summaryrefslogtreecommitdiff
path: root/entropy.c
Commit message (Collapse)AuthorAgeFilesLines
* Remove seed passing over reexec.Darren Tucker2022-11-101-34/+0
| | | | | | | | This was added for the benefit of platforms using ssh-rand-helper to prevent a delay on each connection as sshd reseeded itself. ssh-random-helper is long gone, and since the re-exec happens before the chroot the re-execed sshd can reseed itself normally. ok djm@
* Split EGD/PRNGD interface into its own file.Darren Tucker2021-06-181-123/+0
| | | | This will allow us to use it when building --without-openssl.
* Fix a couple of mysig_t leftovers.Darren Tucker2020-01-231-1/+1
|
* upstream: Replace all calls to signal(2) with a wrapper arounddtucker@openbsd.org2020-01-231-2/+2
| | | | | | | | sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations. OpenBSD-Commit-ID: 5e047663fd77a40d7b07bdabe68529df51fd2519
* typo in commentDamien Miller2019-10-021-1/+1
|
* Add headers to prevent warnings w/out OpenSSL.Darren Tucker2019-07-231-0/+4
|
* Add missing bracket in EGD seeding code.Darren Tucker2019-07-061-3/+4
| | | | | | When configured --with-prngd-socket the code had a missing bracket after an API change. Fix that and a couple of warnings. bz#3032 , from ole.weidner at protonmail.ch
* Move RANDOM_SEED_SIZE outside ifdef.Darren Tucker2018-11-231-2/+2
| | | | | RANDOM_SEED_SIZE is used by both the OpenSSL and non-OpenSSL code This fixes the build with configureed --without-openssl.
* refactor libcrypto initialisationDamien Miller2018-11-231-13/+22
| | | | | | | | | | Don't call OpenSSL_add_all_algorithms() unless OpenSSL actually supports it. Move all libcrypto initialisation to a single function, and call that from seed_rng() that is called early in each tool's main(). Prompted by patch from Rosen Penev
* remove remaining references to SSLeayDamien Miller2018-10-231-2/+4
| | | | Prompted by Rosen Penev
* Adapt portable to legacy buffer API removalDamien Miller2018-07-101-13/+19
|
* Replace remaining mysignal() with signal().Darren Tucker2018-02-151-2/+2
| | | | | | These seem to have been missed during the replacement of mysignal with #define signal in commit 5ade9ab. Both include the requisite headers to pick up the #define.
* support --without-openssl at configure timeDamien Miller2015-01-151-0/+12
| | | | | | | | Disables and removes dependency on OpenSSL. Many features don't work and the set of crypto options is greatly restricted. This will only work on system with native arc4random or /dev/urandom. Considered highly experimental for now.
* - djm@cvs.openbsd.org 2014/06/24 01:13:21Damien Miller2014-07-021-0/+2
| | | | | | | | | | | | | | | | | | | | | | | [Makefile.in auth-bsdauth.c auth-chall.c auth-options.c auth-rsa.c [auth2-none.c auth2-pubkey.c authfile.c authfile.h cipher-3des1.c [cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h [digest-libc.c digest-openssl.c digest.h dns.c entropy.c hmac.h [hostfile.c key.c key.h krl.c monitor.c packet.c rsa.c rsa.h [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c [ssh-keygen.c ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c [ssh-rsa.c sshbuf-misc.c sshbuf.h sshconnect.c sshconnect1.c [sshconnect2.c sshd.c sshkey.c sshkey.h [openbsd-compat/openssl-compat.c openbsd-compat/openssl-compat.h] New key API: refactor key-related functions to be more library-like, existing API is offered as a set of wrappers. with and ok markus@ Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review a few months ago. NB. This commit also removes portable OpenSSH support for OpenSSL <0.9.8e.
