Use RAND_bytes() + DES_is_weak_key() to generate random DES

key. Introdunce random by feeding the des session key into the random
pool when the keys is recived instead of encrypt the random key with
the kerberos key.

This avoid depenency on DES_new_random_key() that doesn't exists in OpenSSL.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23091 ec53bebd-3082-4978-b11e-865c3cabbd6b

appl/telnet/libtelnet/enc_des.c

@@ -209,12 +209,13 @@ static int fb64_start(struct fb *fbp, int dir, int server)
 		/*
 		 * Create a random feed and send it over.
 		 */
-		if (DES_new_random_key(&fbp->temp_feed))
-		    abort();
-		    
-		DES_ecb_encrypt(&fbp->temp_feed,
-				&fbp->temp_feed,
-				&fbp->krbdes_sched, 1);
+		do {
+		    if (RAND_bytes(fbp->temp_feed, 
+				   sizeof(*fbp->temp_feed)) != 1)
+			abort();
+		    DES_set_odd_parity(&fbp->temp_feed);
+		} while(DES_is_weak_key(&fbp->temp_feed));
+
 		p = fbp->fb_feed + 3;
 		*p++ = ENCRYPT_IS;
 		p++;
@@ -394,6 +395,8 @@ static void fb64_session(Session_Key *key, int server, struct fb *fbp)
 	fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_ENCRYPT-1]);
 	fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_DECRYPT-1]);
 
+	RAND_seed(key->data, key->length);
+
 	DES_set_key_checked((DES_cblock *)&fbp->krbdes_key,
 			    &fbp->krbdes_sched);
 	/*