropy source designations. Whenever
- * krb5_C_random_add_entropy is called, one of these source ids is passed in.
- * This allows the library to better estimate bits of entropy in the sample and
- * to keep track of what sources of entropy have contributed enough entropy.
- * Sources marked internal MUST NOT be used by applications outside the
- * Kerberos library
- */
-
+/* Constants for the deprecated krb5_c_random_add_entropy() */
enum {
- KRB5_C_RANDSOURCE_OLDAPI = 0, /*calls to krb5_C_RANDOM_SEED (INTERNAL)*/
- KRB5_C_RANDSOURCE_OSRAND = 1, /* /dev/random or equivalent (internal)*/
- KRB5_C_RANDSOURCE_TRUSTEDPARTY = 2, /* From KDC or other trusted party*/
- /*
- * This source should be used carefully; data in this category
- * should be from a third party trusted to give random bits
- * For example keys issued by the KDC in the application server.
- */
- KRB5_C_RANDSOURCE_TIMING = 3, /* Timing of operations*/
- KRB5_C_RANDSOURCE_EXTERNAL_PROTOCOL = 4, /*Protocol data possibly from attacker*/
- KRB5_C_RANDSOURCE_MAX = 5 /*Do not use; maximum source ID*/
+ KRB5_C_RANDSOURCE_OLDAPI = 0,
+ KRB5_C_RANDSOURCE_OSRAND = 1,
+ KRB5_C_RANDSOURCE_TRUSTEDPARTY = 2,
+ KRB5_C_RANDSOURCE_TIMING = 3,
+ KRB5_C_RANDSOURCE_EXTERNAL_PROTOCOL = 4,
+ KRB5_C_RANDSOURCE_MAX = 5
};
#ifndef krb5_roundup
@@ -765,19 +752,7 @@ krb5_error_code KRB5_CALLCONV
krb5_c_random_to_key(krb5_context context, krb5_enctype enctype,
krb5_data *random_data, krb5_keyblock *k5_random_key);
-/**
- * Add entropy to the pseudo-random number generator.
- *
- * @param [in] context Library context
- * @param [in] randsource Entropy source (see KRB5_RANDSOURCE types)
- * @param [in] data Data
- *
- * Contribute entropy to the PRNG used by krb5 crypto operations. This may or
- * may not affect the output of the next crypto operation requiring random
- * data.
- *
- * @retval 0 Success; otherwise - Kerberos error codes
- */
+/** @deprecated This call is no longer necessary. */
krb5_error_code KRB5_CALLCONV
krb5_c_random_add_entropy(krb5_context context, unsigned int randsource,
const krb5_data *data);
@@ -797,24 +772,11 @@ krb5_c_random_add_entropy(krb5_context context, unsigned int randsource,
krb5_error_code KRB5_CALLCONV
krb5_c_random_make_octets(krb5_context context, krb5_data *data);
-/**
- * Collect entropy from the OS if possible.
- *
- * @param [in] context Library context
- * @param [in] strong Strongest available source of entropy
- * @param [out] success 1 if OS provides entropy, 0 otherwise
- *
- * If @a strong is non-zero, this function attempts to use the strongest
- * available source of entropy. Setting this flag may cause the function to
- * block on some operating systems. Good uses include seeding the PRNG for
- * kadmind and realm setup.
- *
- * @retval 0 Success; otherwise - Kerberos error codes
- */
+/** @deprecated This call is no longer necessary. */
krb5_error_code KRB5_CALLCONV
krb5_c_random_os_entropy(krb5_context context, int strong, int *success);
-/** @deprecated Replaced by krb5_c_* API family. */
+/** @deprecated This call is no longer necessary. */
krb5_error_code KRB5_CALLCONV
krb5_c_random_seed(krb5_context context, krb5_data *data);
diff --git a/src/kadmin/dbutil/kdb5_create.c b/src/kadmin/dbutil/kdb5_create.c
index f9205f8..038a0b2 100644
--- a/src/kadmin/dbutil/kdb5_create.c
+++ b/src/kadmin/dbutil/kdb5_create.c
@@ -152,7 +152,6 @@ void kdb5_create(argc, argv)
krb5_data pwd, seed;
kdb_log_context *log_ctx;
krb5_kvno mkey_kvno;
- int strong_random = 1;
while ((optchar = getopt(argc, argv, "sW")) != -1) {
switch(optchar) {
@@ -160,7 +159,7 @@ void kdb5_create(argc, argv)
do_stash++;
break;
case 'W':
- strong_random = 0;
+ /* Ignore (deprecated weak random option). */
break;
case '?':
default:
@@ -178,13 +177,6 @@ void kdb5_create(argc, argv)
log_ctx = util_context->kdblog_context;
- printf(_("Loading random data\n"));
- retval = krb5_c_random_os_entropy (util_context, strong_random, NULL);
- if (retval) {
- com_err(progname, retval, _("Loading random data"));
- exit_status++; return;
- }
-
/* assemble & parse the master key name */
if ((retval = krb5_db_setup_mkey_name(util_context,
diff --git a/src/kadmin/server/ovsec_kadmd.c b/src/kadmin/server/ovsec_kadmd.c
index 2a386a7..b29a0f5 100644
--- a/src/kadmin/server/ovsec_kadmd.c
+++ b/src/kadmin/server/ovsec_kadmd.c
@@ -349,7 +349,7 @@ main(int argc, char *argv[])
const char *pid_file = NULL;
char **db_args = NULL, **tmpargs;
const char *acl_file;
- int ret, i, db_args_size = 0, strong_random = 1, proponly = 0;
+ int ret, i, db_args_size = 0, proponly = 0;
setlocale(LC_ALL, "");
setvbuf(stderr, NULL, _IONBF, 0);
@@ -408,7 +408,7 @@ main(int argc, char *argv[])
usage();
pid_file = *argv;
} else if (strcmp(*argv, "-W") == 0) {
- strong_random = 0;
+ /* Ignore (deprecated weak random option). */
} else if (strcmp(*argv, "-p") == 0) {
argc--, argv++;
if (!argc)
@@ -522,11 +522,6 @@ main(int argc, char *argv[])
if (ret)
fail_to_start(ret, _("initializing"));
- krb5_klog_syslog(LOG_INFO, _("Seeding random number generator"));
- ret = krb5_c_random_os_entropy(context, strong_random, NULL);
- if (ret)
- fail_to_start(ret, _("getting random seed"));
-
if (params.iprop_enabled == TRUE) {
ulog_set_role(context, IPROP_PRIMARY);
diff --git a/src/kdc/dispatch.c b/src/kdc/dispatch.c
index 3ed5176..f24f5fd 100644
--- a/src/kdc/dispatch.c
+++ b/src/kdc/dispatch.c
@@ -33,8 +33,6 @@
#include <arpa/inet.h>
#include <string.h>
-static krb5_int32 last_usec = 0, last_os_random = 0;
-
static krb5_error_code make_too_big_error(kdc_realm_t *kdc_active_realm,
krb5_data **out);
@@ -90,34 +88,6 @@ finish_dispatch_cache(void *arg, krb5_error_code code, krb5_data *response)
finish_dispatch(state, code, response);
}
-static void
-reseed_random(krb5_context kdc_err_context)
-{
- krb5_error_code retval;
- krb5_timestamp now;
- krb5_int32 now_usec, usec_difference;
- krb5_data data;
-
- retval = krb5_crypto_us_timeofday(&now, &now_usec);
- if (retval == 0) {
- usec_difference = now_usec - last_usec;
- if (last_os_random == 0)
- last_os_random = now;
- /* Grab random data from OS every hour*/
- if (ts_delta(now, last_os_random) >= 60 * 60) {
- krb5_c_random_os_entropy(kdc_err_context, 0, NULL);
- last_os_random = now;
- }
-
- data.length = sizeof(krb5_int32);
- data.data = (void *)&usec_difference;
-
- krb5_c_random_add_entropy(kdc_err_context,
- KRB5_C_RANDSOURCE_TIMING, &data);
- last_usec = now_usec;
- }
-}
-
void
dispatch(void *cb, const krb5_fulladdr *local_addr,
const krb5_fulladdr *remote_addr, krb5_data *pkt, int is_tcp,
@@ -172,7 +142,6 @@ dispatch(void *cb, const krb5_fulladdr *local_addr,
* is currently being processed. */
kdc_insert_lookaside(kdc_err_context, pkt, NULL);
#endif
- reseed_random(kdc_err_context);
/* try TGS_REQ first; they are more common! */
diff --git a/src/kdc/main.c b/src/kdc/main.c
index d27d15f..7917ffb 100644
--- a/src/kdc/main.c
+++ b/src/kdc/main.c
@@ -62,7 +62,6 @@ static int nofork = 0;
static int workers = 0;
static int time_offset = 0;
static const char *pid_file = NULL;
-static int rkey_init_done = 0;
static volatile int signal_received = 0;
static volatile int sighup_received = 0;
@@ -409,22 +408,6 @@ init_realm(kdc_realm_t * rdp, krb5_pointer aprof, char *realm,
goto whoops;
}
- if (!rkey_init_done) {
- krb5_data seed;
- /*
- * If all that worked, then initialize the random key
- * generators.
