- (djm) Seed PRNG at startup, rather than waiting for arc4random calls to
do it implicitly.
This commit is contained in:
Damien Miller
parent
b399be4436
commit
60bc517356
|
|
@ -1,3 +1,7 @@
|
|||
20010319
|
||||
- (djm) Seed PRNG at startup, rather than waiting for arc4random calls to
|
||||
do it implicitly.
|
||||
|
||||
20010318
|
||||
- (bal) Fixed scp type casing issue which causes "scp: protocol error:
|
||||
size not delimited" fatal errors when tranfering.
|
||||
|
|
@ -4596,4 +4600,4 @@
|
|||
- Wrote replacements for strlcpy and mkdtemp
|
||||
- Released 1.0pre1
|
||||
|
||||
$Id: ChangeLog,v 1.971 2001/03/18 02:43:16 tim Exp $
|
||||
$Id: ChangeLog,v 1.972 2001/03/18 22:38:15 djm Exp $
|
||||
|
|
|
|||
26
entropy.c
26
entropy.c
|
|
@ -40,7 +40,7 @@
|
|||
#include "pathnames.h"
|
||||
#include "log.h"
|
||||
|
||||
RCSID("$Id: entropy.c,v 1.35 2001/03/03 13:29:21 djm Exp $");
|
||||
RCSID("$Id: entropy.c,v 1.36 2001/03/18 22:38:16 djm Exp $");
|
||||
|
||||
#ifndef offsetof
|
||||
# define offsetof(type, member) ((size_t) &((type *)0)->member)
|
||||
|
|
@ -68,7 +68,8 @@ RCSID("$Id: entropy.c,v 1.35 2001/03/03 13:29:21 djm Exp $");
|
|||
# define SAVED_IDS_WORK_WITH_SETEUID
|
||||
#endif
|
||||
|
||||
void check_openssl_version(void)
|
||||
void
|
||||
check_openssl_version(void)
|
||||
{
|
||||
if (SSLeay() != OPENSSL_VERSION_NUMBER)
|
||||
fatal("OpenSSL version mismatch. Built against %lx, you "
|
||||
|
|
@ -83,7 +84,8 @@ void check_openssl_version(void)
|
|||
|
||||
#ifdef USE_PRNGD
|
||||
/* Collect entropy from PRNGD/EGD */
|
||||
int get_random_bytes(unsigned char *buf, int len)
|
||||
int
|
||||
get_random_bytes(unsigned char *buf, int len)
|
||||
{
|
||||
int fd;
|
||||
char msg[2];
|
||||
|
|
@ -180,7 +182,8 @@ done:
|
|||
#else /* !USE_PRNGD */
|
||||
#ifdef RANDOM_POOL
|
||||
/* Collect entropy from /dev/urandom or pipe */
|
||||
int get_random_bytes(unsigned char *buf, int len)
|
||||
int
|
||||
get_random_bytes(unsigned char *buf, int len)
|
||||
{
|
||||
int random_pool;
|
||||
|
||||
|
|
@ -226,7 +229,8 @@ seed_rng(void)
|
|||
memset(buf, '\0', sizeof(buf));
|
||||
}
|
||||
|
||||
void init_rng(void)
|
||||
void
|
||||
init_rng(void)
|
||||
{
|
||||
check_openssl_version();
|
||||
}
|
||||
|
|
@ -403,8 +407,7 @@ stir_rusage(int who, double entropy_estimate)
|
|||
}
|
||||
|
||||
|
||||
static
|
||||
int
|
||||
static int
|
||||
_get_timeval_msec_difference(struct timeval *t1, struct timeval *t2) {
|
||||
int secdiff, usecdiff;
|
||||
|
||||
|
|
@ -842,8 +845,10 @@ seed_rng(void)
|
|||
/* commands */
|
||||
old_sigchld_handler = mysignal(SIGCHLD, SIG_DFL);
|
||||
|
||||
debug("Seeded RNG with %i bytes from programs", (int)stir_from_programs());
