From d2ecc5a8af1f3a972a5da1e879d2d30ac08829ae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= Date: Sun, 27 Apr 2008 18:49:41 +0000 Subject: [PATCH] Use RAND_bytes() + DES_is_weak_key() to generate random DES key. Introdunce random by feeding the des session key into the random pool when the keys is recived instead of encrypt the random key with the kerberos key. This avoid depenency on DES_new_random_key() that doesn't exists in OpenSSL. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23091 ec53bebd-3082-4978-b11e-865c3cabbd6b --- appl/telnet/libtelnet/enc_des.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/appl/telnet/libtelnet/enc_des.c b/appl/telnet/libtelnet/enc_des.c index 970f3513c..21c2f3e56 100644 --- a/appl/telnet/libtelnet/enc_des.c +++ b/appl/telnet/libtelnet/enc_des.c @@ -209,12 +209,13 @@ static int fb64_start(struct fb *fbp, int dir, int server) /* * Create a random feed and send it over. */ - if (DES_new_random_key(&fbp->temp_feed)) - abort(); - - DES_ecb_encrypt(&fbp->temp_feed, - &fbp->temp_feed, - &fbp->krbdes_sched, 1); + do { + if (RAND_bytes(fbp->temp_feed, + sizeof(*fbp->temp_feed)) != 1) + abort(); + DES_set_odd_parity(&fbp->temp_feed); + } while(DES_is_weak_key(&fbp->temp_feed)); + p = fbp->fb_feed + 3; *p++ = ENCRYPT_IS; p++; @@ -394,6 +395,8 @@ static void fb64_session(Session_Key *key, int server, struct fb *fbp) fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_ENCRYPT-1]); fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_DECRYPT-1]); + RAND_seed(key->data, key->length); + DES_set_key_checked((DES_cblock *)&fbp->krbdes_key, &fbp->krbdes_sched); /*