- */
-
- seed.length = rdp->realm_mkey.length;
- seed.data = (char *)rdp->realm_mkey.contents;
-
- if ((kret = krb5_c_random_add_entropy(rdp->realm_context,
- KRB5_C_RANDSOURCE_TRUSTEDPARTY, &seed)))
- goto whoops;
-
- rkey_init_done = 1;
- }
whoops:
/*
* If we choked, then clean up any dirt we may have dropped on the floor.
diff --git a/src/lib/crypto/builtin/crypto_mod.h b/src/lib/crypto/builtin/crypto_mod.h
index f85e322..cb7f661 100644
--- a/src/lib/crypto/builtin/crypto_mod.h
+++ b/src/lib/crypto/builtin/crypto_mod.h
@@ -33,7 +33,4 @@
#ifndef CRYPTO_MOD_H
#define CRYPTO_MOD_H
-#include <aes/aes.h>
-#include <sha2/sha2.h>
-
#endif /* CRYPTO_MOD_H */
diff --git a/src/lib/crypto/crypto_tests/Makefile.in b/src/lib/crypto/crypto_tests/Makefile.in
index 0295ee1..1d4b184 100644
--- a/src/lib/crypto/crypto_tests/Makefile.in
+++ b/src/lib/crypto/crypto_tests/Makefile.in
@@ -7,7 +7,6 @@ EXTRADEPSRCS=\
$(srcdir)/t_encrypt.c \
$(srcdir)/t_decrypt.c \
$(srcdir)/t_prf.c \
- $(srcdir)/t_prng.c \
$(srcdir)/t_cmac.c \
$(srcdir)/t_hmac.c \
$(srcdir)/t_pkcs5.c \
@@ -27,7 +26,7 @@ EXTRADEPSRCS=\
##DOS##BUILDTOP = ..\..\..
-check-unix: t_nfold t_encrypt t_decrypt t_prf t_prng t_cmac t_hmac \
+check-unix: t_nfold t_encrypt t_decrypt t_prf t_cmac t_hmac \
t_cksums \
aes-test \
camellia-test \
@@ -36,7 +35,6 @@ check-unix: t_nfold t_encrypt t_decrypt t_prf t_prng t_cmac t_hmac \
$(RUN_TEST) ./t_nfold
$(RUN_TEST) ./t_encrypt
$(RUN_TEST) ./t_decrypt
- $(RUN_TEST) ./t_prng <$(srcdir)/t_prng.seed >t_prng.output
$(RUN_TEST) ./t_cmac
$(RUN_TEST) ./t_hmac
$(RUN_TEST) ./t_prf
@@ -71,9 +69,6 @@ t_decrypt$(EXEEXT): t_decrypt.$(OBJEXT) $(KRB5_BASE_DEPLIBS)
t_prf$(EXEEXT): t_prf.$(OBJEXT) $(KRB5_BASE_DEPLIBS)
$(CC_LINK) -o $@ t_prf.$(OBJEXT) $(KRB5_BASE_LIBS)
-t_prng$(EXEEXT): t_prng.$(OBJEXT) $(KRB5_BASE_DEPLIBS)
- $(CC_LINK) -o $@ t_prng.$(OBJEXT) $(KRB5_BASE_LIBS)
-
t_cmac$(EXEEXT): t_cmac.$(OBJEXT) $(KRB5_BASE_DEPLIBS)
$(CC_LINK) -o $@ t_cmac.$(OBJEXT) $(KRB5_BASE_LIBS)
@@ -133,7 +128,7 @@ t_cf2$(EXEEXT): t_cf2.$(OBJEXT) $(KRB5_BASE_DEPLIBS)
clean:
$(RM) t_nfold.o t_nfold t_encrypt t_encrypt.o \
- t_decrypt.o t_decrypt t_prng.o t_prng t_cmac.o t_cmac \
+ t_decrypt.o t_decrypt t_cmac.o t_cmac \
t_hmac.o t_hmac t_pkcs5.o t_pkcs5 pbkdf2.o t_prf t_prf.o \
aes-test.o aes-test vt.txt vk.txt kresults.out \
t_cts.o t_cts \
@@ -145,7 +140,6 @@ clean:
camellia-test camellia-test.o camellia-vt.txt \
t_cf2 t_cf2.o t_cf2.output
- -$(RM) t_prng.output
-$(RM) t_prf.output
@lib_frag@
diff --git a/src/lib/crypto/crypto_tests/t_prng.c b/src/lib/crypto/crypto_tests/t_prng.c
deleted file mode 100644
index 36b7b67..0000000
--- a/src/lib/crypto/crypto_tests/t_prng.c
+++ /dev/null
@@ -1,90 +0,0 @@
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/* lib/crypto/crypto_tests/t_prng.c */
-/*
- * Copyright (C) 2001 by the Massachusetts Institute of Technology.
- * All rights reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-/*
- * This file contains tests for the PRNG code in Kerberos. It reads
- * an input file, and writes an output file. It is assumed that the
- * output file will be diffed against expected output to see whether
- * regression tests pass. The input file has a very primitive format.
- * It is composed of alternating seeds and outputs. The first line in
- * the file is an integer source id from the krb5_c_randsource enum in
- * krb5.h. Then an integer seed length is read. Then that many bytes
- * (encoded in hex) are read; whitespace or newlines may be inserted
- * between bytes. Then after the seed data is an integer describing
- * how many bytes of output should be written. Then another source ID
- * and seed length is read. If the seed length is 0, the source id is
- * ignored and the seed is not seeded.
