diff options
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | entropy.c | 26 | ||||
-rw-r--r-- | openbsd-compat/bsd-arc4random.c | 24 | ||||
-rw-r--r-- | ssh-agent.c | 1 | ||||
-rw-r--r-- | ssh-keygen.c | 1 | ||||
-rw-r--r-- | ssh.c | 2 | ||||
-rw-r--r-- | sshd.c | 2 |
7 files changed, 40 insertions, 22 deletions
@@ -1,3 +1,7 @@ +20010319 + - (djm) Seed PRNG at startup, rather than waiting for arc4random calls to + do it implicitly. + 20010318 - (bal) Fixed scp type casing issue which causes "scp: protocol error: size not delimited" fatal errors when tranfering. @@ -4596,4 +4600,4 @@ - Wrote replacements for strlcpy and mkdtemp - Released 1.0pre1 -$Id: ChangeLog,v 1.971 2001/03/18 02:43:16 tim Exp $ +$Id: ChangeLog,v 1.972 2001/03/18 22:38:15 djm Exp $ @@ -40,7 +40,7 @@ #include "pathnames.h" #include "log.h" -RCSID("$Id: entropy.c,v 1.35 2001/03/03 13:29:21 djm Exp $"); +RCSID("$Id: entropy.c,v 1.36 2001/03/18 22:38:16 djm Exp $"); #ifndef offsetof # define offsetof(type, member) ((size_t) &((type *)0)->member) @@ -68,7 +68,8 @@ RCSID("$Id: entropy.c,v 1.35 2001/03/03 13:29:21 djm Exp $"); # define SAVED_IDS_WORK_WITH_SETEUID #endif -void check_openssl_version(void) +void +check_openssl_version(void) { if (SSLeay() != OPENSSL_VERSION_NUMBER) fatal("OpenSSL version mismatch. Built against %lx, you " @@ -83,7 +84,8 @@ void check_openssl_version(void) #ifdef USE_PRNGD /* Collect entropy from PRNGD/EGD */ -int get_random_bytes(unsigned char *buf, int len) +int +get_random_bytes(unsigned char *buf, int len) { int fd; char msg[2]; @@ -180,7 +182,8 @@ done: #else /* !USE_PRNGD */ #ifdef RANDOM_POOL /* Collect entropy from /dev/urandom or pipe */ -int get_random_bytes(unsigned char *buf, int len) +int +get_random_bytes(unsigned char *buf, int len) { int random_pool; @@ -226,7 +229,8 @@ seed_rng(void) memset(buf, '\0', sizeof(buf)); } -void init_rng(void) +void +init_rng(void) { check_openssl_version(); } @@ -403,8 +407,7 @@ stir_rusage(int who, double entropy_estimate) } -static -int +static int _get_timeval_msec_difference(struct timeval *t1, struct timeval *t2) { int secdiff, usecdiff; @@ -842,8 +845,10 @@ seed_rng(void) /* commands */ old_sigchld_handler = mysignal(SIGCHLD, SIG_DFL); - debug("Seeded RNG with %i bytes from programs", (int)stir_from_programs()); - debug("Seeded RNG with %i bytes from system calls", (int)stir_from_system()); + debug("Seeded RNG with %i bytes from programs", + (int)stir_from_programs()); + debug("Seeded RNG with %i bytes from system calls", + (int)stir_from_system()); if (!RAND_status()) fatal("Not enough entropy in RNG"); @@ -854,7 +859,8 @@ seed_rng(void) fatal("Couldn't initialise builtin random number generator -- exiting."); } -void init_rng(void) +void +init_rng(void) { int original_euid; diff --git a/openbsd-compat/bsd-arc4random.c b/openbsd-compat/bsd-arc4random.c index 87c7da5f..2f313070 100644 --- a/openbsd-compat/bsd-arc4random.c +++ b/openbsd-compat/bsd-arc4random.c @@ -24,7 +24,7 @@ #include "includes.h" -RCSID("$Id: bsd-arc4random.c,v 1.2 2001/02/09 01:55:36 djm Exp $"); +RCSID("$Id: bsd-arc4random.c,v 1.3 2001/03/18 22:38:16 djm Exp $"); #ifndef HAVE_ARC4RANDOM @@ -43,10 +43,15 @@ static RC4_KEY rc4; unsigned int arc4random(void) { unsigned int r = 0; + static int first_time = 1; - if (rc4_ready <= 0) + if (rc4_ready <= 0) { + if (!first_time) + seed_rng(); + first_time = 0; arc4random_stir(); - + } + RC4(&rc4, sizeof(r), (unsigned char *)&r, (unsigned char *)&r); rc4_ready -= sizeof(r); @@ -57,17 +62,14 @@ unsigned int arc4random(void) void arc4random_stir(void) { unsigned char rand_buf[SEED_SIZE]; - - memset(&rc4, 0, sizeof(rc4)); - - seed_rng(); - RAND_bytes(rand_buf, sizeof(rand_buf)); - + memset(&rc4, 0, sizeof(rc4)); + if (!RAND_bytes(rand_buf, sizeof(rand_buf))) + fatal("Couldn't obtain random bytes (error %ld)", + ERR_get_error()); RC4_set_key(&rc4, sizeof(rand_buf), rand_buf); - memset(rand_buf, 0, sizeof(rand_buf)); - + rc4_ready = REKEY_BYTES; } #endif /* !HAVE_ARC4RANDOM */ diff --git a/ssh-agent.c b/ssh-agent.c index 5a774d57..8c4b5397 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -740,6 +740,7 @@ main(int ac, char **av) __progname = get_progname(av[0]); init_rng(); + seed_rng(); #ifdef __GNU_LIBRARY__ while ((ch = getopt(ac, av, "+cks")) != -1) { diff --git a/ssh-keygen.c b/ssh-keygen.c index b9ea0178..086b8ad4 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -639,6 +639,7 @@ main(int ac, char **av) __progname = get_progname(av[0]); init_rng(); + seed_rng(); SSLeay_add_all_algorithms(); @@ -576,6 +576,8 @@ main(int ac, char **av) /* reinit */ log_init(av[0], options.log_level, SYSLOG_FACILITY_USER, 1); + seed_rng(); + if (options.user == NULL) options.user = xstrdup(pw->pw_name); @@ -687,6 +687,8 @@ main(int ac, char **av) options.log_facility == -1 ? SYSLOG_FACILITY_AUTH : options.log_facility, !inetd_flag); + seed_rng(); + /* Read server configuration options from the configuration file. */ read_server_config(&options, config_file_name); |