KDC support for new PRNG

author Sam Hartman <hartmans@mit.edu>

Tue, 8 Jan 2002 20:43:03 +0000 (20:43 +0000)

committer Sam Hartman <hartmans@mit.edu>

Tue, 8 Jan 2002 20:43:03 +0000 (20:43 +0000)
author Sam Hartman <hartmans@mit.edu>
Tue, 8 Jan 2002 20:43:03 +0000 (20:43 +0000)
committer Sam Hartman <hartmans@mit.edu>
Tue, 8 Jan 2002 20:43:03 +0000 (20:43 +0000)
diff --git a/src/kdc/ChangeLog b/src/kdc/ChangeLog

index f0ea1bf1065ede469e60303219a233f9e4848a34..3382706dbced724db29d218ce263360fbf8688a4 100644 (file)
--- a/src/kdc/ChangeLog
+++ b/src/kdc/ChangeLog
@@ -1,3 +1,8 @@
+2002-01-08  Sam Hartman  <hartmans@mit.edu>
+
+       * dispatch.c (dispatch): Add timing data between requests to PRNG
+       (dispatch): Grab random data from OS every hour
+
  2001-12-14  Ezra Peisach  <epeisach@mit.edu>
  
         * main.c (main, init_realm): Get rid of variables set but never used. 
@@ -7,6 +12,10 @@
         * kdc_util.c (subrealm, add_to_transited): Unsigned vs. signed int
         fixes.
  
+2001-11-26  Sam Hartman  <hartmans@mit.edu>
+
+       * main.c (init_realm): Don't seed from current time; krb5_init_context already does that.
+
  2001-10-25  Tom Yu  <tlyu@mit.edu>
  
         * do_as_req.c (process_as_req: Treat SUPPORT_DESMD5 as if it were
diff --git a/src/kdc/dispatch.c b/src/kdc/dispatch.c

index a1b0201815b33a0b9baa9e99a72b2d3df4207b9b..f7685c9051fea608823946b45cfea5f7c8be86b4 100644 (file)
--- a/src/kdc/dispatch.c
+++ b/src/kdc/dispatch.c
@@ -35,6 +35,8 @@
  #include <arpa/inet.h>
  #include <string.h>
  
+static krb5_int32 last_usec = 0, last_os_random = 0;
+
  krb5_error_code
  dispatch(pkt, from, portnum, response)
      krb5_data *pkt;
@@ -45,7 +47,8 @@ dispatch(pkt, from, portnum, response)
  
      krb5_error_code retval;
      krb5_kdc_req *as_req;
-
+    krb5_int32 now, now_usec;
+    
      /* decode incoming packet, and dispatch */
  
  #ifndef NOCACHE
@@ -74,6 +77,25 @@ dispatch(pkt, from, portnum, response)
         return 0;
      }
  #endif
+    retval = krb5_crypto_us_timeofday(&now, &now_usec);
+    if (retval == 0) {
+      krb5_int32 usec_difference = now_usec-last_usec;
+      krb5_data data;
+      if(last_os_random == 0)
+       last_os_random = now;
+      /* Grab random data from OS every hour*/
+      if(now-last_os_random >= 60*60) {
+       krb5_c_random_os_entropy(kdc_context, 0, NULL);
+       last_os_random = now;
+      }
+      
+      data.length = sizeof(krb5_int32);
+      data.data = (void *) &usec_difference;
+      
+      krb5_c_random_add_entropy(kdc_context,
+                               KRB5_C_RANDSOURCE_TIMING, &data);
+      last_usec = now_usec;
+    }
      /* try TGS_REQ first; they are more common! */
  
      if (krb5_is_tgs_req(pkt)) {
diff --git a/src/kdc/main.c b/src/kdc/main.c

index d1568f15887bdf3acb28964d947f3d7deef13fff..1d9c264df2bc9866e3f2c2d52b408ba9b3bc6706 100644 (file)
--- a/src/kdc/main.c
+++ b/src/kdc/main.c
@@ -472,17 +472,11 @@ init_realm(progname, rdp, realm, def_dbname, def_mpname,
          * generators.
          */
  
-       if ((kret = krb5_timeofday(rdp->realm_context, &now)))
-           goto whoops;
-       seed.length = sizeof(now);
-       seed.data = (char *) &now;
-       if ((kret = krb5_c_random_seed(rdp->realm_context, &seed)))
-           goto whoops;
-
         seed.length = rdp->realm_mkey.length;
         seed.data = rdp->realm_mkey.contents;
  
-       if ((kret = krb5_c_random_seed(rdp->realm_context, &seed)))
+       if ((kret = krb5_c_random_add_entropy(rdp->realm_context,
+                                            KRB5_C_RANDSOURCE_TRUSTEDPARTY, &seed)))
             goto whoops;
  
  #ifdef KRB5_KRB4_COMPAT
author	Sam Hartman <hartmans@mit.edu>
	Tue, 8 Jan 2002 20:43:03 +0000 (20:43 +0000)
committer	Sam Hartman <hartmans@mit.edu>
	Tue, 8 Jan 2002 20:43:03 +0000 (20:43 +0000)
src/kdc/ChangeLog		patch \| blob \| history
src/kdc/dispatch.c		patch \| blob \| history
src/kdc/main.c		patch \| blob \| history