- */
-
-#include "k5-int.h"
-#include <assert.h>
-
-int main () {
- krb5_error_code ret;
- krb5_data input, output;
- unsigned int source_id, seed_length;
- unsigned int i;
- while (1) {
- /* Read source*/
- if (scanf ("%u", &source_id ) == EOF )
- break;
- /* Read seed length*/
- if (scanf ("%u", &seed_length) == EOF)
- break;
- if (seed_length ) {
- unsigned int lc;
- ret = alloc_data(&input, seed_length);
- assert(!ret);
- for (lc = seed_length; lc > 0; lc--) {
- scanf ("%2x", &i);
- input.data[seed_length-lc] = (unsigned) (i&0xff);
- }
- ret = krb5_c_random_add_entropy (0, source_id, &input);
- assert(!ret);
- free (input.data);
- input.data = NULL;
- }
- if (scanf ("%u", &i) == EOF)
- break;
- if (i) {
- ret = alloc_data(&output, i);
- assert(!ret);
- ret = krb5_c_random_make_octets (0, &output);
- if (ret)
- printf ("failed\n");
- else {
- for (; i > 0; i--) {
- printf ("%02x",
- (unsigned int) ((unsigned char ) output.data[output.length-i]));
- }
- printf ("\n");
- }
- free (output.data);
- output.data = NULL;
- }
- }
- return (0);
-}
diff --git a/src/lib/crypto/krb/Makefile.in b/src/lib/crypto/krb/Makefile.in
index b74e6f7..c5576b8 100644
--- a/src/lib/crypto/krb/Makefile.in
+++ b/src/lib/crypto/krb/Makefile.in
@@ -54,7 +54,6 @@ STLIBOBJS=\
prf_dk.o \
prf_rc4.o \
prng.o \
- prng_$(PRNG_ALG).o \
random_to_key.o \
s2k_pbkdf2.o \
s2k_rc4.o \
@@ -113,7 +112,6 @@ OBJS=\
$(OUTPRE)prf_dk.$(OBJEXT) \
$(OUTPRE)prf_rc4.$(OBJEXT) \
$(OUTPRE)prng.$(OBJEXT) \
- $(OUTPRE)prng_$(PRNG_ALG).$(OBJEXT) \
$(OUTPRE)random_to_key.$(OBJEXT) \
$(OUTPRE)s2k_pbkdf2.$(OBJEXT) \
$(OUTPRE)s2k_rc4.$(OBJEXT) \
@@ -172,7 +170,6 @@ SRCS=\
$(srcdir)/prf_dk.c \
$(srcdir)/prf_rc4.c \
$(srcdir)/prng.c \
- $(srcdir)/prng_$(PRNG_ALG).c \
$(srcdir)/cf2.c \
$(srcdir)/random_to_key.c \
$(srcdir)/s2k_pbkdf2.c \
@@ -180,7 +177,6 @@ SRCS=\
$(srcdir)/state.c \
$(srcdir)/string_to_cksumtype.c \
$(srcdir)/string_to_key.c \
- $(srcdir)/t_fortuna.c \
$(srcdir)/valid_cksumtype.c \
$(srcdir)/verify_checksum.c \
$(srcdir)/verify_checksum_iov.c
@@ -192,17 +188,7 @@ includes: depend
depend: $(SRCS)
-check-unix: t_fortuna
- if [ $(PRNG_ALG) = fortuna ]; then \
- $(RUN_TEST) ./t_fortuna > t_fortuna.output && \
- cmp t_fortuna.output $(srcdir)/t_fortuna.expected; \
- fi
-
-t_fortuna: t_fortuna.o $(SUPPORT_DEPLIB) $(CRYPTO_DEPLIB)
- $(CC_LINK) -o $@ t_fortuna.o $(K5CRYPTO_LIB) $(SUPPORT_LIB) $(LIBS)
-
clean-unix:: clean-libobjs
- $(RM) t_fortuna.o t_fortuna t_fortuna.output
@lib_frag@
@libobj_frag@
diff --git a/src/lib/crypto/krb/crypto_int.h b/src/lib/crypto/krb/crypto_int.h
index 6e1096e..862ccea 100644
--- a/src/lib/crypto/krb/crypto_int.h
+++ b/src/lib/crypto/krb/crypto_int.h
@@ -25,7 +25,7 @@
*/
/* This header is the entry point for libk5crypto sources, and also documents
- * requirements for crypto modules and PRNG modules. */
+ * requirements for crypto modules. */
#ifndef CRYPTO_INT_H
#define CRYPTO_INT_H
@@ -481,49 +481,11 @@ int krb5int_crypto_impl_init(void);
void krb5int_crypto_impl_cleanup(void);
/*
- * Modules must provide a crypto_mod.h header at the top level. To work with
- * the default PRNG module (prng_fortuna.c), crypto_mod.h must #define or
- * prototype the following symbols:
- *
- * aes_encrypt_ctx - Stack-allocatable type for an AES-256 key schedule
- * k5_aes_encrypt_key256(key, ctxptr) -- initialize an AES-256 key schedule
- * k5_aes_encrypt(in, out, ctxptr) -- encrypt a block
- * SHA256_CTX - Stack-allocatable type for a SHA-256 hash state
- * k5_sha256_init(ctxptr) - Initialize a hash state
- * k5_sha256_update(ctxptr, data, size) -- Hash some data
- * k5_sha256_final(ctxptr, out) -- Finalize a state, writing hash into out
- *
- * These functions must never fail on valid inputs, and contexts must remain
- * valid across forks. If the module cannot meet those constraints, then it
- * should provide its own PRNG module and the build system should ensure that
- * it is used.
- *
- * The function symbols named above are also in the library export list (so
- * they can be used by the t_fortuna.c test code), so even if the module
- * defines them away or doesn't work with Fortuna, the module must provide
- * stubs; see stubs.c in the openssl module for examples.
+ * Modules must provide a crypto_mod.h header at the top level.
*/
#include <crypto_mod.h>
-/*** PRNG module declarations ***/
-
-/*
- * PRNG modules must implement the following APIs from krb5.h:
- * krb5_c_random_add_entropy
- * krb5_c_random_make_octets
- * krb5_c_random_os_entropy
- *
- * PRNG modules should implement these functions. They are called from the
- * crypto library init and cleanup functions, and can be used to setup and tear
- * down static state without thread safety concerns.
