Use RAND_bytes() + DES_is_weak_key() to generate random DES

key. Introdunce random by feeding the des session key into the random
pool when the keys is recived instead of encrypt the random key with
the kerberos key.

This avoid depenency on DES_new_random_key() that doesn't exists in OpenSSL.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23091 ec53bebd-3082-4978-b11e-865c3cabbd6b

diff --git a/appl/telnet/libtelnet/enc_des.c b/appl/telnet/libtelnet/enc_des.c
index 970f3513c03f85bec0a322cec09fe2014f781492..21c2f3e567a958961bc56cefe69eccfe89864599 100644 (file)
--- a/appl/telnet/libtelnet/enc_des.c
+++ b/appl/telnet/libtelnet/enc_des.c
@@ -209,12 +209,13 @@ static int fb64_start(struct fb *fbp, int dir, int server)
                /*
                 * Create a random feed and send it over.
                 */
-               if (DES_new_random_key(&fbp->temp_feed))
-                   abort();
-                   
-               DES_ecb_encrypt(&fbp->temp_feed,
-                               &fbp->temp_feed,
-                               &fbp->krbdes_sched, 1);
+               do {
+                   if (RAND_bytes(fbp->temp_feed, 
+                                  sizeof(*fbp->temp_feed)) != 1)
+                       abort();
+                   DES_set_odd_parity(&fbp->temp_feed);
+               } while(DES_is_weak_key(&fbp->temp_feed));
+
                p = fbp->fb_feed + 3;
                *p++ = ENCRYPT_IS;
                p++;
@@ -394,6 +395,8 @@ static void fb64_session(Session_Key *key, int server, struct fb *fbp)
        fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_ENCRYPT-1]);
        fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_DECRYPT-1]);
 
+       RAND_seed(key->data, key->length);
+
        DES_set_key_checked((DES_cblock *)&fbp->krbdes_key,
                            &fbp->krbdes_sched);
        /*