tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- (djm) [ssh-keygen.c ssh-keysign.c sshconnect1.c sshd.c] Remove 

unnecessary arc4random_stir() calls. The only ones left are to ensure
   that the PRNG gets a different state after fork() for platforms that
   have broken the API.
This commit is contained in:
Damien Miller 2013-10-26 10:05:46 +11:00
parent bd43e88723
commit 26506ad293
5 changed files with 6 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@ -1,3 +1,9 @@
20131025
- (djm) [ssh-keygen.c ssh-keysign.c sshconnect1.c sshd.c] Remove
unnecessary arc4random_stir() calls. The only ones left are to ensure
that the PRNG gets a different state after fork() for platforms that
have broken the API.
20131024 20131024
- (djm) [auth-krb5.c] bz#2032 - use local username in krb5_kuserok check - (djm) [auth-krb5.c] bz#2032 - use local username in krb5_kuserok check
rather than full client name which may be of form user@REALM; rather than full client name which may be of form user@REALM;

5
ssh-keygen.c
View File

@ -910,7 +910,6 @@ do_gen_all_hostkeys(struct passwd *pw)
} }
printf("%s ", key_types[i].key_type_display); printf("%s ", key_types[i].key_type_display);
fflush(stdout); fflush(stdout);
arc4random_stir();
type = key_type_from_name(key_types[i].key_type); type = key_type_from_name(key_types[i].key_type);
strlcpy(identity_file, key_types[i].path, sizeof(identity_file)); strlcpy(identity_file, key_types[i].path, sizeof(identity_file));
bits = 0; bits = 0;
@ -932,7 +931,6 @@ do_gen_all_hostkeys(struct passwd *pw)
continue; continue;
} }
key_free(private); key_free(private);
arc4random_stir();
strlcat(identity_file, ".pub", sizeof(identity_file)); strlcat(identity_file, ".pub", sizeof(identity_file));
fd = open(identity_file, O_WRONLY | O_CREAT | O_TRUNC, 0644); fd = open(identity_file, O_WRONLY | O_CREAT | O_TRUNC, 0644);
if (fd == -1) { if (fd == -1) {
@ -2543,8 +2541,6 @@ main(int argc, char **argv)
return (0); return (0);
} }
arc4random_stir();
if (key_type_name == NULL) if (key_type_name == NULL)
key_type_name = "rsa"; key_type_name = "rsa";
@ -2638,7 +2634,6 @@ passphrase_again:
/* Clear the private key and the random number generator. */ /* Clear the private key and the random number generator. */
key_free(private); key_free(private);
arc4random_stir();
if (!quiet) if (!quiet)
printf("Your identification has been saved in %s.\n", identity_file); printf("Your identification has been saved in %s.\n", identity_file);

1
ssh-keysign.c
View File

@ -179,7 +179,6 @@ main(int argc, char **argv)
permanently_set_uid(pw); permanently_set_uid(pw);
seed_rng(); seed_rng();
arc4random_stir();
#ifdef DEBUG_SSH_KEYSIGN #ifdef DEBUG_SSH_KEYSIGN
log_init("ssh-keysign", SYSLOG_LEVEL_DEBUG3, SYSLOG_FACILITY_AUTH, 0); log_init("ssh-keysign", SYSLOG_LEVEL_DEBUG3, SYSLOG_FACILITY_AUTH, 0);

3
sshconnect1.c
View File

@ -542,9 +542,6 @@ ssh_kex(char *host, struct sockaddr *hostaddr)
derive_ssh1_session_id(host_key->rsa->n, server_key->rsa->n, cookie, session_id); derive_ssh1_session_id(host_key->rsa->n, server_key->rsa->n, cookie, session_id);
/* Generate a session key. */
arc4random_stir();
/* /*
* Generate an encryption key for the session. The key is a 256 bit * Generate an encryption key for the session. The key is a 256 bit
* random number, interpreted as a 32-byte key, with the least * random number, interpreted as a 32-byte key, with the least

4
sshd.c
View File

@ -398,7 +398,6 @@ generate_ephemeral_server_key(void)
verbose("RSA key generation complete."); verbose("RSA key generation complete.");
arc4random_buf(sensitive_data.ssh1_cookie, SSH_SESSION_KEY_LENGTH); arc4random_buf(sensitive_data.ssh1_cookie, SSH_SESSION_KEY_LENGTH);
arc4random_stir();
} }
/*ARGSUSED*/ /*ARGSUSED*/
@ -1867,9 +1866,6 @@ main(int ac, char **av)
/* Reinitialize the log (because of the fork above). */ /* Reinitialize the log (because of the fork above). */
log_init(__progname, options.log_level, options.log_facility, log_stderr); log_init(__progname, options.log_level, options.log_facility, log_stderr);
/* Initialize the random number generator. */
arc4random_stir();
/* Chdir to the root directory so that the current disk can be /* Chdir to the root directory so that the current disk can be
unmounted if desired. */ unmounted if desired. */
if (chdir("/") == -1) if (chdir("/") == -1)