- */
-int k5_prng_init(void);
-void k5_prng_cleanup(void);
-
-/* Used by PRNG modules to gather OS entropy. Returns true on success. */
-krb5_boolean k5_get_os_entropy(unsigned char *buf, size_t len, int strong);
-
/*** Inline helper functions ***/
/* Find an enctype by number in the enctypes table. */
diff --git a/src/lib/crypto/krb/crypto_libinit.c b/src/lib/crypto/krb/crypto_libinit.c
index 3b62ff5..ba52580 100644
--- a/src/lib/crypto/krb/crypto_libinit.c
+++ b/src/lib/crypto/krb/crypto_libinit.c
@@ -10,10 +10,6 @@ MAKE_FINI_FUNCTION(cryptoint_cleanup_library);
int cryptoint_initialize_library (void)
{
- int err;
- err = k5_prng_init();
- if (err)
- return err;
return krb5int_crypto_impl_init();
}
@@ -30,6 +26,5 @@ void cryptoint_cleanup_library (void)
{
if (!INITIALIZER_RAN(cryptoint_initialize_library))
return;
- k5_prng_cleanup();
krb5int_crypto_impl_cleanup();
}
diff --git a/src/lib/crypto/krb/prng.c b/src/lib/crypto/krb/prng.c
index cb9ca9b..d6b79e2 100644
--- a/src/lib/crypto/krb/prng.c
+++ b/src/lib/crypto/krb/prng.c
@@ -35,14 +35,12 @@ krb5_c_random_seed(krb5_context context, krb5_data *data)
/* Routines to get entropy from the OS. */
#if defined(_WIN32)
-krb5_boolean
-k5_get_os_entropy(unsigned char *buf, size_t len, int strong)
+static krb5_boolean
+get_os_entropy(unsigned char *buf, size_t len)
{
krb5_boolean result;
HCRYPTPROV provider;
- /* CryptGenRandom is always considered strong. */
-
if (!CryptAcquireContext(&provider, NULL, NULL, PROV_RSA_FULL,
CRYPT_VERIFYCONTEXT))
return FALSE;
@@ -95,10 +93,9 @@ cleanup:
return result;
}
-krb5_boolean
-k5_get_os_entropy(unsigned char *buf, size_t len, int strong)
+static krb5_boolean
+get_os_entropy(unsigned char *buf, size_t len)
{
- const char *device;
#if defined(__linux__) && defined(SYS_getrandom)
int r;
@@ -127,8 +124,30 @@ k5_get_os_entropy(unsigned char *buf, size_t len, int strong)
return TRUE;
#endif /* defined(__linux__) && defined(SYS_getrandom) */
- device = strong ? "/dev/random" : "/dev/urandom";
- return read_entropy_from_device(device, buf, len);
+ return read_entropy_from_device("/dev/urandom", buf, len);
}
#endif /* not Windows */
+
+krb5_error_code KRB5_CALLCONV
+krb5_c_random_make_octets(krb5_context context, krb5_data *outdata)
+{
+ krb5_boolean res;
+
+ res = get_os_entropy((uint8_t *)outdata->data, outdata->length);
+ return res ? 0 : KRB5_CRYPTO_INTERNAL;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_c_random_add_entropy(krb5_context context, unsigned int randsource,
+ const krb5_data *indata)
+{
+ return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_c_random_os_entropy(krb5_context context, int strong, int *success)
+{
+ *success = 0;
+ return 0;
+}
diff --git a/src/lib/crypto/krb/prng_device.c b/src/lib/crypto/krb/prng_device.c
deleted file mode 100644
index bef5b37..0000000
--- a/src/lib/crypto/krb/prng_device.c
+++ /dev/null
@@ -1,99 +0,0 @@
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/* lib/crypto/krb/prng_device.c - OS device-based PRNG implementation */
-/*
- * Copyright (C) 2011 by the Massachusetts Institute of Technology.
- * All rights reserved.
- *
- *
- * Export of this software from the United States of America may require
- * a specific license from the United States Government. It is the
- * responsibility of any person or organization contemplating export to
- * obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-/*
- * This file implements a PRNG module which relies on the system's /dev/urandom
- * device. An OS packager can select this module given sufficient confidence
- * in the operating system's native PRNG quality.
- */
-
-#include "crypto_int.h"
-
-#define DEVICE "/dev/urandom"
-
-static int fd = -1;
-
-int
-k5_prng_init(void)
-{
- /* Try to open the random device read-write; if that fails, read-only is
- * okay. */
- fd = open(DEVICE, O_RDWR, 0);
- if (fd == -1)
- fd = open(DEVICE, O_RDONLY, 0);
- if (fd == -1)
- return errno;
- return 0;
-}
-
-void
-k5_prng_cleanup(void)
-{
- close(fd);
- fd = -1;
-}
-
-krb5_error_code KRB5_CALLCONV
-krb5_c_random_add_entropy(krb5_context context, unsigned int randsource,
- const krb5_data *indata)
-{
- krb5_error_code ret;
-
- ret = krb5int_crypto_init();
- if (ret)
- return ret;
-
- /* Some random devices let user-space processes contribute entropy. Don't
- * worry if this fails. */
- (void)write(fd, indata->data, indata->length);
- return 0;
-}
-
-krb5_error_code KRB5_CALLCONV
-krb5_c_random_make_octets(krb5_context context, krb5_data *outdata)
-{
- char *buf = outdata->data;
- size_t len = outdata->length;
- ssize_t count;
-
- while (len > 0) {
- count = read(fd, buf, len);
- if (count == 0) /* Not expected from a random device. */
- return KRB5_CRYPTO_INTERNAL;
- if (count == -1)
- return errno;
- buf += count;
- len -= count;
- }
- return 0;
-}
-
-krb5_error_code KRB5_CALLCONV
-krb5_c_random_os_entropy(krb5_context context, int strong, int *success)
-{
- return 0;
-}
diff --git a/src/lib/crypto/krb/prng_fortuna.c b/src/lib/crypto/krb/prng_fortuna.c
deleted file mode 100644
index e73a501..0000000
--- a/src/lib/crypto/krb/prng_fortuna.c
+++ /dev/null
@@ -1,470 +0,0 @@
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/* lib/crypto/krb/prng_fortuna.c - Fortuna PRNG implementation */
-/*
- * Copyright (c) 2005 Marko Kreen
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-/*
- * Copyright (C) 2010, 2011 by the Massachusetts Institute of Technology.
- * All rights reserved.
- *
- *
- * Export of this software from the United States of America may require
- * a specific license from the United States Government. It is the
- * responsibility of any person or organization contemplating export to
- * obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-/*
- * This file implements the generator and accumulator parts of the Fortuna PRNG
- * as described in chapter 9 of _Cryptography Engineering_ by Ferguson,
- * Schneier, and Kohno.
- *
- * The generator, once seeded with an unguessable value, produces an unlimited
- * number of pseudo-random outputs which cannot be used to determine the
- * internal state of the generator (without an unreasonable amount of
- * computational power). The generator protects against the case where the OS
- * random number generator is not cryptographically secure, but can produce an
- * unguessable initial seed. Successive reseeds of the generator will not make
- * the internal state any more guessable than it was before.
- *
- * The accumulator is layered on top of the generator, and seeks to eventually
- * recover from the case where the OS random number generator did not produce
- * an unguessable initial seed. Unreliable entropy inputs are collected into
- * 32 pools, which are used to reseed the generator when enough entropy has
- * been collected. Each pool collects twice as much entropy between reseeds as
- * the previous one; eventually a reseed will occur involving a pool with
- * enough entropy that an attacker cannot maintain knowledge of the generator's
- * internal state. The accumulator is only helpful for a long-running process
- * such as a KDC which can submit periodic entropy inputs to the PRNG.
- */
-
-#include "crypto_int.h"
-
-/* The accumulator's number of pools. */
-#define NUM_POOLS 32
-
-/* Minimum reseed interval in microseconds. */
-#define RESEED_INTERVAL 100000 /* 0.1 sec */
-
-/* For one big request, change the key after this many bytes. */
-#define MAX_BYTES_PER_KEY (1 << 20)
-
-/* Reseed if pool 0 has had this many bytes added since last reseed. */
-#define MIN_POOL_LEN 64
-
-/* AES-256 key size in bytes. */
-#define AES256_KEYSIZE (256/8)
-
-/* AES-256 block size in bytes. */
-#define AES256_BLOCKSIZE (128/8)
-
-/* SHA-256 block size in bytes. */
-#define SHA256_BLOCKSIZE (512/8)
-
-/* SHA-256 result size in bytes. */
-#define SHA256_HASHSIZE (256/8)
-
-/* Genarator - block cipher in CTR mode */
-struct fortuna_state
-{
- /* Generator state. */
- unsigned char counter[AES256_BLOCKSIZE];
- unsigned char key[AES256_KEYSIZE];
- aes_encrypt_ctx ciph;
-
- /* Accumulator state. */
- SHA256_CTX pool[NUM_POOLS];
- unsigned int pool_index;
- unsigned int reseed_count;
- struct timeval last_reseed_time;
- unsigned int pool0_bytes;
-};
-
-/*
- * SHA[d]-256(m) is defined as SHA-256(SHA-256(0^512||m))--that is, hash a
- * block full of zeros followed by the input data, then re-hash the result.
- * These functions implement the SHA[d]-256 function on incremental inputs.
- */
-
-static void
-shad256_init(SHA256_CTX *ctx)
-{
- unsigned char zero[SHA256_BLOCKSIZE];
-
- /* Initialize the inner SHA-256 context and update it with a zero block. */
- memset(zero, 0, sizeof(zero));
- k5_sha256_init(ctx);
- k5_sha256_update(ctx, zero, sizeof(zero));
-}
-
-static void
-shad256_update(SHA256_CTX *ctx, const unsigned char *data, int len)
-{
- /* Feed the input to the inner SHA-256 context. */
- k5_sha256_update(ctx, data, len);
-}
-
-static void
-shad256_result(SHA256_CTX *ctx, unsigned char *dst)
-{
- /* Finalize the inner context, then feed the result back through SHA256. */
- k5_sha256_final(dst, ctx);
- k5_sha256_init(ctx);
- k5_sha256_update(ctx, dst, SHA256_HASHSIZE);
- k5_sha256_final(dst, ctx);
-}
-
-/* Initialize state. */
-static void
-init_state(struct fortuna_state *st)
-{
- unsigned int i;
-
- memset(st, 0, sizeof(*st));
- for (i = 0; i < NUM_POOLS; i++)
- shad256_init(&st->pool[i]);
-}
-
-/* Increment st->counter using least significant byte first. */
-static void
-inc_counter(struct fortuna_state *st)
-{
- uint64_t val;
-
- val = load_64_le(st->counter) + 1;
- store_64_le(val, st->counter);
- if (val == 0) {
- val = load_64_le(st->counter + 8) + 1;
- store_64_le(val, st->counter + 8);
- }
-}
-
-/* Encrypt and increment st->counter in the current cipher context. */
-static void
-encrypt_counter(struct fortuna_state *st, unsigned char *dst)
-{
- k5_aes_encrypt(st->counter, dst, &st->ciph);
- inc_counter(st);
-}
-
-/* Reseed the generator based on hopefully non-guessable input. */
-static void
-generator_reseed(struct fortuna_state *st, const unsigned char *data,
- size_t len)
-{
- SHA256_CTX ctx;
-
- /* Calculate SHA[d]-256(key||s) and make that the new key. Depend on the
- * SHA-256 hash size being the AES-256 key size. */
- shad256_init(&ctx);
- shad256_update(&ctx, st->key, AES256_KEYSIZE);
- shad256_update(&ctx, data, len);
- shad256_result(&ctx, st->key);
- zap(&ctx, sizeof(ctx));
- k5_aes_encrypt_key256(st->key, &st->ciph);
-
- /* Increment counter. */
- inc_counter(st);
-}
-
-/* Generate two blocks in counter mode and replace the key with the result. */
-static void
-change_key(struct fortuna_state *st)
-{
- encrypt_counter(st, st->key);
- encrypt_counter(st, st->key + AES256_BLOCKSIZE);
- k5_aes_encrypt_key256(st->key, &st->ciph);
-}
-
-/* Output pseudo-random data from the generator. */
-static void
-generator_output(struct fortuna_state *st, unsigned char *dst, size_t len)
-{
- unsigned char result[AES256_BLOCKSIZE];
- size_t n, count = 0;
-
- while (len > 0) {
- /* Produce bytes and copy the result into dst. */
- encrypt_counter(st, result);
- n = (len < AES256_BLOCKSIZE) ? len : AES256_BLOCKSIZE;
- memcpy(dst, result, n);
- dst += n;
- len -= n;
-
- /* Each time we reach MAX_BYTES_PER_KEY bytes, change the key. */
- count += AES256_BLOCKSIZE;
- if (count >= MAX_BYTES_PER_KEY) {
- change_key(st);
- count = 0;
- }
- }
- zap(result, sizeof(result));
-
- /* Change the key after each request. */
- change_key(st);
-}
-
-/* Reseed the generator using the accumulator pools. */
-static void
-accumulator_reseed(struct fortuna_state *st)
-{
- unsigned int i, n;
- SHA256_CTX ctx;
- unsigned char hash_result[SHA256_HASHSIZE];
-
- n = ++st->reseed_count;
-
- /*
- * Collect entropy from pools. We use the i-th pool only 1/(2^i) of the
- * time so that each pool collects twice as much entropy between uses as
- * the last.
- */
- shad256_init(&ctx);
- for (i = 0; i < NUM_POOLS; i++) {
- if (n % (1 << i) != 0)
- break;
-
- /* Harvest this pool's hash result into ctx, then reset the pool. */
- shad256_result(&st->pool[i], hash_result);
- shad256_init(&st->pool[i]);
- shad256_update(&ctx, hash_result, SHA256_HASHSIZE);
- }
- shad256_result(&ctx, hash_result);
- generator_reseed(st, hash_result, SHA256_HASHSIZE);
- zap(hash_result, SHA256_HASHSIZE);
- zap(&ctx, sizeof(ctx));
-
- /* Reset the count of bytes added to pool 0. */
- st->pool0_bytes = 0;
-}
-
-/* Add possibly unguessable data to the next accumulator pool. */
-static void
-accumulator_add_event(struct fortuna_state *st, const unsigned char *data,
- size_t len)
-{
- unsigned char lenbuf[2];
- SHA256_CTX *pool;
-
- /* Track how many bytes have been added to pool 0. */
- if (st->pool_index == 0 && st->pool0_bytes < MIN_POOL_LEN)
- st->pool0_bytes += len;
-
- /* Hash events into successive accumulator pools. */
- pool = &st->pool[st->pool_index];
- st->pool_index = (st->pool_index + 1) % NUM_POOLS;
-
- /*
- * Fortuna specifies that events are encoded with a source identifier byte,
- * a length byte, and the event data itself. We do not have source
- * identifiers and they're not really important, so just encode the
- * length in two bytes instead.
- */
- store_16_be(len, lenbuf);
- shad256_update(pool, lenbuf, 2);
- shad256_update(pool, data, len);
-}
-
-/* Limit dependencies for test program. */
-#ifndef TEST
-
-/* Return true if RESEED_INTERVAL microseconds have passed since the last
- * reseed. */
-static krb5_boolean
-enough_time_passed(struct fortuna_state *st)
-{
- struct timeval tv, *last = &st->last_reseed_time;
- krb5_boolean ok = FALSE;
-
- gettimeofday(&tv, NULL);
-
- /* Check how much time has passed. */
- if (tv.tv_sec > last->tv_sec + 1)
- ok = TRUE;
- else if (tv.tv_sec == last->tv_sec + 1) {
- if (1000000 + tv.tv_usec - last->tv_usec >= RESEED_INTERVAL)
- ok = TRUE;
- } else if (tv.tv_usec - last->tv_usec >= RESEED_INTERVAL)
- ok = TRUE;
-
- /* Update last_reseed_time if we're returning success. */
- if (ok)
- memcpy(last, &tv, sizeof(tv));
-
- return ok;
-}
-
-static void
-accumulator_output(struct fortuna_state *st, unsigned char *dst, size_t len)
-{
- /* Reseed the generator with data from pools if we have accumulated enough
- * data and enough time has passed since the last accumulator reseed. */
- if (st->pool0_bytes >= MIN_POOL_LEN && enough_time_passed(st))
- accumulator_reseed(st);
-
- generator_output(st, dst, len);
-}
-
-static k5_mutex_t fortuna_lock = K5_MUTEX_PARTIAL_INITIALIZER;
-static struct fortuna_state main_state;
-#ifdef _WIN32
-static DWORD last_pid;
-#else
-static pid_t last_pid;
-#endif
-static krb5_boolean have_entropy = FALSE;
-
-int
-k5_prng_init(void)
-{
- krb5_error_code ret = 0;
- unsigned char osbuf[64];
-
- ret = k5_mutex_finish_init(&fortuna_lock);
- if (ret)
- return ret;
-
- init_state(&main_state);
-#ifdef _WIN32
- last_pid = GetCurrentProcessId();
-#else
- last_pid = getpid();
-#endif
- if (k5_get_os_entropy(osbuf, sizeof(osbuf), 0)) {
- generator_reseed(&main_state, osbuf, sizeof(osbuf));
- have_entropy = TRUE;
- }
-
- return 0;
-}
-
-void
-k5_prng_cleanup(void)
-{
- have_entropy = FALSE;
- zap(&main_state, sizeof(main_state));
- k5_mutex_destroy(&fortuna_lock);
-}
-
-krb5_error_code KRB5_CALLCONV
-krb5_c_random_add_entropy(krb5_context context, unsigned int randsource,
- const krb5_data *indata)
-{
- krb5_error_code ret;
-
- ret = krb5int_crypto_init();
- if (ret)
- return ret;
- k5_mutex_lock(&fortuna_lock);
- if (randsource == KRB5_C_RANDSOURCE_OSRAND ||
- randsource == KRB5_C_RANDSOURCE_TRUSTEDPARTY) {
- /* These sources contain enough entropy that we should use them
- * immediately, so that they benefit the next request. */
- generator_reseed(&main_state, (unsigned char *)indata->data,
- indata->length);
- have_entropy = TRUE;
- } else {
- /* Other sources should just go into the pools and be used according to
- * the accumulator logic. */
- accumulator_add_event(&main_state, (unsigned char *)indata->data,
- indata->length);
- }
- k5_mutex_unlock(&fortuna_lock);
- return 0;
-}
-
-krb5_error_code KRB5_CALLCONV
-krb5_c_random_make_octets(krb5_context context, krb5_data *outdata)
-{
-#ifdef _WIN32
- DWORD pid = GetCurrentProcessId();
-#else
- pid_t pid = getpid();
-#endif
- unsigned char pidbuf[4];
-
- k5_mutex_lock(&fortuna_lock);
-
- if (!have_entropy) {
- k5_mutex_unlock(&fortuna_lock);
- if (context != NULL) {
- k5_set_error(&context->err, KRB5_CRYPTO_INTERNAL,
- _("Random number generator could not be seeded"));
- }
- return KRB5_CRYPTO_INTERNAL;
- }
-
- if (pid != last_pid) {
- /* We forked; make sure child's PRNG stream differs from parent's. */
- store_32_be(pid, pidbuf);
- generator_reseed(&main_state, pidbuf, 4);
- last_pid = pid;
- }
-
- accumulator_output(&main_state, (unsigned char *)outdata->data,
- outdata->length);
- k5_mutex_unlock(&fortuna_lock);
- return 0;
-}
-
-krb5_error_code KRB5_CALLCONV
-krb5_c_random_os_entropy(krb5_context context, int strong, int *success)
-{
- krb5_error_code ret;
- krb5_data data;
- uint8_t buf[64];
- int status = 0;
-
- if (!k5_get_os_entropy(buf, sizeof(buf), strong))
- goto done;
-
- data = make_data(buf, sizeof(buf));
- ret = krb5_c_random_add_entropy(context, KRB5_C_RANDSOURCE_OSRAND, &data);
- if (ret)
- goto done;
-
- status = 1;
-
-done:
- if (success != NULL)
- *success = status;
- return 0;
-}
-
-#endif /* not TEST */
diff --git a/src/lib/crypto/krb/prng_os.c b/src/lib/crypto/krb/prng_os.c
deleted file mode 100644
index 8ea13e7..0000000
--- a/src/lib/crypto/krb/prng_os.c
+++ /dev/null
@@ -1,72 +0,0 @@
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/* lib/crypto/krb/prng_os.c - OS PRNG implementation */
-/*
- * Copyright (C) 2016 by the Massachusetts Institute of Technology.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * * Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/*
- * This file implements a PRNG module which relies on the system's PRNG. An
- * OS packager can select this module given sufficient confidence in the
- * operating system's native PRNG quality.
- */
-
-#include "crypto_int.h"
-
-int
-k5_prng_init(void)
-{
- return 0;
-}
-
-void
-k5_prng_cleanup(void)
-{
-}
-
-krb5_error_code KRB5_CALLCONV
-krb5_c_random_add_entropy(krb5_context context, unsigned int randsource,
- const krb5_data *indata)
-{
- return 0;
-}
-
-krb5_error_code KRB5_CALLCONV
-krb5_c_random_make_octets(krb5_context context, krb5_data *outdata)
-{
- krb5_boolean res;
-
- res = k5_get_os_entropy((uint8_t *)outdata->data, outdata->length, 0);
- return res ? 0 : KRB5_CRYPTO_INTERNAL;
-}
-
-krb5_error_code KRB5_CALLCONV
-krb5_c_random_os_entropy(krb5_context context, int strong, int *success)
-{
- return 0;
-}
diff --git a/src/lib/crypto/krb/t_fortuna.c b/src/lib/crypto/krb/t_fortuna.c
deleted file mode 100644
index 508ffcf..0000000
--- a/src/lib/crypto/krb/t_fortuna.c
+++ /dev/null
@@ -1,179 +0,0 @@
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/* lib/crypto/krb/t_fortuna.c - Fortuna test program */
-/*
- * Copyright (c) 2007 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-/*
- * Copyright (C) 2011 by the Massachusetts Institute of Technology.
- * All rights reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "k5-int.h"
-#ifdef FORTUNA
-
-/* Include most of prng_fortuna.c so we can test the PRNG internals. */
-#define TEST
-#include "prng_fortuna.c"
-
-static void
-display(const unsigned char *data, size_t len)
-{
- size_t i;
-
- for (i = 0; i < len; i++)
- printf("%02X", data[i]);
- printf("\n");
-}
-
-/*
- * Generate data from st with its current internal state and check for
- * significant bias in each bit of the resulting bytes. This test would have a
- * small chance of failure on random inputs, but we have a predictable state
- * after all the other tests have been run, so it will never fail if the PRNG
- * operates the way we expect.
