From ceac2815bb9bba589f8dd933ec213747536b3aa4 Mon Sep 17 00:00:00 2001
From: Love Hornquist Astrand <lha@h5l.org>
Date: Tue, 6 Oct 2009 06:00:24 -0700
Subject: [PATCH] Just use RAND_bytes() for generating random bytes

---
 lib/krb5/generate_seq_number.c | 24 ++++++------------------
 1 file changed, 6 insertions(+), 18 deletions(-)

diff --git a/lib/krb5/generate_seq_number.c b/lib/krb5/generate_seq_number.c
index 2764f1a91..b7bd8b99f 100644
--- a/lib/krb5/generate_seq_number.c
+++ b/lib/krb5/generate_seq_number.c
@@ -38,23 +38,11 @@ krb5_generate_seq_number(krb5_context context,
 			 const krb5_keyblock *key,
 			 uint32_t *seqno)
 {
-    krb5_error_code ret;
-    krb5_keyblock *subkey;
-    uint32_t q;
-    u_char *p;
-    int i;
-
-    ret = krb5_generate_subkey (context, key, &subkey);
-    if (ret)
-	return ret;
-
-    q = 0;
-    for (p = (u_char *)subkey->keyvalue.data, i = 0;
-	 i < subkey->keyvalue.length;
-	 ++i, ++p)
-	q = (q << 8) | *p;
-    q &= 0xffffffff;
-    *seqno = q;
-    krb5_free_keyblock (context, subkey);
+    if (RAND_bytes((void *)seqno, sizeof(*seqno)) != 1)
+	krb5_abortx(context, "Failed to generate random block");
+    /* MIT used signed numbers, lets not stomp into that space directly */
+    *seqno &= 0x3fffffff;
+    if (*seqno == 0)
+	*seqno = 1;
     return 0;
 }
-- 
2.11.4.GIT