diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2005-09-27 22:46:32 +1000 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2005-09-27 22:46:32 +1000 |
| commit | c6f8219e0d4ee1f64fb7b4da88523c951a03c68a (patch) | |
| tree | d861d4cbccee17f7de7c864e1d26634c0174741d /sshd.c | |
| parent | f1377bdeed3ca7268c6a5d3fa171a09df7be9064 (diff) | |
| download | openssh-git-c6f8219e0d4ee1f64fb7b4da88523c951a03c68a.tar.gz | |
- (dtucker) [entropy.c entropy.h sshd.c] Pass RNG seed to the reexec'ed
process when sshd relies on ssh-random-helper. Should result in faster
logins on systems without a real random device or prngd. ok djm@
Diffstat (limited to 'sshd.c')
| -rw-r--r-- | sshd.c | 14 |
1 files changed, 12 insertions, 2 deletions
@@ -800,6 +800,7 @@ send_rexec_state(int fd, Buffer *conf) * bignum iqmp " * bignum p " * bignum q " + * string rngseed (only if OpenSSL is not self-seeded) */ buffer_init(&m); buffer_put_cstring(&m, buffer_ptr(conf)); @@ -816,6 +817,10 @@ send_rexec_state(int fd, Buffer *conf) } else buffer_put_int(&m, 0); +#ifndef OPENSSL_PRNG_ONLY + rexec_send_rng_seed(&m); +#endif + if (ssh_msg_send(fd, 0, &m) == -1) fatal("%s: ssh_msg_send failed", __func__); @@ -858,6 +863,11 @@ recv_rexec_state(int fd, Buffer *conf) rsa_generate_additional_parameters( sensitive_data.server_key->rsa); } + +#ifndef OPENSSL_PRNG_ONLY + rexec_recv_rng_seed(&m); +#endif + buffer_free(&m); debug3("%s: done", __func__); @@ -1051,8 +1061,6 @@ main(int ac, char **av) drop_cray_privs(); #endif - seed_rng(); - sensitive_data.server_key = NULL; sensitive_data.ssh1_host_key = NULL; sensitive_data.have_ssh1_key = 0; @@ -1071,6 +1079,8 @@ main(int ac, char **av) if (!rexec_flag) buffer_free(&cfg); + seed_rng(); + /* Fill in default values for those options not explicitly set. */ fill_default_server_options(&options); |