* - (dtucker) [entropy.c openbsd-compat/openssl-compat.{c,h}Darren Tucker2014-06-171-10/+1
| | | | | | | | openbsd-compat/regress/{.cvsignore,Makefile.in,opensslvertest.c}] Move the OpenSSL header/library version test into its own function and add tests for it. Fix it to allow fix version upgrades (but not downgrades). Prompted by chl@ via OpenSMTPD (issue #462) and Debian (bug #748150). ok djm@ chl@
* - (djm) [entropy.c] bz#1991: relax OpenSSL version test to allow runningDamien Miller2012-03-301-2/+7
| | | | | openssh binaries on a newer fix release than they were compiled on. with and ok dtucker@
* - (djm) [Makefile.in WARNING.RNG aclocal.m4 buildpkg.sh.in configure.ac]Damien Miller2011-05-051-99/+139
| | | | | | | | | [entropy.c ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c] [ssh-keysign.c ssh-pkcs11-helper.c ssh-rand-helper.8 ssh-rand-helper.c] [ssh.c ssh_prng_cmds.in sshd.c contrib/aix/buildbff.sh] [regress/README.regress] Remove ssh-rand-helper and all its tentacles. PRNGd seeding has been rolled into entropy.c directly. Thanks to tim@ for testing on affected platforms.
* - (djm) [entropy.c] cast OPENSSL_VERSION_NUMBER to u_long to avoidDamien Miller2011-01-131-1/+1
| | | | gcc warning on platforms where it defaults to int
* - (dtucker) [entropy.c scard-opensc.c ssh-rand-helper.c] Bug #1294: includeDarren Tucker2007-03-131-1/+2
| | | | string.h to prevent warnings, from vapier at gentoo.org.
* - (dtucker) [entropy.c] Bug #1238: include signal.h to fix compilation errorDarren Tucker2006-09-281-0/+1
| | | | | on Solaris 8 w/out /dev/random or prngd. Patch from rl at math.technion.ac.il.
* - (djm) [audit-bsm.c audit.c auth-bsdauth.c auth-chall.c auth-pam.c]Damien Miller2006-09-011-0/+1
| | | | | | | | | | | | | | | | | [auth-rsa.c auth-shadow.c auth-sia.c auth1.c auth2-chall.c] [auth2-gss.c auth2-kbdint.c auth2-none.c authfd.c authfile.c] [cipher-3des1.c cipher-aes.c cipher-bf1.c cipher-ctr.c clientloop.c] [dh.c dns.c entropy.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c] [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c loginrec.c mac.c] [md5crypt.c monitor.c monitor_wrap.c readconf.c rsa.c] [scard-opensc.c scard.c session.c ssh-add.c ssh-agent.c ssh-dss.c] [ssh-keygen.c ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c] [sshconnect1.c sshconnect2.c sshd.c rc4.diff] [openbsd-compat/bsd-cray.c openbsd-compat/port-aix.c] [openbsd-compat/port-linux.c openbsd-compat/port-solaris.c] [openbsd-compat/port-uw.c] Lots of headers for SCO OSR6, mainly adding stdarg.h for log.h; compile problems reported by rac AT tenzing.org
* - (dtucker) [entropy.c] Needs unistd.h too.Darren Tucker2006-08-051-0/+1
|
* - (djm) [auth-pam.c auth.c bufaux.h entropy.c openbsd-compat/port-tun.c]Damien Miller2006-08-051-1/+0
| | | | | remove last traces of bufaux.h - it was merged into buffer.h in the big includes.h commit
* - (dtucker) [entropy.c] More fcntl.h, this time on AIX (and probablyDarren Tucker2006-07-111-0/+8
| | | | others).
