From 85d4151c8abd7f6a32edc5bf6e6af5dcd332075f Mon Sep 17 00:00:00 2001 From: Sam Hartman Date: Tue, 8 Jan 2002 20:43:03 +0000 Subject: [PATCH] KDC support for new PRNG git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14090 dc483132-0cff-0310-8789-dd5450dbe970 --- src/kdc/ChangeLog | 9 +++++++++ src/kdc/dispatch.c | 24 +++++++++++++++++++++++- src/kdc/main.c | 10 ++-------- 3 files changed, 34 insertions(+), 9 deletions(-) diff --git a/src/kdc/ChangeLog b/src/kdc/ChangeLog index f0ea1bf10..3382706db 100644 --- a/src/kdc/ChangeLog +++ b/src/kdc/ChangeLog @@ -1,3 +1,8 @@ +2002-01-08 Sam Hartman + + * dispatch.c (dispatch): Add timing data between requests to PRNG + (dispatch): Grab random data from OS every hour + 2001-12-14 Ezra Peisach * main.c (main, init_realm): Get rid of variables set but never used. @@ -7,6 +12,10 @@ * kdc_util.c (subrealm, add_to_transited): Unsigned vs. signed int fixes. +2001-11-26 Sam Hartman + + * main.c (init_realm): Don't seed from current time; krb5_init_context already does that. + 2001-10-25 Tom Yu * do_as_req.c (process_as_req: Treat SUPPORT_DESMD5 as if it were diff --git a/src/kdc/dispatch.c b/src/kdc/dispatch.c index a1b020181..f7685c905 100644 --- a/src/kdc/dispatch.c +++ b/src/kdc/dispatch.c @@ -35,6 +35,8 @@ #include #include +static krb5_int32 last_usec = 0, last_os_random = 0; + krb5_error_code dispatch(pkt, from, portnum, response) krb5_data *pkt; @@ -45,7 +47,8 @@ dispatch(pkt, from, portnum, response) krb5_error_code retval; krb5_kdc_req *as_req; - + krb5_int32 now, now_usec; + /* decode incoming packet, and dispatch */ #ifndef NOCACHE @@ -74,6 +77,25 @@ dispatch(pkt, from, portnum, response) return 0; } #endif + retval = krb5_crypto_us_timeofday(&now, &now_usec); + if (retval == 0) { + krb5_int32 usec_difference = now_usec-last_usec; + krb5_data data; + if(last_os_random == 0) + last_os_random = now; + /* Grab random data from OS every hour*/ + if(now-last_os_random >= 60*60) { + krb5_c_random_os_entropy(kdc_context, 0, NULL); + last_os_random = now; + } + + data.length = sizeof(krb5_int32); + data.data = (void *) &usec_difference; + + krb5_c_random_add_entropy(kdc_context, + KRB5_C_RANDSOURCE_TIMING, &data); + last_usec = now_usec; + } /* try TGS_REQ first; they are more common! */ if (krb5_is_tgs_req(pkt)) { diff --git a/src/kdc/main.c b/src/kdc/main.c index d1568f158..1d9c264df 100644 --- a/src/kdc/main.c +++ b/src/kdc/main.c @@ -472,17 +472,11 @@ init_realm(progname, rdp, realm, def_dbname, def_mpname, * generators. */ - if ((kret = krb5_timeofday(rdp->realm_context, &now))) - goto whoops; - seed.length = sizeof(now); - seed.data = (char *) &now; - if ((kret = krb5_c_random_seed(rdp->realm_context, &seed))) - goto whoops; - seed.length = rdp->realm_mkey.length; seed.data = rdp->realm_mkey.contents; - if ((kret = krb5_c_random_seed(rdp->realm_context, &seed))) + if ((kret = krb5_c_random_add_entropy(rdp->realm_context, + KRB5_C_RANDSOURCE_TRUSTEDPARTY, &seed))) goto whoops; #ifdef KRB5_KRB4_COMPAT -- 2.26.2