diff options
author | Greg Hudson <ghudson@mit.edu> | 2021-09-27 13:38:10 -0400 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2021-10-12 10:44:07 -0400 |
commit | c5b413c3d59725c4e3c9b041e480f102f2188c63 (patch) | |
tree | edf0d26369c0a33ad3b0ac3f3d76d8f792bc6b7f /doc | |
parent | b5efdddd503020c2b64ccf9c30bb09117035f3ce (diff) | |
download | krb5-c5b413c3d59725c4e3c9b041e480f102f2188c63.zip krb5-c5b413c3d59725c4e3c9b041e480f102f2188c63.tar.gz krb5-c5b413c3d59725c4e3c9b041e480f102f2188c63.tar.bz2 |
Always use platform PRNG
Remove the fortuna and device PRNG modules and PRNG modularity, and
move the prng_os implementation into prng.c. Remove the crypto_mod.h
requirement to implement failure-free AES256 and SHA256. Deprecate
krb5_c_random_add_entropy() and krb5_c_random_os_entropy() and remove
their call sites. Deprecate and ignore the -W (weak random) option to
kadmind and kdb5_util create, and stop using it in the test suite.
ticket: 9032 (new)
Diffstat (limited to 'doc')
-rw-r--r-- | doc/build/options2configure.rst | 5 | ||||
-rw-r--r-- | doc/mitK5features.rst | 7 | ||||
-rw-r--r-- | doc/notice.rst | 30 | ||||
-rw-r--r-- | doc/thread-safe.txt | 7 |
4 files changed, 0 insertions, 49 deletions
diff --git a/doc/build/options2configure.rst b/doc/build/options2configure.rst index 8606107..9e355dc 100644 --- a/doc/build/options2configure.rst +++ b/doc/build/options2configure.rst @@ -337,11 +337,6 @@ Optional packages implemented crypto backend is ``openssl``. (See :ref:`mitK5features`) -**-**\ **-with-prng-alg=**\ *ALG* - Use specified PRNG algorithm. For example, to use the OS native - prng specify ``--with-prng-alg=os``. The default is ``fortuna``. - (See :ref:`mitK5features`) - **-**\ **-without-libedit** Do not compile and link against libedit. Some utilities will no longer offer command history or completion in interactive mode if diff --git a/doc/mitK5features.rst b/doc/mitK5features.rst index 4954bb3..afaf531 100644 --- a/doc/mitK5features.rst +++ b/doc/mitK5features.rst @@ -606,10 +606,3 @@ User experience: - S4U-X509-USER (release 1.8) https://msdn.microsoft.com/en-us/library/cc246091 - OTP (release 1.12) :ref:`otp_preauth` - SPAKE (release 1.17) :ref:`spake` - -`PRNG` - -- modularity (release 1.9) -- Yarrow PRNG (release < 1.10) -- Fortuna PRNG (release 1.9) https://www.schneier.com/book-practical.html -- OS PRNG (release 1.10) OS's native PRNG diff --git a/doc/notice.rst b/doc/notice.rst index 1c96e11..a9630d6 100644 --- a/doc/notice.rst +++ b/doc/notice.rst @@ -727,36 +727,6 @@ have the following copyright and permission notice: ------------------- -Portions of the implementation of the Fortuna-like PRNG are subject to -the following notice: - - | Copyright |copy| 2005 Marko Kreen - | All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - - 1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" AND - ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - SUCH DAMAGE. - -.. - Copyright |copy| 1994 by the University of Southern California EXPORT OF THIS SOFTWARE from the United States of America may diff --git a/doc/thread-safe.txt b/doc/thread-safe.txt index 2aa49cf..d6c8c6e 100644 --- a/doc/thread-safe.txt +++ b/doc/thread-safe.txt @@ -116,11 +116,6 @@ trees, and a mutex to protect it. libk5crypto -Uses of the Yarrow code from the krb5 crypto interface are protected -by a single mutex. Initialization of the Yarrow state will be done -once, the first time these routines are called. Calls directly to the -Yarrow functions are not protected. - Uses ctype macros; what happens if the locale is changed in a multi-threaded program? @@ -128,8 +123,6 @@ Debug var in pbkdf2.c. Statics: pbkdf2.c: debug variable. -Statics: prng.c: Global Yarrow data and mutex. - Statics: crypto_libinit.c: library initializer aux data. ---------------- |