From: Ken Raeburn Date: Tue, 6 Mar 2001 00:47:32 +0000 (+0000) Subject: prng.c: use des3 now X-Git-Tag: krb5-1.3-alpha1~1641 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=dce11d06547b52fa2f4591e9a7d4cbeb77a9f3d0;p=krb5.git prng.c: use des3 now git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13057 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/lib/crypto/ChangeLog b/src/lib/crypto/ChangeLog index 3d8c438ad..4e961ab9e 100644 --- a/src/lib/crypto/ChangeLog +++ b/src/lib/crypto/ChangeLog @@ -1,3 +1,8 @@ +2001-03-05 Ken Raeburn + + * prng.c: Clean up some comments. + (enc): Use des3 now. + 2001-01-29 Ken Raeburn * make_checksum.c (krb5_c_make_checksum): Clear checksum contents diff --git a/src/lib/crypto/prng.c b/src/lib/crypto/prng.c index c89bc8b19..ebad1fe90 100644 --- a/src/lib/crypto/prng.c +++ b/src/lib/crypto/prng.c @@ -28,17 +28,16 @@ #include "enc_provider.h" /* This random number generator is a feedback generator based on a - block cipher. It uses DES by default, since it guaranteed to be - present in the system, but can be changed. As new seed data comes - in, the old state is folded with the new seed into new state. Each - time random bytes are requested, the seed is used as a key and - cblock, and the encryption is used as the output. The output is - fed back as new seed data, as described above. */ + block cipher. It uses triple-DES by default now, but can be + changed, since everything uses it abstractly. -/* this can be replaced with another encryption provider, since - everything below uses it abstractly */ + As new seed data comes in, the old state is folded with the new + seed into new state. Each time random bytes are requested, the + seed is used as a key and cblock, and the encryption is used as the + output. The output is fed back as new seed data, as described + above. */ -static const struct krb5_enc_provider *const enc = &krb5_enc_des; +static const struct krb5_enc_provider *const enc = &krb5_enc_des3; /* XXX state. Should it be in krb5_context? */ @@ -64,9 +63,9 @@ krb5_c_random_seed(krb5_context context, krb5_data *data) unsigned char *fold_input; if (inited == 0) { - /* this does a bunch of malloc'ing up front, so that + /* This does a bunch of malloc'ing up front, so that generating random keys doesn't have to malloc, so it can't - fail. seeding still malloc's, but that's less common. */ + fail. Seeding still malloc's, but that's less common. */ enc->block_size(&blocksize); enc->keysize(&keybytes, &keylength); @@ -102,8 +101,9 @@ krb5_c_random_make_octets(krb5_context context, krb5_data *data) int bytes; if (inited == 0) { - /* i need some entropy. I'd use the current time and pid, but - that could cause portability problems. */ + /* I need some entropy. I'd use the current time and pid, but + that could cause portability problems. And besides, as an + entropy source, the quality just sucks. */ abort(); } @@ -129,7 +129,7 @@ krb5_c_random_make_octets(krb5_context context, krb5_data *data) if ((ret = ((*(enc->encrypt))(&key, NULL, &data1, &data2)))) return(ret); - /* fold the new output back into the state */ + /* Fold the new output back into the state. */ krb5_nfold(OUTPUTSIZE*8, OUTPUT, STATESIZE*8, NEWSTATE); memcpy(STATE, NEWSTATE, STATESIZE);