|
||||
debug("Seeded RNG with %i bytes from system calls", (int)stir_from_system());
|
||||
debug("Seeded RNG with %i bytes from programs",
|
||||
(int)stir_from_programs());
|
||||
debug("Seeded RNG with %i bytes from system calls",
|
||||
(int)stir_from_system());
|
||||
|
||||
if (!RAND_status())
|
||||
fatal("Not enough entropy in RNG");
|
||||
|
|
@ -854,7 +859,8 @@ seed_rng(void)
|
|||
fatal("Couldn't initialise builtin random number generator -- exiting.");
|
||||
}
|
||||
|
||||
void init_rng(void)
|
||||
void
|
||||
init_rng(void)
|
||||
{
|
||||
int original_euid;
|
||||
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@
|
|||
|
||||
#include "includes.h"
|
||||
|
||||
RCSID("$Id: bsd-arc4random.c,v 1.2 2001/02/09 01:55:36 djm Exp $");
|
||||
RCSID("$Id: bsd-arc4random.c,v 1.3 2001/03/18 22:38:16 djm Exp $");
|
||||
|
||||
#ifndef HAVE_ARC4RANDOM
|
||||
|
||||
|
|
@ -43,10 +43,15 @@ static RC4_KEY rc4;
|
|||
unsigned int arc4random(void)
|
||||
{
|
||||
unsigned int r = 0;
|
||||
static int first_time = 1;
|
||||
|
||||
if (rc4_ready <= 0)
|
||||
if (rc4_ready <= 0) {
|
||||
if (!first_time)
|
||||
seed_rng();
|
||||
first_time = 0;
|
||||
arc4random_stir();
|
||||
|
||||
}
|
||||
|
||||
RC4(&rc4, sizeof(r), (unsigned char *)&r, (unsigned char *)&r);
|
||||
|
||||
rc4_ready -= sizeof(r);
|
||||
|
|
@ -57,17 +62,14 @@ unsigned int arc4random(void)
|
|||
void arc4random_stir(void)
|
||||
{
|
||||
unsigned char rand_buf[SEED_SIZE];
|
||||
|
||||
|
||||
memset(&rc4, 0, sizeof(rc4));
|
||||
|
||||
seed_rng();
|
||||
|
||||
RAND_bytes(rand_buf, sizeof(rand_buf));
|
||||
|
||||
if (!RAND_bytes(rand_buf, sizeof(rand_buf)))
|
||||
fatal("Couldn't obtain random bytes (error %ld)",
|
||||
ERR_get_error());
|
||||
RC4_set_key(&rc4, sizeof(rand_buf), rand_buf);
|
||||
|
||||
memset(rand_buf, 0, sizeof(rand_buf));
|
||||
|
||||
|
||||
rc4_ready = REKEY_BYTES;
|
||||
}
|
||||
#endif /* !HAVE_ARC4RANDOM */
|
||||
|
|
|
|||
|
|
@ -740,6 +740,7 @@ main(int ac, char **av)
|
|||
|
||||
__progname = get_progname(av[0]);
|
||||
init_rng();
|
||||
seed_rng();
|
||||
|
||||
#ifdef __GNU_LIBRARY__
|
||||
while ((ch = getopt(ac, av, "+cks")) != -1) {
|
||||
|
|
|
|||
|
|
@ -639,6 +639,7 @@ main(int ac, char **av)
|
|||
|
||||
__progname = get_progname(av[0]);
|
||||
init_rng();
|
||||
seed_rng();
|
||||
|
||||
SSLeay_add_all_algorithms();
|
||||
|
||||
|
|
|
|||
2
ssh.c
2
ssh.c
|
|
@ -576,6 +576,8 @@ main(int ac, char **av)
|
|||
/* reinit */
|
||||
log_init(av[0], options.log_level, SYSLOG_FACILITY_USER, 1);
|
||||
|
||||
seed_rng();
|
||||
|
||||
if (options.user == NULL)
|
||||
options.user = xstrdup(pw->pw_name);
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue