From c5b413c3d59725c4e3c9b041e480f102f2188c63 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Mon, 27 Sep 2021 13:38:10 -0400 Subject: [PATCH] Always use platform PRNG Remove the fortuna and device PRNG modules and PRNG modularity, and move the prng_os implementation into prng.c. Remove the crypto_mod.h requirement to implement failure-free AES256 and SHA256. Deprecate krb5_c_random_add_entropy() and krb5_c_random_os_entropy() and remove their call sites. Deprecate and ignore the -W (weak random) option to kadmind and kdb5_util create, and stop using it in the test suite. ticket: 9032 (new) --- .gitignore | 5 - doc/build/options2configure.rst | 5 - doc/mitK5features.rst | 7 - doc/notice.rst | 30 -- doc/thread-safe.txt | 7 - src/config/pre.in | 1 - src/config/win-pre.in | 1 - src/configure.ac | 12 - src/include/krb5/krb5.hin | 58 +-- src/kadmin/dbutil/kdb5_create.c | 10 +- src/kadmin/server/ovsec_kadmd.c | 9 +- src/kdc/dispatch.c | 31 -- src/kdc/main.c | 17 - src/lib/crypto/builtin/crypto_mod.h | 3 - src/lib/crypto/crypto_tests/Makefile.in | 10 +- src/lib/crypto/crypto_tests/t_prng.c | 90 ----- src/lib/crypto/krb/Makefile.in | 14 - src/lib/crypto/krb/crypto_int.h | 42 +-- src/lib/crypto/krb/crypto_libinit.c | 5 - src/lib/crypto/krb/prng.c | 37 +- src/lib/crypto/krb/prng_device.c | 99 ----- src/lib/crypto/krb/prng_fortuna.c | 470 ------------------------ src/lib/crypto/krb/prng_os.c | 72 ---- src/lib/crypto/krb/t_fortuna.c | 179 --------- src/lib/crypto/krb/t_fortuna.expected | 9 - src/lib/crypto/libk5crypto.exports | 5 - src/lib/crypto/openssl/Makefile.in | 9 +- src/lib/crypto/openssl/crypto_mod.h | 7 - src/lib/crypto/openssl/stubs.c | 69 ---- src/lib/krb5/krb/gen_save_subkey.c | 15 - src/lib/krb5/krb/gen_seqnum.c | 14 - src/lib/krb5/krb/gen_subkey.c | 17 - src/lib/krb5/krb/init_ctx.c | 17 - src/lib/krb5/krb/sendauth.c | 23 -- src/tests/t_iprop.py | 2 +- src/util/k5test.py | 4 +- 36 files changed, 51 insertions(+), 1354 deletions(-) delete mode 100644 src/lib/crypto/crypto_tests/t_prng.c delete mode 100644 src/lib/crypto/krb/prng_device.c delete mode 100644 src/lib/crypto/krb/prng_fortuna.c delete mode 100644 src/lib/crypto/krb/prng_os.c delete mode 100644 src/lib/crypto/krb/t_fortuna.c delete mode 100644 src/lib/crypto/krb/t_fortuna.expected delete mode 100644 src/lib/crypto/openssl/stubs.c diff --git a/.gitignore b/.gitignore index a1ba832632..8a10057f88 100644 --- a/.gitignore +++ b/.gitignore @@ -292,17 +292,12 @@ local.properties /src/lib/crypto/crypto_tests/t_nfold /src/lib/crypto/crypto_tests/t_prf /src/lib/crypto/crypto_tests/t_prf.output -/src/lib/crypto/crypto_tests/t_prng -/src/lib/crypto/crypto_tests/t_prng.output /src/lib/crypto/crypto_tests/t_sha2 /src/lib/crypto/crypto_tests/t_short /src/lib/crypto/crypto_tests/t_str2key /src/lib/crypto/crypto_tests/vk.txt /src/lib/crypto/crypto_tests/vt.txt -/src/lib/crypto/krb/t_fortuna -/src/lib/crypto/krb/t_fortuna.output - /src/lib/gssapi/merged-gssapi-header.h /src/lib/gssapi/generic/errmap.h diff --git a/doc/build/options2configure.rst b/doc/build/options2configure.rst index 86061071af..9e355dc2c5 100644 --- a/doc/build/options2configure.rst +++ b/doc/build/options2configure.rst @@ -337,11 +337,6 @@ Optional packages implemented crypto backend is ``openssl``. (See :ref:`mitK5features`) -**-**\ **-with-prng-alg=**\ *ALG* - Use specified PRNG algorithm. For example, to use the OS native - prng specify ``--with-prng-alg=os``. The default is ``fortuna``. - (See :ref:`mitK5features`) - **-**\ **-without-libedit** Do not compile and link against libedit. Some utilities will no longer offer command history or completion in interactive mode if diff --git a/doc/mitK5features.rst b/doc/mitK5features.rst index 4954bb3aa7..afaf531242 100644 --- a/doc/mitK5features.rst +++ b/doc/mitK5features.rst @@ -606,10 +606,3 @@ User experience: - S4U-X509-USER (release 1.8) https://msdn.microsoft.com/en-us/library/cc246091 - OTP (release 1.12) :ref:`otp_preauth` - SPAKE (release 1.17) :ref:`spake` - -`PRNG` - -- modularity (release 1.9) -- Yarrow PRNG (release < 1.10) -- Fortuna PRNG (release 1.9) https://www.schneier.com/book-practical.html -- OS PRNG (release 1.10) OS's native PRNG diff --git a/doc/notice.rst b/doc/notice.rst index 1c96e113e4..a9630d679a 100644 --- a/doc/notice.rst +++ b/doc/notice.rst @@ -727,36 +727,6 @@ have the following copyright and permission notice: ------------------- -Portions of the implementation of the Fortuna-like PRNG are subject to -the following notice: - - | Copyright |copy| 2005 Marko Kreen - | All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - - 1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" AND - ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - SUCH DAMAGE. - -.. - Copyright |copy| 1994 by the University of Southern California EXPORT OF THIS SOFTWARE from the United States of America may diff --git a/doc/thread-safe.txt b/doc/thread-safe.txt index 2aa49cf73b..d6c8c6eabd 100644 --- a/doc/thread-safe.txt +++ b/doc/thread-safe.txt @@ -116,11 +116,6 @@ trees, and a mutex to protect it. libk5crypto -Uses of the Yarrow code from the krb5 crypto interface are protected -by a single mutex. Initialization of the Yarrow state will be done -once, the first time these routines are called. Calls directly to the -Yarrow functions are not protected. - Uses ctype macros; what happens if the locale is changed in a multi-threaded program? @@ -128,8 +123,6 @@ Debug var in pbkdf2.c. Statics: pbkdf2.c: debug variable. -Statics: prng.c: Global Yarrow data and mutex. - Statics: crypto_libinit.c: library initializer aux data. ---------------- diff --git a/src/config/pre.in b/src/config/pre.in index 5b648dd178..13f95c6145 100644 --- a/src/config/pre.in +++ b/src/config/pre.in @@ -405,7 +405,6 @@ RUN_TEST=$(RUN_SETUP) KRB5_CONFIG=$(top_srcdir)/config-files/krb5.conf \ # Crypto and PRNG back-end selections CRYPTO_IMPL = @CRYPTO_IMPL@ -PRNG_ALG = @PRNG_ALG@ # TLS implementation selection TLS_IMPL = @TLS_IMPL@ diff --git a/src/config/win-pre.in b/src/config/win-pre.in index 0e696e2998..9158532b83 100644 --- a/src/config/win-pre.in +++ b/src/config/win-pre.in @@ -210,7 +210,6 @@ MAKE=-$(MAKE) !endif CRYPTO_IMPL = builtin -PRNG_ALG = fortuna CFLAGS = $(CCOPTS) ALL_CFLAGS = $(DEFS) $(DEFINES) $(LOCALINCLUDES) $(CPPFLAGS) $(CFLAGS) diff --git a/src/configure.ac b/src/configure.ac index d7b7a744eb..a244f95d99 100644 --- a/src/configure.ac +++ b/src/configure.ac @@ -285,18 +285,6 @@ AC_SUBST(CRYPTO_IMPL) AC_SUBST(CRYPTO_IMPL_CFLAGS) AC_SUBST(CRYPTO_IMPL_LIBS) -AC_ARG_WITH([prng-alg], - [AS_HELP_STRING([--with-prng-alg=ALG], - [use specified PRNG algorithm. @<:@fortuna@:>@])], - [PRNG_ALG=$withval - AC_MSG_NOTICE(k5crypto will use '$withval')], - [PRNG_ALG=fortuna]) -AC_CONFIG_COMMANDS(PRNG_ALG, , PRNG_ALG=$PRNG_ALG) -AC_SUBST(PRNG_ALG) -if test "$PRNG_ALG" = fortuna; then - AC_DEFINE(FORTUNA,1,[Define if Fortuna PRNG is selected]) -fi - # WITH_TLS_IMPL AC_ARG_WITH([tls-impl], diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin index 7017837a0a..d083b92726 100644 --- a/src/include/krb5/krb5.hin +++ b/src/include/krb5/krb5.hin @@ -464,27 +464,14 @@ typedef struct _krb5_crypto_iov { #define CKSUMTYPE_MD5_HMAC_ARCFOUR -137 /* Microsoft netlogon */ #define CKSUMTYPE_HMAC_MD5_ARCFOUR -138 /**< RFC 4757 */ -/* - * The following are entropy source designations. Whenever - * krb5_C_random_add_entropy is called, one of these source ids is passed in. - * This allows the library to better estimate bits of entropy in the sample and - * to keep track of what sources of entropy have contributed enough entropy. - * Sources marked internal MUST NOT be used by applications outside the - * Kerberos library - */ - +/* Constants for the deprecated krb5_c_random_add_entropy() */ enum { - KRB5_C_RANDSOURCE_OLDAPI = 0, /*calls to krb5_C_RANDOM_SEED (INTERNAL)*/ - KRB5_C_RANDSOURCE_OSRAND = 1, /* /dev/random or equivalent (internal)*/ - KRB5_C_RANDSOURCE_TRUSTEDPARTY = 2, /* From KDC or other trusted party*/ - /* - * This source should be used carefully; data in this category - * should be from a third party trusted to give random bits - * For example keys issued by the KDC in the application server. - */ - KRB5_C_RANDSOURCE_TIMING = 3, /* Timing of operations*/ - KRB5_C_RANDSOURCE_EXTERNAL_PROTOCOL = 4, /*Protocol data possibly from attacker*/ - KRB5_C_RANDSOURCE_MAX = 5 /*Do not use; maximum source ID*/ + KRB5_C_RANDSOURCE_OLDAPI = 0, + KRB5_C_RANDSOURCE_OSRAND = 1, + KRB5_C_RANDSOURCE_TRUSTEDPARTY = 2, + KRB5_C_RANDSOURCE_TIMING = 3, + KRB5_C_RANDSOURCE_EXTERNAL_PROTOCOL = 4, + KRB5_C_RANDSOURCE_MAX = 5 }; #ifndef krb5_roundup @@ -765,19 +752,7 @@ krb5_error_code KRB5_CALLCONV krb5_c_random_to_key(krb5_context context, krb5_enctype enctype, krb5_data *random_data, krb5_keyblock *k5_random_key); -/** - * Add entropy to the pseudo-random number generator. - * - * @param [in] context Library context - * @param [in] randsource Entropy source (see KRB5_RANDSOURCE types) - * @param [in] data Data - * - * Contribute entropy to the PRNG used by krb5 crypto operations. This may or - * may not affect the output of the next crypto operation requiring random - * data. - * - * @retval 0 Success; otherwise - Kerberos error codes - */ +/** @deprecated This call is no longer necessary. */ krb5_error_code KRB5_CALLCONV krb5_c_random_add_entropy(krb5_context context, unsigned int randsource, const krb5_data *data); @@ -797,24 +772,11 @@ krb5_c_random_add_entropy(krb5_context context, unsigned int randsource, krb5_error_code KRB5_CALLCONV krb5_c_random_make_octets(krb5_context context, krb5_data *data); -/** - * Collect entropy from the OS if possible. - * - * @param [in] context Library context - * @param [in] strong Strongest available source of entropy - * @param [out] success 1 if OS provides entropy, 0 otherwise - * - * If @a strong is non-zero, this function attempts to use the strongest - * available source of entropy. Setting this flag may cause the function to - * block on some operating systems. Good uses include seeding the PRNG for - * kadmind and realm setup. - * - * @retval 0 Success; otherwise - Kerberos error codes - */ +/** @deprecated This call is no longer necessary. */ krb5_error_code KRB5_CALLCONV krb5_c_random_os_entropy(krb5_context context, int strong, int *success); -/** @deprecated Replaced by krb5_c_* API family. */ +/** @deprecated This call is no longer necessary. */ krb5_error_code KRB5_CALLCONV krb5_c_random_seed(krb5_context context, krb5_data *data); diff --git a/src/kadmin/dbutil/kdb5_create.c b/src/kadmin/dbutil/kdb5_create.c index f9205f84da..038a0b2190 100644 --- a/src/kadmin/dbutil/kdb5_create.c +++ b/src/kadmin/dbutil/kdb5_create.c @@ -152,7 +152,6 @@ void kdb5_create(argc, argv) krb5_data pwd, seed; kdb_log_context *log_ctx; krb5_kvno mkey_kvno; - int strong_random = 1; while ((optchar = getopt(argc, argv, "sW")) != -1) { switch(optchar) { @@ -160,7 +159,7 @@ void kdb5_create(argc, argv) do_stash++; break; case 'W': - strong_random = 0; + /* Ignore (deprecated weak random option). */ break; case '?': default: @@ -178,13 +177,6 @@ void kdb5_create(argc, argv) log_ctx = util_context->kdblog_context; - printf(_("Loading random data\n")); - retval = krb5_c_random_os_entropy (util_context, strong_random, NULL); - if (retval) { - com_err(progname, retval, _("Loading random data")); - exit_status++; return; - } - /* assemble & parse the master key name */ if ((retval = krb5_db_setup_mkey_name(util_context, diff --git a/src/kadmin/server/ovsec_kadmd.c b/src/kadmin/server/ovsec_kadmd.c index 2a386a70cf..b29a0f5b63 100644 --- a/src/kadmin/server/ovsec_kadmd.c +++ b/src/kadmin/server/ovsec_kadmd.c @@ -349,7 +349,7 @@ main(int argc, char *argv[]) const char *pid_file = NULL; char **db_args = NULL, **tmpargs; const char *acl_file; - int ret, i, db_args_size = 0, strong_random = 1, proponly = 0; + int ret, i, db_args_size = 0, proponly = 0; setlocale(LC_ALL, ""); setvbuf(stderr, NULL, _IONBF, 0); @@ -408,7 +408,7 @@ main(int argc, char *argv[]) usage(); pid_file = *argv; } else if (strcmp(*argv, "-W") == 0) { - strong_random = 0; + /* Ignore (deprecated weak random option). */ } else if (strcmp(*argv, "-p") == 0) { argc--, argv++; if (!argc) @@ -522,11 +522,6 @@ main(int argc, char *argv[]) if (ret) fail_to_start(ret, _("initializing")); - krb5_klog_syslog(LOG_INFO, _("Seeding random number generator")); - ret = krb5_c_random_os_entropy(context, strong_random, NULL); - if (ret) - fail_to_start(ret, _("getting random seed")); - if (params.iprop_enabled == TRUE) { ulog_set_role(context, IPROP_PRIMARY); diff --git a/src/kdc/dispatch.c b/src/kdc/dispatch.c index 3ed5176a89..f24f5fd8f3 100644 --- a/src/kdc/dispatch.c +++ b/src/kdc/dispatch.c @@ -33,8 +33,6 @@ #include #include -static krb5_int32 last_usec = 0, last_os_random = 0; - static krb5_error_code make_too_big_error(kdc_realm_t *kdc_active_realm, krb5_data **out); @@ -90,34 +88,6 @@ finish_dispatch_cache(void *arg, krb5_error_code code, krb5_data *response) finish_dispatch(state, code, response); } -static void -reseed_random(krb5_context kdc_err_context) -{ - krb5_error_code retval; - krb5_timestamp now; - krb5_int32 now_usec, usec_difference; - krb5_data data; - - retval = krb5_crypto_us_timeofday(&now, &now_usec); - if (retval == 0) { - usec_difference = now_usec - last_usec; - if (last_os_random == 0) - last_os_random = now; - /* Grab random data from OS every hour*/ - if (ts_delta(now, last_os_random) >= 60 * 60) { - krb5_c_random_os_entropy(kdc_err_context, 0, NULL); - last_os_random = now; - } - - data.length = sizeof(krb5_int32); - data.data = (void *)&usec_difference; - - krb5_c_random_add_entropy(kdc_err_context, - KRB5_C_RANDSOURCE_TIMING, &data); - last_usec = now_usec; - } -} - void dispatch(void *cb, const krb5_fulladdr *local_addr, const krb5_fulladdr *remote_addr, krb5_data *pkt, int is_tcp, @@ -172,7 +142,6 @@ dispatch(void *cb, const krb5_fulladdr *local_addr, * is currently being processed. */ kdc_insert_lookaside(kdc_err_context, pkt, NULL); #endif - reseed_random(kdc_err_context); /* try TGS_REQ first; they are more common! */ diff --git a/src/kdc/main.c b/src/kdc/main.c index d27d15f8ec..7917ffbe0e 100644 --- a/src/kdc/main.c +++ b/src/kdc/main.c @@ -62,7 +62,6 @@ static int nofork = 0; static int workers = 0; static int time_offset = 0; static const char *pid_file = NULL; -static int rkey_init_done = 0; static volatile int signal_received = 0; static volatile int sighup_received = 0; @@ -409,22 +408,6 @@ init_realm(kdc_realm_t * rdp, krb5_pointer aprof, char *realm, goto whoops; } - if (!rkey_init_done) { - krb5_data seed; - /* - * If all that worked, then initialize the random key - * generators. - */ - - seed.length = rdp->realm_mkey.length; - seed.data = (char *)rdp->realm_mkey.contents; - - if ((kret = krb5_c_random_add_entropy(rdp->realm_context, - KRB5_C_RANDSOURCE_TRUSTEDPARTY, &seed))) - goto whoops; - - rkey_init_done = 1; - } whoops: /* * If we choked, then clean up any dirt we may have dropped on the floor. diff --git a/src/lib/crypto/builtin/crypto_mod.h b/src/lib/crypto/builtin/crypto_mod.h index f85e322155..cb7f661ac6 100644 --- a/src/lib/crypto/builtin/crypto_mod.h +++ b/src/lib/crypto/builtin/crypto_mod.h @@ -33,7 +33,4 @@ #ifndef CRYPTO_MOD_H #define CRYPTO_MOD_H -#include -#include - #endif /* CRYPTO_MOD_H */ diff --git a/src/lib/crypto/crypto_tests/Makefile.in b/src/lib/crypto/crypto_tests/Makefile.in index 0295ee14f7..1d4b184faa 100644 --- a/src/lib/crypto/crypto_tests/Makefile.in +++ b/src/lib/crypto/crypto_tests/Makefile.in @@ -7,7 +7,6 @@ EXTRADEPSRCS=\ $(srcdir)/t_encrypt.c \ $(srcdir)/t_decrypt.c \ $(srcdir)/t_prf.c \ - $(srcdir)/t_prng.c \ $(srcdir)/t_cmac.c \ $(srcdir)/t_hmac.c \ $(srcdir)/t_pkcs5.c \ @@ -27,7 +26,7 @@ EXTRADEPSRCS=\ ##DOS##BUILDTOP = ..\..\.. -check-unix: t_nfold t_encrypt t_decrypt t_prf t_prng t_cmac t_hmac \ +check-unix: t_nfold t_encrypt t_decrypt t_prf t_cmac t_hmac \ t_cksums \ aes-test \ camellia-test \ @@ -36,7 +35,6 @@ check-unix: t_nfold t_encrypt t_decrypt t_prf t_prng t_cmac t_hmac \ $(RUN_TEST) ./t_nfold $(RUN_TEST) ./t_encrypt $(RUN_TEST) ./t_decrypt - $(RUN_TEST) ./t_prng <$(srcdir)/t_prng.seed >t_prng.output $(RUN_TEST) ./t_cmac $(RUN_TEST) ./t_hmac $(RUN_TEST) ./t_prf @@ -71,9 +69,6 @@ t_decrypt$(EXEEXT): t_decrypt.$(OBJEXT) $(KRB5_BASE_DEPLIBS) t_prf$(EXEEXT): t_prf.$(OBJEXT) $(KRB5_BASE_DEPLIBS) $(CC_LINK) -o $@ t_prf.$(OBJEXT) $(KRB5_BASE_LIBS) -t_prng$(EXEEXT): t_prng.$(OBJEXT) $(KRB5_BASE_DEPLIBS) - $(CC_LINK) -o $@ t_prng.$(OBJEXT) $(KRB5_BASE_LIBS) - t_cmac$(EXEEXT): t_cmac.$(OBJEXT) $(KRB5_BASE_DEPLIBS) $(CC_LINK) -o $@ t_cmac.$(OBJEXT) $(KRB5_BASE_LIBS) @@ -133,7 +128,7 @@ t_cf2$(EXEEXT): t_cf2.$(OBJEXT) $(KRB5_BASE_DEPLIBS) clean: $(RM) t_nfold.o t_nfold t_encrypt t_encrypt.o \ - t_decrypt.o t_decrypt t_prng.o t_prng t_cmac.o t_cmac \ + t_decrypt.o t_decrypt t_cmac.o t_cmac \ t_hmac.o t_hmac t_pkcs5.o t_pkcs5 pbkdf2.o t_prf t_prf.o \ aes-test.o aes-test vt.txt vk.txt kresults.out \ t_cts.o t_cts \ @@ -145,7 +140,6 @@ clean: camellia-test camellia-test.o camellia-vt.txt \ t_cf2 t_cf2.o t_cf2.output - -$(RM) t_prng.output -$(RM) t_prf.output @lib_frag@ diff --git a/src/lib/crypto/crypto_tests/t_prng.c b/src/lib/crypto/crypto_tests/t_prng.c deleted file mode 100644 index 36b7b670c1..0000000000 --- a/src/lib/crypto/crypto_tests/t_prng.c +++ /dev/null @@ -1,90 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* lib/crypto/crypto_tests/t_prng.c */ -/* - * Copyright (C) 2001 by the Massachusetts Institute of Technology. - * All rights reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -/* - * This file contains tests for the PRNG code in Kerberos. It reads - * an input file, and writes an output file. It is assumed that the - * output file will be diffed against expected output to see whether - * regression tests pass. The input file has a very primitive format. - * It is composed of alternating seeds and outputs. The first line in - * the file is an integer source id from the krb5_c_randsource enum in - * krb5.h. Then an integer seed length is read. Then that many bytes - * (encoded in hex) are read; whitespace or newlines may be inserted - * between bytes. Then after the seed data is an integer describing - * how many bytes of output should be written. Then another source ID - * and seed length is read. If the seed length is 0, the source id is - * ignored and the seed is not seeded. - */ - -#include "k5-int.h" -#include - -int main () { - krb5_error_code ret; - krb5_data input, output; - unsigned int source_id, seed_length; - unsigned int i; - while (1) { - /* Read source*/ - if (scanf ("%u", &source_id ) == EOF ) - break; - /* Read seed length*/ - if (scanf ("%u", &seed_length) == EOF) - break; - if (seed_length ) { - unsigned int lc; - ret = alloc_data(&input, seed_length); - assert(!ret); - for (lc = seed_length; lc > 0; lc--) { - scanf ("%2x", &i); - input.data[seed_length-lc] = (unsigned) (i&0xff); - } - ret = krb5_c_random_add_entropy (0, source_id, &input); - assert(!ret); - free (input.data); - input.data = NULL; - } - if (scanf ("%u", &i) == EOF) - break; - if (i) { - ret = alloc_data(&output, i); - assert(!ret); - ret = krb5_c_random_make_octets (0, &output); - if (ret) - printf ("failed\n"); - else { - for (; i > 0; i--) { - printf ("%02x", - (unsigned int) ((unsigned char ) output.data[output.length-i])); - } - printf ("\n"); - } - free (output.data); - output.data = NULL; - } - } - return (0); -} diff --git a/src/lib/crypto/krb/Makefile.in b/src/lib/crypto/krb/Makefile.in index b74e6f7ccf..c5576b87de 100644 --- a/src/lib/crypto/krb/Makefile.in +++ b/src/lib/crypto/krb/Makefile.in @@ -54,7 +54,6 @@ STLIBOBJS=\ prf_dk.o \ prf_rc4.o \ prng.o \ - prng_$(PRNG_ALG).o \ random_to_key.o \ s2k_pbkdf2.o \ s2k_rc4.o \ @@ -113,7 +112,6 @@ OBJS=\ $(OUTPRE)prf_dk.$(OBJEXT) \ $(OUTPRE)prf_rc4.$(OBJEXT) \ $(OUTPRE)prng.$(OBJEXT) \ - $(OUTPRE)prng_$(PRNG_ALG).$(OBJEXT) \ $(OUTPRE)random_to_key.$(OBJEXT) \ $(OUTPRE)s2k_pbkdf2.$(OBJEXT) \ $(OUTPRE)s2k_rc4.$(OBJEXT) \ @@ -172,7 +170,6 @@ SRCS=\ $(srcdir)/prf_dk.c \ $(srcdir)/prf_rc4.c \ $(srcdir)/prng.c \ - $(srcdir)/prng_$(PRNG_ALG).c \ $(srcdir)/cf2.c \ $(srcdir)/random_to_key.c \ $(srcdir)/s2k_pbkdf2.c \ @@ -180,7 +177,6 @@ SRCS=\ $(srcdir)/state.c \ $(srcdir)/string_to_cksumtype.c \ $(srcdir)/string_to_key.c \ - $(srcdir)/t_fortuna.c \ $(srcdir)/valid_cksumtype.c \ $(srcdir)/verify_checksum.c \ $(srcdir)/verify_checksum_iov.c @@ -192,17 +188,7 @@ includes: depend depend: $(SRCS) -check-unix: t_fortuna - if [ $(PRNG_ALG) = fortuna ]; then \ - $(RUN_TEST) ./t_fortuna > t_fortuna.output && \ - cmp t_fortuna.output $(srcdir)/t_fortuna.expected; \ - fi - -t_fortuna: t_fortuna.o $(SUPPORT_DEPLIB) $(CRYPTO_DEPLIB) - $(CC_LINK) -o $@ t_fortuna.o $(K5CRYPTO_LIB) $(SUPPORT_LIB) $(LIBS) - clean-unix:: clean-libobjs - $(RM) t_fortuna.o t_fortuna t_fortuna.output @lib_frag@ @libobj_frag@ diff --git a/src/lib/crypto/krb/crypto_int.h b/src/lib/crypto/krb/crypto_int.h index 6e1096e50f..862ccea695 100644 --- a/src/lib/crypto/krb/crypto_int.h +++ b/src/lib/crypto/krb/crypto_int.h @@ -25,7 +25,7 @@ */ /* This header is the entry point for libk5crypto sources, and also documents - * requirements for crypto modules and PRNG modules. */ + * requirements for crypto modules. */ #ifndef CRYPTO_INT_H #define CRYPTO_INT_H @@ -481,49 +481,11 @@ int krb5int_crypto_impl_init(void); void krb5int_crypto_impl_cleanup(void); /* - * Modules must provide a crypto_mod.h header at the top level. To work with - * the default PRNG module (prng_fortuna.c), crypto_mod.h must #define or - * prototype the following symbols: - * - * aes_encrypt_ctx - Stack-allocatable type for an AES-256 key schedule - * k5_aes_encrypt_key256(key, ctxptr) -- initialize an AES-256 key schedule - * k5_aes_encrypt(in, out, ctxptr) -- encrypt a block - * SHA256_CTX - Stack-allocatable type for a SHA-256 hash state - * k5_sha256_init(ctxptr) - Initialize a hash state - * k5_sha256_update(ctxptr, data, size) -- Hash some data - * k5_sha256_final(ctxptr, out) -- Finalize a state, writing hash into out - * - * These functions must never fail on valid inputs, and contexts must remain - * valid across forks. If the module cannot meet those constraints, then it - * should provide its own PRNG module and the build system should ensure that - * it is used. - * - * The function symbols named above are also in the library export list (so - * they can be used by the t_fortuna.c test code), so even if the module - * defines them away or doesn't work with Fortuna, the module must provide - * stubs; see stubs.c in the openssl module for examples. + * Modules must provide a crypto_mod.h header at the top level. */ #include -/*** PRNG module declarations ***/ - -/* - * PRNG modules must implement the following APIs from krb5.h: - * krb5_c_random_add_entropy - * krb5_c_random_make_octets - * krb5_c_random_os_entropy - * - * PRNG modules should implement these functions. They are called from the - * crypto library init and cleanup functions, and can be used to setup and tear - * down static state without thread safety concerns. - */ -int k5_prng_init(void); -void k5_prng_cleanup(void); - -/* Used by PRNG modules to gather OS entropy. Returns true on success. */ -krb5_boolean k5_get_os_entropy(unsigned char *buf, size_t len, int strong); - /*** Inline helper functions ***/ /* Find an enctype by number in the enctypes table. */ diff --git a/src/lib/crypto/krb/crypto_libinit.c b/src/lib/crypto/krb/crypto_libinit.c index 3b62ff5de0..ba5258039e 100644 --- a/src/lib/crypto/krb/crypto_libinit.c +++ b/src/lib/crypto/krb/crypto_libinit.c @@ -10,10 +10,6 @@ MAKE_FINI_FUNCTION(cryptoint_cleanup_library); int cryptoint_initialize_library (void) { - int err; - err = k5_prng_init(); - if (err) - return err; return krb5int_crypto_impl_init(); } @@ -30,6 +26,5 @@ void cryptoint_cleanup_library (void) { if (!INITIALIZER_RAN(cryptoint_initialize_library)) return; - k5_prng_cleanup(); krb5int_crypto_impl_cleanup(); } diff --git a/src/lib/crypto/krb/prng.c b/src/lib/crypto/krb/prng.c index cb9ca9b983..d6b79e2dea 100644 --- a/src/lib/crypto/krb/prng.c +++ b/src/lib/crypto/krb/prng.c @@ -35,14 +35,12 @@ krb5_c_random_seed(krb5_context context, krb5_data *data) /* Routines to get entropy from the OS. */ #if defined(_WIN32) -krb5_boolean -k5_get_os_entropy(unsigned char *buf, size_t len, int strong) +static krb5_boolean +get_os_entropy(unsigned char *buf, size_t len) { krb5_boolean result; HCRYPTPROV provider; - /* CryptGenRandom is always considered strong. */ - if (!CryptAcquireContext(&provider, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) return FALSE; @@ -95,10 +93,9 @@ cleanup: return result; } -krb5_boolean -k5_get_os_entropy(unsigned char *buf, size_t len, int strong) +static krb5_boolean +get_os_entropy(unsigned char *buf, size_t len) { - const char *device; #if defined(__linux__) && defined(SYS_getrandom) int r; @@ -127,8 +124,30 @@ k5_get_os_entropy(unsigned char *buf, size_t len, int strong) return TRUE; #endif /* defined(__linux__) && defined(SYS_getrandom) */ - device = strong ? "/dev/random" : "/dev/urandom"; - return read_entropy_from_device(device, buf, len); + return read_entropy_from_device("/dev/urandom", buf, len); } #endif /* not Windows */ + +krb5_error_code KRB5_CALLCONV +krb5_c_random_make_octets(krb5_context context, krb5_data *outdata) +{ + krb5_boolean res; + + res = get_os_entropy((uint8_t *)outdata->data, outdata->length); + return res ? 0 : KRB5_CRYPTO_INTERNAL; +} + +krb5_error_code KRB5_CALLCONV +krb5_c_random_add_entropy(krb5_context context, unsigned int randsource, + const krb5_data *indata) +{ + return 0; +} + +krb5_error_code KRB5_CALLCONV +krb5_c_random_os_entropy(krb5_context context, int strong, int *success) +{ + *success = 0; + return 0; +} diff --git a/src/lib/crypto/krb/prng_device.c b/src/lib/crypto/krb/prng_device.c deleted file mode 100644 index bef5b37524..0000000000 --- a/src/lib/crypto/krb/prng_device.c +++ /dev/null @@ -1,99 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* lib/crypto/krb/prng_device.c - OS device-based PRNG implementation */ -/* - * Copyright (C) 2011 by the Massachusetts Institute of Technology. - * All rights reserved. - * - * - * Export of this software from the United States of America may require - * a specific license from the United States Government. It is the - * responsibility of any person or organization contemplating export to - * obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -/* - * This file implements a PRNG module which relies on the system's /dev/urandom - * device. An OS packager can select this module given sufficient confidence - * in the operating system's native PRNG quality. - */ - -#include "crypto_int.h" - -#define DEVICE "/dev/urandom" - -static int fd = -1; - -int -k5_prng_init(void) -{ - /* Try to open the random device read-write; if that fails, read-only is - * okay. */ - fd = open(DEVICE, O_RDWR, 0); - if (fd == -1) - fd = open(DEVICE, O_RDONLY, 0); - if (fd == -1) - return errno; - return 0; -} - -void -k5_prng_cleanup(void) -{ - close(fd); - fd = -1; -} - -krb5_error_code KRB5_CALLCONV -krb5_c_random_add_entropy(krb5_context context, unsigned int randsource, - const krb5_data *indata) -{ - krb5_error_code ret; - - ret = krb5int_crypto_init(); - if (ret) - return ret; - - /* Some random devices let user-space processes contribute entropy. Don't - * worry if this fails. */ - (void)write(fd, indata->data, indata->length); - return 0; -} - -krb5_error_code KRB5_CALLCONV -krb5_c_random_make_octets(krb5_context context, krb5_data *outdata) -{ - char *buf = outdata->data; - size_t len = outdata->length; - ssize_t count; - - while (len > 0) { - count = read(fd, buf, len); - if (count == 0) /* Not expected from a random device. */ - return KRB5_CRYPTO_INTERNAL; - if (count == -1) - return errno; - buf += count; - len -= count; - } - return 0; -} - -krb5_error_code KRB5_CALLCONV -krb5_c_random_os_entropy(krb5_context context, int strong, int *success) -{ - return 0; -} diff --git a/src/lib/crypto/krb/prng_fortuna.c b/src/lib/crypto/krb/prng_fortuna.c deleted file mode 100644 index e73a5019bf..0000000000 --- a/src/lib/crypto/krb/prng_fortuna.c +++ /dev/null @@ -1,470 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* lib/crypto/krb/prng_fortuna.c - Fortuna PRNG implementation */ -/* - * Copyright (c) 2005 Marko Kreen - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ -/* - * Copyright (C) 2010, 2011 by the Massachusetts Institute of Technology. - * All rights reserved. - * - * - * Export of this software from the United States of America may require - * a specific license from the United States Government. It is the - * responsibility of any person or organization contemplating export to - * obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -/* - * This file implements the generator and accumulator parts of the Fortuna PRNG - * as described in chapter 9 of _Cryptography Engineering_ by Ferguson, - * Schneier, and Kohno. - * - * The generator, once seeded with an unguessable value, produces an unlimited - * number of pseudo-random outputs which cannot be used to determine the - * internal state of the generator (without an unreasonable amount of - * computational power). The generator protects against the case where the OS - * random number generator is not cryptographically secure, but can produce an - * unguessable initial seed. Successive reseeds of the generator will not make - * the internal state any more guessable than it was before. - * - * The accumulator is layered on top of the generator, and seeks to eventually - * recover from the case where the OS random number generator did not produce - * an unguessable initial seed. Unreliable entropy inputs are collected into - * 32 pools, which are used to reseed the generator when enough entropy has - * been collected. Each pool collects twice as much entropy between reseeds as - * the previous one; eventually a reseed will occur involving a pool with - * enough entropy that an attacker cannot maintain knowledge of the generator's - * internal state. The accumulator is only helpful for a long-running process - * such as a KDC which can submit periodic entropy inputs to the PRNG. - */ - -#include "crypto_int.h" - -/* The accumulator's number of pools. */ -#define NUM_POOLS 32 - -/* Minimum reseed interval in microseconds. */ -#define RESEED_INTERVAL 100000 /* 0.1 sec */ - -/* For one big request, change the key after this many bytes. */ -#define MAX_BYTES_PER_KEY (1 << 20) - -/* Reseed if pool 0 has had this many bytes added since last reseed. */ -#define MIN_POOL_LEN 64 - -/* AES-256 key size in bytes. */ -#define AES256_KEYSIZE (256/8) - -/* AES-256 block size in bytes. */ -#define AES256_BLOCKSIZE (128/8) - -/* SHA-256 block size in bytes. */ -#define SHA256_BLOCKSIZE (512/8) - -/* SHA-256 result size in bytes. */ -#define SHA256_HASHSIZE (256/8) - -/* Genarator - block cipher in CTR mode */ -struct fortuna_state -{ - /* Generator state. */ - unsigned char counter[AES256_BLOCKSIZE]; - unsigned char key[AES256_KEYSIZE]; - aes_encrypt_ctx ciph; - - /* Accumulator state. */ - SHA256_CTX pool[NUM_POOLS]; - unsigned int pool_index; - unsigned int reseed_count; - struct timeval last_reseed_time; - unsigned int pool0_bytes; -}; - -/* - * SHA[d]-256(m) is defined as SHA-256(SHA-256(0^512||m))--that is, hash a - * block full of zeros followed by the input data, then re-hash the result. - * These functions implement the SHA[d]-256 function on incremental inputs. - */ - -static void -shad256_init(SHA256_CTX *ctx) -{ - unsigned char zero[SHA256_BLOCKSIZE]; - - /* Initialize the inner SHA-256 context and update it with a zero block. */ - memset(zero, 0, sizeof(zero)); - k5_sha256_init(ctx); - k5_sha256_update(ctx, zero, sizeof(zero)); -} - -static void -shad256_update(SHA256_CTX *ctx, const unsigned char *data, int len) -{ - /* Feed the input to the inner SHA-256 context. */ - k5_sha256_update(ctx, data, len); -} - -static void -shad256_result(SHA256_CTX *ctx, unsigned char *dst) -{ - /* Finalize the inner context, then feed the result back through SHA256. */ - k5_sha256_final(dst, ctx); - k5_sha256_init(ctx); - k5_sha256_update(ctx, dst, SHA256_HASHSIZE); - k5_sha256_final(dst, ctx); -} - -/* Initialize state. */ -static void -init_state(struct fortuna_state *st) -{ - unsigned int i; - - memset(st, 0, sizeof(*st)); - for (i = 0; i < NUM_POOLS; i++) - shad256_init(&st->pool[i]); -} - -/* Increment st->counter using least significant byte first. */ -static void -inc_counter(struct fortuna_state *st) -{ - uint64_t val; - - val = load_64_le(st->counter) + 1; - store_64_le(val, st->counter); - if (val == 0) { - val = load_64_le(st->counter + 8) + 1; - store_64_le(val, st->counter + 8); - } -} - -/* Encrypt and increment st->counter in the current cipher context. */ -static void -encrypt_counter(struct fortuna_state *st, unsigned char *dst) -{ - k5_aes_encrypt(st->counter, dst, &st->ciph); - inc_counter(st); -} - -/* Reseed the generator based on hopefully non-guessable input. */ -static void -generator_reseed(struct fortuna_state *st, const unsigned char *data, - size_t len) -{ - SHA256_CTX ctx; - - /* Calculate SHA[d]-256(key||s) and make that the new key. Depend on the - * SHA-256 hash size being the AES-256 key size. */ - shad256_init(&ctx); - shad256_update(&ctx, st->key, AES256_KEYSIZE); - shad256_update(&ctx, data, len); - shad256_result(&ctx, st->key); - zap(&ctx, sizeof(ctx)); - k5_aes_encrypt_key256(st->key, &st->ciph); - - /* Increment counter. */ - inc_counter(st); -} - -/* Generate two blocks in counter mode and replace the key with the result. */ -static void -change_key(struct fortuna_state *st) -{ - encrypt_counter(st, st->key); - encrypt_counter(st, st->key + AES256_BLOCKSIZE); - k5_aes_encrypt_key256(st->key, &st->ciph); -} - -/* Output pseudo-random data from the generator. */ -static void -generator_output(struct fortuna_state *st, unsigned char *dst, size_t len) -{ - unsigned char result[AES256_BLOCKSIZE]; - size_t n, count = 0; - - while (len > 0) { - /* Produce bytes and copy the result into dst. */ - encrypt_counter(st, result); - n = (len < AES256_BLOCKSIZE) ? len : AES256_BLOCKSIZE; - memcpy(dst, result, n); - dst += n; - len -= n; - - /* Each time we reach MAX_BYTES_PER_KEY bytes, change the key. */ - count += AES256_BLOCKSIZE; - if (count >= MAX_BYTES_PER_KEY) { - change_key(st); - count = 0; - } - } - zap(result, sizeof(result)); - - /* Change the key after each request. */ - change_key(st); -} - -/* Reseed the generator using the accumulator pools. */ -static void -accumulator_reseed(struct fortuna_state *st) -{ - unsigned int i, n; - SHA256_CTX ctx; - unsigned char hash_result[SHA256_HASHSIZE]; - - n = ++st->reseed_count; - - /* - * Collect entropy from pools. We use the i-th pool only 1/(2^i) of the - * time so that each pool collects twice as much entropy between uses as - * the last. - */ - shad256_init(&ctx); - for (i = 0; i < NUM_POOLS; i++) { - if (n % (1 << i) != 0) - break; - - /* Harvest this pool's hash result into ctx, then reset the pool. */ - shad256_result(&st->pool[i], hash_result); - shad256_init(&st->pool[i]); - shad256_update(&ctx, hash_result, SHA256_HASHSIZE); - } - shad256_result(&ctx, hash_result); - generator_reseed(st, hash_result, SHA256_HASHSIZE); - zap(hash_result, SHA256_HASHSIZE); - zap(&ctx, sizeof(ctx)); - - /* Reset the count of bytes added to pool 0. */ - st->pool0_bytes = 0; -} - -/* Add possibly unguessable data to the next accumulator pool. */ -static void -accumulator_add_event(struct fortuna_state *st, const unsigned char *data, - size_t len) -{ - unsigned char lenbuf[2]; - SHA256_CTX *pool; - - /* Track how many bytes have been added to pool 0. */ - if (st->pool_index == 0 && st->pool0_bytes < MIN_POOL_LEN) - st->pool0_bytes += len; - - /* Hash events into successive accumulator pools. */ - pool = &st->pool[st->pool_index]; - st->pool_index = (st->pool_index + 1) % NUM_POOLS; - - /* - * Fortuna specifies that events are encoded with a source identifier byte, - * a length byte, and the event data itself. We do not have source - * identifiers and they're not really important, so just encode the - * length in two bytes instead. - */ - store_16_be(len, lenbuf); - shad256_update(pool, lenbuf, 2); - shad256_update(pool, data, len); -} - -/* Limit dependencies for test program. */ -#ifndef TEST - -/* Return true if RESEED_INTERVAL microseconds have passed since the last - * reseed. */ -static krb5_boolean -enough_time_passed(struct fortuna_state *st) -{ - struct timeval tv, *last = &st->last_reseed_time; - krb5_boolean ok = FALSE; - - gettimeofday(&tv, NULL); - - /* Check how much time has passed. */ - if (tv.tv_sec > last->tv_sec + 1) - ok = TRUE; - else if (tv.tv_sec == last->tv_sec + 1) { - if (1000000 + tv.tv_usec - last->tv_usec >= RESEED_INTERVAL) - ok = TRUE; - } else if (tv.tv_usec - last->tv_usec >= RESEED_INTERVAL) - ok = TRUE; - - /* Update last_reseed_time if we're returning success. */ - if (ok) - memcpy(last, &tv, sizeof(tv)); - - return ok; -} - -static void -accumulator_output(struct fortuna_state *st, unsigned char *dst, size_t len) -{ - /* Reseed the generator with data from pools if we have accumulated enough - * data and enough time has passed since the last accumulator reseed. */ - if (st->pool0_bytes >= MIN_POOL_LEN && enough_time_passed(st)) - accumulator_reseed(st); - - generator_output(st, dst, len); -} - -static k5_mutex_t fortuna_lock = K5_MUTEX_PARTIAL_INITIALIZER; -static struct fortuna_state main_state; -#ifdef _WIN32 -static DWORD last_pid; -#else -static pid_t last_pid; -#endif -static krb5_boolean have_entropy = FALSE; - -int -k5_prng_init(void) -{ - krb5_error_code ret = 0; - unsigned char osbuf[64]; - - ret = k5_mutex_finish_init(&fortuna_lock); - if (ret) - return ret; - - init_state(&main_state); -#ifdef _WIN32 - last_pid = GetCurrentProcessId(); -#else - last_pid = getpid(); -#endif - if (k5_get_os_entropy(osbuf, sizeof(osbuf), 0)) { - generator_reseed(&main_state, osbuf, sizeof(osbuf)); - have_entropy = TRUE; - } - - return 0; -} - -void -k5_prng_cleanup(void) -{ - have_entropy = FALSE; - zap(&main_state, sizeof(main_state)); - k5_mutex_destroy(&fortuna_lock); -} - -krb5_error_code KRB5_CALLCONV -krb5_c_random_add_entropy(krb5_context context, unsigned int randsource, - const krb5_data *indata) -{ - krb5_error_code ret; - - ret = krb5int_crypto_init(); - if (ret) - return ret; - k5_mutex_lock(&fortuna_lock); - if (randsource == KRB5_C_RANDSOURCE_OSRAND || - randsource == KRB5_C_RANDSOURCE_TRUSTEDPARTY) { - /* These sources contain enough entropy that we should use them - * immediately, so that they benefit the next request. */ - generator_reseed(&main_state, (unsigned char *)indata->data, - indata->length); - have_entropy = TRUE; - } else { - /* Other sources should just go into the pools and be used according to - * the accumulator logic. */ - accumulator_add_event(&main_state, (unsigned char *)indata->data, - indata->length); - } - k5_mutex_unlock(&fortuna_lock); - return 0; -} - -krb5_error_code KRB5_CALLCONV -krb5_c_random_make_octets(krb5_context context, krb5_data *outdata) -{ -#ifdef _WIN32 - DWORD pid = GetCurrentProcessId(); -#else - pid_t pid = getpid(); -#endif - unsigned char pidbuf[4]; - - k5_mutex_lock(&fortuna_lock); - - if (!have_entropy) { - k5_mutex_unlock(&fortuna_lock); - if (context != NULL) { - k5_set_error(&context->err, KRB5_CRYPTO_INTERNAL, - _("Random number generator could not be seeded")); - } - return KRB5_CRYPTO_INTERNAL; - } - - if (pid != last_pid) { - /* We forked; make sure child's PRNG stream differs from parent's. */ - store_32_be(pid, pidbuf); - generator_reseed(&main_state, pidbuf, 4); - last_pid = pid; - } - - accumulator_output(&main_state, (unsigned char *)outdata->data, - outdata->length); - k5_mutex_unlock(&fortuna_lock); - return 0; -} - -krb5_error_code KRB5_CALLCONV -krb5_c_random_os_entropy(krb5_context context, int strong, int *success) -{ - krb5_error_code ret; - krb5_data data; - uint8_t buf[64]; - int status = 0; - - if (!k5_get_os_entropy(buf, sizeof(buf), strong)) - goto done; - - data = make_data(buf, sizeof(buf)); - ret = krb5_c_random_add_entropy(context, KRB5_C_RANDSOURCE_OSRAND, &data); - if (ret) - goto done; - - status = 1; - -done: - if (success != NULL) - *success = status; - return 0; -} - -#endif /* not TEST */ diff --git a/src/lib/crypto/krb/prng_os.c b/src/lib/crypto/krb/prng_os.c deleted file mode 100644 index 8ea13e7fc1..0000000000 --- a/src/lib/crypto/krb/prng_os.c +++ /dev/null @@ -1,72 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* lib/crypto/krb/prng_os.c - OS PRNG implementation */ -/* - * Copyright (C) 2016 by the Massachusetts Institute of Technology. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * * Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/* - * This file implements a PRNG module which relies on the system's PRNG. An - * OS packager can select this module given sufficient confidence in the - * operating system's native PRNG quality. - */ - -#include "crypto_int.h" - -int -k5_prng_init(void) -{ - return 0; -} - -void -k5_prng_cleanup(void) -{ -} - -krb5_error_code KRB5_CALLCONV -krb5_c_random_add_entropy(krb5_context context, unsigned int randsource, - const krb5_data *indata) -{ - return 0; -} - -krb5_error_code KRB5_CALLCONV -krb5_c_random_make_octets(krb5_context context, krb5_data *outdata) -{ - krb5_boolean res; - - res = k5_get_os_entropy((uint8_t *)outdata->data, outdata->length, 0); - return res ? 0 : KRB5_CRYPTO_INTERNAL; -} - -krb5_error_code KRB5_CALLCONV -krb5_c_random_os_entropy(krb5_context context, int strong, int *success) -{ - return 0; -} diff --git a/src/lib/crypto/krb/t_fortuna.c b/src/lib/crypto/krb/t_fortuna.c deleted file mode 100644 index 508ffcf915..0000000000 --- a/src/lib/crypto/krb/t_fortuna.c +++ /dev/null @@ -1,179 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* lib/crypto/krb/t_fortuna.c - Fortuna test program */ -/* - * Copyright (c) 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ -/* - * Copyright (C) 2011 by the Massachusetts Institute of Technology. - * All rights reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include "k5-int.h" -#ifdef FORTUNA - -/* Include most of prng_fortuna.c so we can test the PRNG internals. */ -#define TEST -#include "prng_fortuna.c" - -static void -display(const unsigned char *data, size_t len) -{ - size_t i; - - for (i = 0; i < len; i++) - printf("%02X", data[i]); - printf("\n"); -} - -/* - * Generate data from st with its current internal state and check for - * significant bias in each bit of the resulting bytes. This test would have a - * small chance of failure on random inputs, but we have a predictable state - * after all the other tests have been run, so it will never fail if the PRNG - * operates the way we expect. - */ -static void -head_tail_test(struct fortuna_state *st) -{ - static unsigned char buffer[1024 * 1024]; - unsigned char c; - int i, len = sizeof(buffer); - int bit, bits[8] = { 0, 0, 0, 0, 0, 0, 0, 0 }; - double res; - - memset(buffer, 0, len); - - generator_output(st, buffer, len); - for (i = 0; i < len; i++) { - c = buffer[i]; - for (bit = 0; bit < 8 && c; bit++) { - if (c & 1) - bits[bit]++; - c = c >> 1; - } - } - - for (bit = 0; bit < 8; bit++) { - res = ((double)abs(len - bits[bit] * 2)) / (double)len; - if (res > 0.005){ - fprintf(stderr, - "Bit %d: %d zero, %d one exceeds 0.5%% variance (%f)\n", - bit, (int)len - bits[bit], bits[bit], res); - exit(1); - } - } -} - -int -main(int argc, char **argv) -{ - struct fortuna_state test_state; - struct fortuna_state *st = &test_state; - static unsigned char buf[2 * 1024 * 1024]; - unsigned int i; - - /* Seed the generator with a known state. */ - init_state(&test_state); - generator_reseed(st, (unsigned char *)"test", 4); - - /* Generate two pieces of output; key should change for each request. */ - generator_output(st, buf, 32); - display(buf, 32); - generator_output(st, buf, 32); - display(buf, 32); - - /* Generate a lot of output to test key changes during request. */ - generator_output(st, buf, sizeof(buf)); - display(buf, 32); - display(buf + sizeof(buf) - 32, 32); - - /* Reseed the generator and generate more output. */ - generator_reseed(st, (unsigned char *)"retest", 6); - generator_output(st, buf, 32); - display(buf, 32); - - /* Add sample data to accumulator pools. */ - for (i = 0; i < 44; i++) { - store_32_be(i, buf); - accumulator_add_event(st, buf, 4); - } - assert(st->pool_index == 12); - assert(st->pool0_bytes == 8); - - /* Exercise accumulator reseeds. */ - accumulator_reseed(st); - generator_output(st, buf, 32); - display(buf, 32); - accumulator_reseed(st); - generator_output(st, buf, 32); - display(buf, 32); - accumulator_reseed(st); - generator_output(st, buf, 32); - display(buf, 32); - for (i = 0; i < 1000; i++) - accumulator_reseed(st); - assert(st->reseed_count == 1003); - generator_output(st, buf, 32); - display(buf, 32); - - head_tail_test(st); - return 0; -} - -#else /* FORTUNA */ - -int -main() -{ - return 0; -} - -#endif /* FORTUNA */ diff --git a/src/lib/crypto/krb/t_fortuna.expected b/src/lib/crypto/krb/t_fortuna.expected deleted file mode 100644 index 2d5738c15f..0000000000 --- a/src/lib/crypto/krb/t_fortuna.expected +++ /dev/null @@ -1,9 +0,0 @@ -A7C846B4EEAF6AB78AB33FFC77197BB0364C364E5A4259593464162B14C494F1 -EDC0776CA17E4FC395823653D1956D6873A55A1829D85D8B46340F3C9DD113F2 -B551F4EDF860BEB49E89BFF9B60BFD955ED85B070E18667189450962C503CBE5 -069A4F41D88CC12927672F1039C50DD50A0713E0AD542A6CDCD1E75CC4E7FB36 -E4EBA939FB027DACF1E7406461703C57B48D8BC0A1039A170FAD5E35C088B789 -68199B6755105BC22C343BD339EA2035E7A3F9535DC83DE3436C794EABA18B34 -49AD3C22E015666A269F37CA47EEF075860CC21588F3CF8D7EB5A9DC4D59C0F4 -9EFCB204F1B588A918B6A81D1E0E25C78C0921CF4839BE38D698EE8E30097BED -66B252E879C2548A3FC3FEAF6B7ABCDBAFB1A45F5FB68EB49AB12CC13B1A091B diff --git a/src/lib/crypto/libk5crypto.exports b/src/lib/crypto/libk5crypto.exports index d6cc1b423a..d87ddd61a6 100644 --- a/src/lib/crypto/libk5crypto.exports +++ b/src/lib/crypto/libk5crypto.exports @@ -96,12 +96,7 @@ krb5int_enc_camellia128 krb5int_enc_camellia256 krb5int_derive_key krb5int_derive_random -k5_aes_encrypt -k5_aes_encrypt_key256 k5_sha256 -k5_sha256_final -k5_sha256_init -k5_sha256_update krb5int_nfold k5_allow_weak_pbkdf2iter krb5_c_prfplus diff --git a/src/lib/crypto/openssl/Makefile.in b/src/lib/crypto/openssl/Makefile.in index aa434b1685..c1f320e156 100644 --- a/src/lib/crypto/openssl/Makefile.in +++ b/src/lib/crypto/openssl/Makefile.in @@ -7,22 +7,19 @@ STLIBOBJS=\ hmac.o \ init.o \ pbkdf2.o \ - sha256.o \ - stubs.o + sha256.o OBJS=\ $(OUTPRE)hmac.$(OBJEXT) \ $(OUTPRE)init.$(OBJEXT) \ $(OUTPRE)pbkdf2.$(OBJEXT) \ - $(OUTPRE)sha256.$(OBJEXT) \ - $(OUTPRE)stubs.$(OBJEXT) + $(OUTPRE)sha256.$(OBJEXT) SRCS=\ $(srcdir)/hmac.c \ $(srcdir)/init.c \ $(srcdir)/pbkdf2.c \ - $(srcdir)/sha256.c \ - $(srcdir)/stubs.c + $(srcdir)/sha256.c STOBJLISTS= des/OBJS.ST md4/OBJS.ST \ md5/OBJS.ST sha1/OBJS.ST sha2/OBJS.ST \ diff --git a/src/lib/crypto/openssl/crypto_mod.h b/src/lib/crypto/openssl/crypto_mod.h index cbf2f9e869..d6f5b2aaae 100644 --- a/src/lib/crypto/openssl/crypto_mod.h +++ b/src/lib/crypto/openssl/crypto_mod.h @@ -44,11 +44,4 @@ #define EVP_MD_CTX_free EVP_MD_CTX_destroy #endif -#define aes_encrypt_ctx AES_KEY -#define k5_aes_encrypt_key256(k, ctx) AES_set_encrypt_key(k, 256, ctx) -#define k5_aes_encrypt(in, out, ctx) AES_encrypt(in, out, ctx) -#define k5_sha256_init SHA256_Init -#define k5_sha256_update SHA256_Update -#define k5_sha256_final SHA256_Final - #endif /* CRYPTO_MOD_H */ diff --git a/src/lib/crypto/openssl/stubs.c b/src/lib/crypto/openssl/stubs.c deleted file mode 100644 index 2f48d8ef80..0000000000 --- a/src/lib/crypto/openssl/stubs.c +++ /dev/null @@ -1,69 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* lib/crypto/openssl/stubs.c - OpenSSL stub functions */ -/* - * Copyright (C) 2011 by the Massachusetts Institute of Technology. - * All rights reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -/* - * This file defines symbols which must be exported by libk5crypto because they - * are in the export list (for the sake of test programs), but