- */
-static void
-head_tail_test(struct fortuna_state *st)
-{
- static unsigned char buffer[1024 * 1024];
- unsigned char c;
- int i, len = sizeof(buffer);
- int bit, bits[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
- double res;
-
- memset(buffer, 0, len);
-
- generator_output(st, buffer, len);
- for (i = 0; i < len; i++) {
- c = buffer[i];
- for (bit = 0; bit < 8 && c; bit++) {
- if (c & 1)
- bits[bit]++;
- c = c >> 1;
- }
- }
-
- for (bit = 0; bit < 8; bit++) {
- res = ((double)abs(len - bits[bit] * 2)) / (double)len;
- if (res > 0.005){
- fprintf(stderr,
- "Bit %d: %d zero, %d one exceeds 0.5%% variance (%f)\n",
- bit, (int)len - bits[bit], bits[bit], res);
- exit(1);
- }
- }
-}
-
-int
-main(int argc, char **argv)
-{
- struct fortuna_state test_state;
- struct fortuna_state *st = &test_state;
- static unsigned char buf[2 * 1024 * 1024];
- unsigned int i;
-
- /* Seed the generator with a known state. */
- init_state(&test_state);
- generator_reseed(st, (unsigned char *)"test", 4);
-
- /* Generate two pieces of output; key should change for each request. */
- generator_output(st, buf, 32);
- display(buf, 32);
- generator_output(st, buf, 32);
- display(buf, 32);
-
- /* Generate a lot of output to test key changes during request. */
- generator_output(st, buf, sizeof(buf));
- display(buf, 32);
- display(buf + sizeof(buf) - 32, 32);
-
- /* Reseed the generator and generate more output. */
- generator_reseed(st, (unsigned char *)"retest", 6);
- generator_output(st, buf, 32);
- display(buf, 32);
-
- /* Add sample data to accumulator pools. */
- for (i = 0; i < 44; i++) {
- store_32_be(i, buf);
- accumulator_add_event(st, buf, 4);
- }
- assert(st->pool_index == 12);
- assert(st->pool0_bytes == 8);
-
- /* Exercise accumulator reseeds. */
- accumulator_reseed(st);
- generator_output(st, buf, 32);
- display(buf, 32);
- accumulator_reseed(st);
- generator_output(st, buf, 32);
- display(buf, 32);
- accumulator_reseed(st);
- generator_output(st, buf, 32);
- display(buf, 32);
- for (i = 0; i < 1000; i++)
- accumulator_reseed(st);
- assert(st->reseed_count == 1003);
- generator_output(st, buf, 32);
- display(buf, 32);
-
- head_tail_test(st);
- return 0;
-}
-
-#else /* FORTUNA */
-
-int
-main()
-{
- return 0;
-}
-
-#endif /* FORTUNA */
diff --git a/src/lib/crypto/krb/t_fortuna.expected b/src/lib/crypto/krb/t_fortuna.expected
deleted file mode 100644
index 2d5738c..0000000
--- a/src/lib/crypto/krb/t_fortuna.expected
+++ /dev/null
@@ -1,9 +0,0 @@
-A7C846B4EEAF6AB78AB33FFC77197BB0364C364E5A4259593464162B14C494F1
-EDC0776CA17E4FC395823653D1956D6873A55A1829D85D8B46340F3C9DD113F2
-B551F4EDF860BEB49E89BFF9B60BFD955ED85B070E18667189450962C503CBE5
-069A4F41D88CC12927672F1039C50DD50A0713E0AD542A6CDCD1E75CC4E7FB36
-E4EBA939FB027DACF1E7406461703C57B48D8BC0A1039A170FAD5E35C088B789
-68199B6755105BC22C343BD339EA2035E7A3F9535DC83DE3436C794EABA18B34
-49AD3C22E015666A269F37CA47EEF075860CC21588F3CF8D7EB5A9DC4D59C0F4
-9EFCB204F1B588A918B6A81D1E0E25C78C0921CF4839BE38D698EE8E30097BED
-66B252E879C2548A3FC3FEAF6B7ABCDBAFB1A45F5FB68EB49AB12CC13B1A091B
diff --git a/src/lib/crypto/libk5crypto.exports b/src/lib/crypto/libk5crypto.exports
index d6cc1b4..d87ddd6 100644
--- a/src/lib/crypto/libk5crypto.exports
+++ b/src/lib/crypto/libk5crypto.exports
@@ -96,12 +96,7 @@ krb5int_enc_camellia128
krb5int_enc_camellia256
krb5int_derive_key
krb5int_derive_random
-k5_aes_encrypt
-k5_aes_encrypt_key256
k5_sha256
-k5_sha256_final
-k5_sha256_init
-k5_sha256_update
krb5int_nfold
k5_allow_weak_pbkdf2iter
krb5_c_prfplus
diff --git a/src/lib/crypto/openssl/Makefile.in b/src/lib/crypto/openssl/Makefile.in
index aa434b1..c1f320e 100644
--- a/src/lib/crypto/openssl/Makefile.in
+++ b/src/lib/crypto/openssl/Makefile.in
@@ -7,22 +7,19 @@ STLIBOBJS=\
hmac.o \
init.o \
pbkdf2.o \
- sha256.o \
- stubs.o
+ sha256.o
OBJS=\
$(OUTPRE)hmac.$(OBJEXT) \
$(OUTPRE)init.$(OBJEXT) \
$(OUTPRE)pbkdf2.$(OBJEXT) \
- $(OUTPRE)sha256.$(OBJEXT) \
- $(OUTPRE)stubs.$(OBJEXT)
+ $(OUTPRE)sha256.$(OBJEXT)
SRCS=\
$(srcdir)/hmac.c \
$(srcdir)/init.c \
$(srcdir)/pbkdf2.c \
- $(srcdir)/sha256.c \
- $(srcdir)/stubs.c
+ $(srcdir)/sha256.c
STOBJLISTS= des/OBJS.ST md4/OBJS.ST \
md5/OBJS.ST sha1/OBJS.ST sha2/OBJS.ST \
diff --git a/src/lib/crypto/openssl/crypto_mod.h b/src/lib/crypto/openssl/crypto_mod.h
index cbf2f9e..d6f5b2a 100644
--- a/src/lib/crypto/openssl/crypto_mod.h
+++ b/src/lib/crypto/openssl/crypto_mod.h
@@ -44,11 +44,4 @@
#define EVP_MD_CTX_free EVP_MD_CTX_destroy
#endif
-#define aes_encrypt_ctx AES_KEY
-#define k5_aes_encrypt_key256(k, ctx) AES_set_encrypt_key(k, 256, ctx)
-#define k5_aes_encrypt(in, out, ctx) AES_encrypt(in, out, ctx)
-#define k5_sha256_init SHA256_Init
-#define k5_sha256_update SHA256_Update
-#define k5_sha256_final SHA256_Final
-
#endif /* CRYPTO_MOD_H */
diff --git a/src/lib/crypto/openssl/stubs.c b/src/lib/crypto/openssl/stubs.c
deleted file mode 100644
index 2f48d8e..0000000
--- a/src/lib/crypto/openssl/stubs.c
+++ /dev/null
@@ -1,69 +0,0 @@
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/* lib/crypto/openssl/stubs.c - OpenSSL stub functions */
-/*
- * Copyright (C) 2011 by the Massachusetts Institute of Technology.
- * All rights reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-/*
- * This file defines symbols which must be exported by libk5crypto because they
- * are in the export list (for the sake of test programs), but which are not
- * used when OpenSSL is the back end.
- */
-
-#include "k5-int.h"
-
-/*
- * These functions are used by the Fortuna PRNG and test program. They are
- * defined to OpenSSL equivalents when the OpenSSL back end headers are
- * used.
- */
-void k5_aes_encrypt(void);
-void k5_aes_encrypt_key256(void);
-void k5_sha256_final(void);
-void k5_sha256_init(void);
-void k5_sha256_update(void);
-
-void k5_aes_encrypt(void)
-{
- abort();
-}
-
-void k5_aes_encrypt_key256(void)
-{
- abort();
-}
-
-void k5_sha256_final(void)
-{
- abort();
-}
-
-void k5_sha256_init(void)
-{
- abort();
-}
-
-void k5_sha256_update(void)
-{
- abort();
-}
diff --git a/src/lib/krb5/krb/gen_save_subkey.c b/src/lib/krb5/krb/gen_save_subkey.c
index bc2c46d..d027271 100644
--- a/src/lib/krb5/krb/gen_save_subkey.c
+++ b/src/lib/krb5/krb/gen_save_subkey.c
@@ -33,24 +33,9 @@ k5_generate_and_save_subkey(krb5_context context,
krb5_auth_context auth_context,
krb5_keyblock *keyblock, krb5_enctype enctype)
{
- /* Provide some more fodder for random number code.
- This isn't strong cryptographically; the point here is not
- to guarantee randomness, but to make it less likely that multiple
- sessions could pick the same subkey. */
- struct {
- krb5_timestamp sec;
- krb5_int32 usec;
- } rnd_data;
- krb5_data d;
krb5_error_code retval;
krb5_keyblock *kb = NULL;
- if (krb5_crypto_us_timeofday(&rnd_data.sec, &rnd_data.usec) == 0) {
- d.length = sizeof(rnd_data);
- d.data = (char *) &rnd_data;
- krb5_c_random_add_entropy(context, KRB5_C_RANDSOURCE_TIMING, &d);
- }
-
retval = krb5_generate_subkey_extended(context, keyblock, enctype, &kb);
if (retval)
return retval;
diff --git a/src/lib/krb5/krb/gen_seqnum.c b/src/lib/krb5/krb/gen_seqnum.c
index 7ac2821..74855c7 100644
--- a/src/lib/krb5/krb/gen_seqnum.c
+++ b/src/lib/krb5/krb/gen_seqnum.c
@@ -36,26 +36,12 @@
#define MIN(a,b) ((a) < (b) ? (a) : (b))
#endif
-static inline krb5_data
-key2data (krb5_keyblock k)
-{
- krb5_data d;
- d.magic = KV5M_DATA;
- d.length = k.length;
- d.data = (char *) k.contents;
- return d;
-}
-
krb5_error_code
krb5_generate_seq_number(krb5_context context, const krb5_keyblock *key, krb5_ui_4 *seqno)
{
krb5_data seed;
krb5_error_code retval;
- seed = key2data(*key);
- if ((retval = krb5_c_random_add_entropy(context, KRB5_C_RANDSOURCE_TRUSTEDPARTY, &seed)))
- return(retval);
-
seed.length = sizeof(*seqno);
seed.data = (char *) seqno;
retval = krb5_c_random_make_octets(context, &seed);
diff --git a/src/lib/krb5/krb/gen_subkey.c b/src/lib/krb5/krb/gen_subkey.c
index 45f7b18..fe6fdec 100644
--- a/src/lib/krb5/krb/gen_subkey.c
+++ b/src/lib/krb5/krb/gen_subkey.c
@@ -26,16 +26,6 @@
#include "k5-int.h"
-static inline krb5_data
-key2data (krb5_keyblock k)
-{
- krb5_data d;
- d.magic = KV5M_DATA;
- d.length = k.length;
- d.data = (char *) k.contents;
- return d;
-}
-
krb5_error_code
krb5_generate_subkey_extended(krb5_context context,
const krb5_keyblock *key,
@@ -43,17 +33,10 @@ krb5_generate_subkey_extended(krb5_context context,
krb5_keyblock **subkey)
{
krb5_error_code retval;
- krb5_data seed;
krb5_keyblock *keyblock;
*subkey = NULL;
- seed = key2data(*key);
- retval = krb5_c_random_add_entropy(context, KRB5_C_RANDSOURCE_TRUSTEDPARTY,
- &seed);
- if (retval)
- return retval;
-
keyblock = malloc(sizeof(krb5_keyblock));
if (!keyblock)
return ENOMEM;
diff --git a/src/lib/krb5/krb/init_ctx.c b/src/lib/krb5/krb/init_ctx.c
index aa35baa..87b486c 100644
--- a/src/lib/krb5/krb/init_ctx.c
+++ b/src/lib/krb5/krb/init_ctx.c
@@ -157,12 +157,6 @@ krb5_init_context_profile(profile_t profile, krb5_flags flags,
{
krb5_context ctx = 0;
krb5_error_code retval;
- struct {
- krb5_timestamp now;
- krb5_int32 now_usec;
- long pid;
- } seed_data;
- krb5_data seed;
int tmp;
char *plugin_dir = NULL;
@@ -243,17 +237,6 @@ krb5_init_context_profile(profile_t profile, krb5_flags flags,
goto cleanup;
ctx->dns_canonicalize_hostname = tmp;
- /* initialize the prng (not well, but passable) */
- if ((retval = krb5_c_random_os_entropy( ctx, 0, NULL)) !=0)
- goto cleanup;
- if ((retval = krb5_crypto_us_timeofday(&seed_data.now, &seed_data.now_usec)))
- goto cleanup;
- seed_data.pid = getpid ();
- seed.length = sizeof(seed_data);
- seed.data = (char *) &seed_data;
- if ((retval = krb5_c_random_add_entropy(ctx, KRB5_C_RANDSOURCE_TIMING, &seed)))
- goto cleanup;
-
ctx->default_realm = 0;
get_integer(ctx, KRB5_CONF_CLOCKSKEW, DEFAULT_CLOCKSKEW, &tmp);
ctx->clockskew = tmp;
diff --git a/src/lib/krb5/krb/sendauth.c b/src/lib/krb5/krb/sendauth.c
index 149e25d..9e73294 100644
--- a/src/lib/krb5/krb/sendauth.c
+++ b/src/lib/krb5/krb/sendauth.c
@@ -126,29 +126,6 @@ krb5_sendauth(krb5_context context, krb5_auth_context *auth_context,
credsp = in_creds;
}
- if (ap_req_options & AP_OPTS_USE_SUBKEY) {
- /* Provide some more fodder for random number code.
- This isn't strong cryptographically; the point here is
- not to guarantee randomness, but to make it less likely
- that multiple sessions could pick the same subkey. */
- struct sockaddr_storage rnd_data;
- GETPEERNAME_ARG3_TYPE len2;
- krb5_data d = make_data(&rnd_data, sizeof(rnd_data));
-
- len2 = sizeof(rnd_data);
- if (getpeername(*(int *)fd, ss2sa(&rnd_data), &len2) == 0) {
- d.length = len2;
- (void)krb5_c_random_add_entropy(
- context, KRB5_C_RANDSOURCE_EXTERNAL_PROTOCOL, &d);
- }
- len2 = sizeof(rnd_data);
- if (getsockname(*(int *)fd, ss2sa(&rnd_data), &len2) == 0) {
- d.length = len2;
- (void)krb5_c_random_add_entropy(
- context, KRB5_C_RANDSOURCE_EXTERNAL_PROTOCOL, &d);
- }
- }
-
outbuf[0].data = NULL; /* Coverity is confused otherwise */
if ((retval = krb5_mk_req_extended(context, auth_context,
ap_req_options, in_data, credsp,
diff --git a/src/tests/t_iprop.py b/src/tests/t_iprop.py
index 09ec249..b356971 100755
--- a/src/tests/t_iprop.py
+++ b/src/tests/t_iprop.py
@@ -239,7 +239,7 @@ for realm in multidb_realms(kdc_conf=conf, create_user=False,
replica2_kprop_port = str(realm.portbase + 9)
kadmind_proponly = realm.start_server([kadmind, '-r', realm.realm,
'-nofork', '-proponly',
- '-W', '-p', kdb5_util,
+ '-p', kdb5_util,
'-K', kprop, '-k',
replica2_kprop_port,
'-F', replica1_out_dump_path],
diff --git a/src/util/k5test.py b/src/util/k5test.py
index 9a9151b..1917bbc 100644
--- a/src/util/k5test.py
+++ b/src/util/k5test.py
@@ -1046,7 +1046,7 @@ class K5Realm(object):
def create_kdb(self):
global kdb5_util
- self.run([kdb5_util, 'create', '-W', '-s', '-P', 'master'])
+ self.run([kdb5_util, 'create', '-s', '-P', 'master'])
def start_kdc(self, args=[], env=None):
global krb5kdc
@@ -1067,7 +1067,7 @@ class K5Realm(object):
env = self.env
assert(self._kadmind_proc is None)
dump_path = os.path.join(self.testdir, 'dump')
- self._kadmind_proc = _start_daemon([kadmind, '-nofork', '-W',
+ self._kadmind_proc = _start_daemon([kadmind, '-nofork',
'-p', kdb5_util, '-K', kprop,
'-F', dump_path], env,
'starting...')
More information about the cvs-krb5
mailing list