* - deraadt@cvs.openbsd.org 2006/03/19 18:51:18Damien Miller2006-03-261-2/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | [atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c] [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c] [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c] [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c] [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c] [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c] [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c] [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c] [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c] [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c] [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c] [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c] [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c] [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c] [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c] [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c] [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c] [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c] [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c] [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c] [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c] [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c] [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c] RCSID() can die
* - (dtucker) [entropy.c] Add headers for WIFEXITED and friends.Darren Tucker2006-03-161-1/+4
|
* - (dtucker) [entropy.c] Use u_char for receiving RNG seed for consistencyDarren Tucker2005-09-281-2/+2
|
* - (dtucker) [entropy.c entropy.h sshd.c] Pass RNG seed to the reexec'edDarren Tucker2005-09-271-1/+31
| | | | | process when sshd relies on ssh-random-helper. Should result in faster logins on systems without a real random device or prngd. ok djm@
* - (dtucker) [entropy.c] Remove unnecessary tests for getuid and geteuidDarren Tucker2005-09-271-5/+3
| | | | calls, since they can't possibly fail. ok djm@
* -(djm) [audit.c auth1.c auth2.c entropy.c loginrec.c serverloop.c]Damien Miller2005-07-171-3/+3
| | | | [ssh-rand-helper.c] fix portable 2nd level indents at 4 spaces too
* more whitespace (tabs this time)Damien Miller2003-11-211-2/+2
|
* - djm@cvs.openbsd.org 2003/11/21 11:57:03Damien Miller2003-11-211-11/+11
| | | | | | [everything] unexpand and delete whitespace at EOL; ok markus@ (done locally and RCS IDs synced)
* - (bal) redo how we handle 'mysignal()'. Move it toBen Lindstrom2003-08-251-3/+3
| | | | | openbsd-compat/bsd-misc.c, s/mysignal/signal/ and #define signal to be our 'mysignal' by default. OK djm@
* - (djm) A few type mismatch fixes from Bug #565Damien Miller2003-05-161-3/+3
|
* unexpandBen Lindstrom2002-06-091-2/+2
|
* [entropy.c.] Portability fix for SCO Unix 3.2v4.x (SCO OSR 3.0).Tim Rice2002-04-211-4/+5
| | | | | entropy.c needs seteuid(getuid()) for the setuid(original_uid) to succeed. Patch by gert@greenie.muc.de. This fixes one part of Bug 208
* - (djm) Avoid SIGCHLD breakage when run from rsync. Fix fromDamien Miller2002-04-181-1/+4
| | | | Sturle Sunde <sturle.sunde@usit.uio.no>
* - (stevesk) entropy.c: typo in debug messageKevin Steves2002-03-111-2/+2
|
* - (djm) autoconf hacking:Damien Miller2002-01-221-3/+12
| | | | | | | | | - We don't support --without-zlib currently, so don't allow it. - Rework cryptographic random number support detection. We now detect whether OpenSSL seeds itself. If it does, then we don't bother with the ssh-rand-helper program. You can force the use of ssh-rand-helper using the --with-rand-helper configure argument - Simplify and clean up ssh-rand-helper configuration
* - (djm) Ignore fix & patchlevel in OpenSSL version check. Patch fromDamien Miller2001-12-241-851/+75
| | | | | | | | | | solar@openwall.com - (djm) Rework entropy code. If the OpenSSL PRNG is has not been internally seeded, execute a subprogram "ssh-rand-helper" to obtain some entropy for us. Rewrite the old in-process entropy collecter as an example ssh-rand-helper. - (djm) Always perform ssh_prng_cmds path lookups in configure, even if we don't end up using ssh_prng_cmds (so we always get a valid file)
* - (djm) Fix interrupted read in entropy gatherer. Spotted by markus@ onDamien Miller2001-08-061-2/+4
| | | | a fast UltraSPARC.
* - (djm) Fix a few warnings the above turned upDamien Miller2001-06-271-3/+3
|
* - (djm) Seed PRNG at startup, rather than waiting for arc4random calls toDamien Miller2001-03-191-10/+16
| | | | do it implicitly.
* - Allow PRNGd entropy collection from localhost TCP socket. ReplaceDamien Miller2001-03-041-23/+52
| | | | | | "--with-egd-pool" configure option with "--with-prngd-socket" and "--with-prngd-port" options. Debugged and improved by Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
* avoid warningDamien Miller2001-02-271-3/+3
|
* - (djm) Warning fix on entropy.c saved uid stuff. Patch from Mark MillerDamien Miller2001-02-271-5/+5
| | | | <markm@swoon.net>
* - (djm) fatal() on OpenSSL version mismatchDamien Miller2001-02-271-3/+16
|
* - (djm) Fix up POSIX saved uid support. Report from Mark MillerDamien Miller2001-02-271-1/+5
| | | | | <markm@swoon.net> - (djm) Search for -lcrypt on FreeBSD too
* - (djm) Some systems (SCO3, NeXT) have weird saved uid semantics.Damien Miller2001-02-261-1/+22
| | | | Based on patch from Tim Rice <tim@multitalents.net>
* - (stevesk) entropy.c: typo; should be SIGPIPEKevin Steves2001-02-181-2/+2
|
View Lorry Controller Status