which are not - * used when OpenSSL is the back end. - */ - -#include "k5-int.h" - -/* - * These functions are used by the Fortuna PRNG and test program. They are - * defined to OpenSSL equivalents when the OpenSSL back end headers are - * used. - */ -void k5_aes_encrypt(void); -void k5_aes_encrypt_key256(void); -void k5_sha256_final(void); -void k5_sha256_init(void); -void k5_sha256_update(void); - -void k5_aes_encrypt(void) -{ - abort(); -} - -void k5_aes_encrypt_key256(void) -{ - abort(); -} - -void k5_sha256_final(void) -{ - abort(); -} - -void k5_sha256_init(void) -{ - abort(); -} - -void k5_sha256_update(void) -{ - abort(); -} diff --git a/src/lib/krb5/krb/gen_save_subkey.c b/src/lib/krb5/krb/gen_save_subkey.c index bc2c46d30c..d027271b99 100644 --- a/src/lib/krb5/krb/gen_save_subkey.c +++ b/src/lib/krb5/krb/gen_save_subkey.c @@ -33,24 +33,9 @@ k5_generate_and_save_subkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock *keyblock, krb5_enctype enctype) { - /* Provide some more fodder for random number code. - This isn't strong cryptographically; the point here is not - to guarantee randomness, but to make it less likely that multiple - sessions could pick the same subkey. */ - struct { - krb5_timestamp sec; - krb5_int32 usec; - } rnd_data; - krb5_data d; krb5_error_code retval; krb5_keyblock *kb = NULL; - if (krb5_crypto_us_timeofday(&rnd_data.sec, &rnd_data.usec) == 0) { - d.length = sizeof(rnd_data); - d.data = (char *) &rnd_data; - krb5_c_random_add_entropy(context, KRB5_C_RANDSOURCE_TIMING, &d); - } - retval = krb5_generate_subkey_extended(context, keyblock, enctype, &kb); if (retval) return retval; diff --git a/src/lib/krb5/krb/gen_seqnum.c b/src/lib/krb5/krb/gen_seqnum.c index 7ac282122f..74855c7cc4 100644 --- a/src/lib/krb5/krb/gen_seqnum.c +++ b/src/lib/krb5/krb/gen_seqnum.c @@ -36,26 +36,12 @@ #define MIN(a,b) ((a) < (b) ? (a) : (b)) #endif -static inline krb5_data -key2data (krb5_keyblock k) -{ - krb5_data d; - d.magic = KV5M_DATA; - d.length = k.length; - d.data = (char *) k.contents; - return d; -} - krb5_error_code krb5_generate_seq_number(krb5_context context, const krb5_keyblock *key, krb5_ui_4 *seqno) { krb5_data seed; krb5_error_code retval; - seed = key2data(*key); - if ((retval = krb5_c_random_add_entropy(context, KRB5_C_RANDSOURCE_TRUSTEDPARTY, &seed))) - return(retval); - seed.length = sizeof(*seqno); seed.data = (char *) seqno; retval = krb5_c_random_make_octets(context, &seed); diff --git a/src/lib/krb5/krb/gen_subkey.c b/src/lib/krb5/krb/gen_subkey.c index 45f7b18e7a..fe6fdecf2a 100644 --- a/src/lib/krb5/krb/gen_subkey.c +++ b/src/lib/krb5/krb/gen_subkey.c @@ -26,16 +26,6 @@ #include "k5-int.h" -static inline krb5_data -key2data (krb5_keyblock k) -{ - krb5_data d; - d.magic = KV5M_DATA; - d.length = k.length; - d.data = (char *) k.contents; - return d; -} - krb5_error_code krb5_generate_subkey_extended(krb5_context context, const krb5_keyblock *key, @@ -43,17 +33,10 @@ krb5_generate_subkey_extended(krb5_context context, krb5_keyblock **subkey) { krb5_error_code retval; - krb5_data seed; krb5_keyblock *keyblock; *subkey = NULL; - seed = key2data(*key); - retval = krb5_c_random_add_entropy(context, KRB5_C_RANDSOURCE_TRUSTEDPARTY, - &seed); - if (retval) - return retval; - keyblock = malloc(sizeof(krb5_keyblock)); if (!keyblock) return ENOMEM; diff --git a/src/lib/krb5/krb/init_ctx.c b/src/lib/krb5/krb/init_ctx.c index aa35baa3c9..87b486c53f 100644 --- a/src/lib/krb5/krb/init_ctx.c +++ b/src/lib/krb5/krb/init_ctx.c @@ -157,12 +157,6 @@ krb5_init_context_profile(profile_t profile, krb5_flags flags, { krb5_context ctx = 0; krb5_error_code retval; - struct { - krb5_timestamp now; - krb5_int32 now_usec; - long pid; - } seed_data; - krb5_data seed; int tmp; char *plugin_dir = NULL; @@ -243,17 +237,6 @@ krb5_init_context_profile(profile_t profile, krb5_flags flags, goto cleanup; ctx->dns_canonicalize_hostname = tmp; - /* initialize the prng (not well, but passable) */ - if ((retval = krb5_c_random_os_entropy( ctx, 0, NULL)) !=0) - goto cleanup; - if ((retval = krb5_crypto_us_timeofday(&seed_data.now, &seed_data.now_usec))) - goto cleanup; - seed_data.pid = getpid (); - seed.length = sizeof(seed_data); - seed.data = (char *) &seed_data; - if ((retval = krb5_c_random_add_entropy(ctx, KRB5_C_RANDSOURCE_TIMING, &seed))) - goto cleanup; - ctx->default_realm = 0; get_integer(ctx, KRB5_CONF_CLOCKSKEW, DEFAULT_CLOCKSKEW, &tmp); ctx->clockskew = tmp; diff --git a/src/lib/krb5/krb/sendauth.c b/src/lib/krb5/krb/sendauth.c index 149e25dd73..9e73294e16 100644 --- a/src/lib/krb5/krb/sendauth.c +++ b/src/lib/krb5/krb/sendauth.c @@ -126,29 +126,6 @@ krb5_sendauth(krb5_context context, krb5_auth_context *auth_context, credsp = in_creds; } - if (ap_req_options & AP_OPTS_USE_SUBKEY) { - /* Provide some more fodder for random number code. - This isn't strong cryptographically; the point here is - not to guarantee randomness, but to make it less likely - that multiple sessions could pick the same subkey. */ - struct sockaddr_storage rnd_data; - GETPEERNAME_ARG3_TYPE len2; - krb5_data d = make_data(&rnd_data, sizeof(rnd_data)); - - len2 = sizeof(rnd_data); - if (getpeername(*(int *)fd, ss2sa(&rnd_data), &len2) == 0) { - d.length = len2; - (void)krb5_c_random_add_entropy( - context, KRB5_C_RANDSOURCE_EXTERNAL_PROTOCOL, &d); - } - len2 = sizeof(rnd_data); - if (getsockname(*(int *)fd, ss2sa(&rnd_data), &len2) == 0) { - d.length = len2; - (void)krb5_c_random_add_entropy( - context, KRB5_C_RANDSOURCE_EXTERNAL_PROTOCOL, &d); - } - } - outbuf[0].data = NULL; /* Coverity is confused otherwise */ if ((retval = krb5_mk_req_extended(context, auth_context, ap_req_options, in_data, credsp, diff --git a/src/tests/t_iprop.py b/src/tests/t_iprop.py index 09ec24953b..b356971dbb 100755 --- a/src/tests/t_iprop.py +++ b/src/tests/t_iprop.py @@ -239,7 +239,7 @@ for realm in multidb_realms(kdc_conf=conf, create_user=False, replica2_kprop_port = str(realm.portbase + 9) kadmind_proponly = realm.start_server([kadmind, '-r', realm.realm, '-nofork', '-proponly', - '-W', '-p', kdb5_util, + '-p', kdb5_util, '-K', kprop, '-k', replica2_kprop_port, '-F', replica1_out_dump_path], diff --git a/src/util/k5test.py b/src/util/k5test.py index 9a9151b195..1917bbc335 100644 --- a/src/util/k5test.py +++ b/src/util/k5test.py @@ -1046,7 +1046,7 @@ class K5Realm(object): def create_kdb(self): global kdb5_util - self.run([kdb5_util, 'create', '-W', '-s', '-P', 'master']) + self.run([kdb5_util, 'create', '-s', '-P', 'master']) def start_kdc(self, args=[], env=None): global krb5kdc @@ -1067,7 +1067,7 @@ class K5Realm(object): env = self.env assert(self._kadmind_proc is None) dump_path = os.path.join(self.testdir, 'dump') - self._kadmind_proc = _start_daemon([kadmind, '-nofork', '-W', + self._kadmind_proc = _start_daemon([kadmind, '-nofork', '-p', kdb5_util, '-K', kprop, '-F', dump_path], env, 'starting...') -- 2.47.2