- (djm) Seed PRNG at startup, rather than waiting for arc4random calls to
do it implicitly.
This commit is contained in:
parent
b399be4436
commit
60bc517356
|
@ -1,3 +1,7 @@
|
||||||
|
20010319
|
||||||
|
- (djm) Seed PRNG at startup, rather than waiting for arc4random calls to
|
||||||
|
do it implicitly.
|
||||||
|
|
||||||
20010318
|
20010318
|
||||||
- (bal) Fixed scp type casing issue which causes "scp: protocol error:
|
- (bal) Fixed scp type casing issue which causes "scp: protocol error:
|
||||||
size not delimited" fatal errors when tranfering.
|
size not delimited" fatal errors when tranfering.
|
||||||
|
@ -4596,4 +4600,4 @@
|
||||||
- Wrote replacements for strlcpy and mkdtemp
|
- Wrote replacements for strlcpy and mkdtemp
|
||||||
- Released 1.0pre1
|
- Released 1.0pre1
|
||||||
|
|
||||||
$Id: ChangeLog,v 1.971 2001/03/18 02:43:16 tim Exp $
|
$Id: ChangeLog,v 1.972 2001/03/18 22:38:15 djm Exp $
|
||||||
|
|
26
entropy.c
26
entropy.c
|
@ -40,7 +40,7 @@
|
||||||
#include "pathnames.h"
|
#include "pathnames.h"
|
||||||
#include "log.h"
|
#include "log.h"
|
||||||
|
|
||||||
RCSID("$Id: entropy.c,v 1.35 2001/03/03 13:29:21 djm Exp $");
|
RCSID("$Id: entropy.c,v 1.36 2001/03/18 22:38:16 djm Exp $");
|
||||||
|
|
||||||
#ifndef offsetof
|
#ifndef offsetof
|
||||||
# define offsetof(type, member) ((size_t) &((type *)0)->member)
|
# define offsetof(type, member) ((size_t) &((type *)0)->member)
|
||||||
|
@ -68,7 +68,8 @@ RCSID("$Id: entropy.c,v 1.35 2001/03/03 13:29:21 djm Exp $");
|
||||||
# define SAVED_IDS_WORK_WITH_SETEUID
|
# define SAVED_IDS_WORK_WITH_SETEUID
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
void check_openssl_version(void)
|
void
|
||||||
|
check_openssl_version(void)
|
||||||
{
|
{
|
||||||
if (SSLeay() != OPENSSL_VERSION_NUMBER)
|
if (SSLeay() != OPENSSL_VERSION_NUMBER)
|
||||||
fatal("OpenSSL version mismatch. Built against %lx, you "
|
fatal("OpenSSL version mismatch. Built against %lx, you "
|
||||||
|
@ -83,7 +84,8 @@ void check_openssl_version(void)
|
||||||
|
|
||||||
#ifdef USE_PRNGD
|
#ifdef USE_PRNGD
|
||||||
/* Collect entropy from PRNGD/EGD */
|
/* Collect entropy from PRNGD/EGD */
|
||||||
int get_random_bytes(unsigned char *buf, int len)
|
int
|
||||||
|
get_random_bytes(unsigned char *buf, int len)
|
||||||
{
|
{
|
||||||
int fd;
|
int fd;
|
||||||
char msg[2];
|
char msg[2];
|
||||||
|
@ -180,7 +182,8 @@ done:
|
||||||
#else /* !USE_PRNGD */
|
#else /* !USE_PRNGD */
|
||||||
#ifdef RANDOM_POOL
|
#ifdef RANDOM_POOL
|
||||||
/* Collect entropy from /dev/urandom or pipe */
|
/* Collect entropy from /dev/urandom or pipe */
|
||||||
int get_random_bytes(unsigned char *buf, int len)
|
int
|
||||||
|
get_random_bytes(unsigned char *buf, int len)
|
||||||
{
|
{
|
||||||
int random_pool;
|
int random_pool;
|
||||||
|
|
||||||
|
@ -226,7 +229,8 @@ seed_rng(void)
|
||||||
memset(buf, '\0', sizeof(buf));
|
memset(buf, '\0', sizeof(buf));
|
||||||
}
|
}
|
||||||
|
|
||||||
void init_rng(void)
|
void
|
||||||
|
init_rng(void)
|
||||||
{
|
{
|
||||||
check_openssl_version();
|
check_openssl_version();
|
||||||
}
|
}
|
||||||
|
@ -403,8 +407,7 @@ stir_rusage(int who, double entropy_estimate)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
static
|
static int
|
||||||
int
|
|
||||||
_get_timeval_msec_difference(struct timeval *t1, struct timeval *t2) {
|
_get_timeval_msec_difference(struct timeval *t1, struct timeval *t2) {
|
||||||
int secdiff, usecdiff;
|
int secdiff, usecdiff;
|
||||||
|
|
||||||
|
@ -842,8 +845,10 @@ seed_rng(void)
|
||||||
/* commands */
|
/* commands */
|
||||||
old_sigchld_handler = mysignal(SIGCHLD, SIG_DFL);
|
old_sigchld_handler = mysignal(SIGCHLD, SIG_DFL);
|
||||||
|
|
||||||
debug("Seeded RNG with %i bytes from programs", (int)stir_from_programs());
|
debug("Seeded RNG with %i bytes from programs",
|
||||||
debug("Seeded RNG with %i bytes from system calls", (int)stir_from_system());
|
(int)stir_from_programs());
|
||||||
|
debug("Seeded RNG with %i bytes from system calls",
|
||||||
|
(int)stir_from_system());
|
||||||
|
|
||||||
if (!RAND_status())
|
if (!RAND_status())
|
||||||
fatal("Not enough entropy in RNG");
|
fatal("Not enough entropy in RNG");
|
||||||
|
@ -854,7 +859,8 @@ seed_rng(void)
|
||||||
fatal("Couldn't initialise builtin random number generator -- exiting.");
|
fatal("Couldn't initialise builtin random number generator -- exiting.");
|
||||||
}
|
}
|
||||||
|
|
||||||
void init_rng(void)
|
void
|
||||||
|
init_rng(void)
|
||||||
{
|
{
|
||||||
int original_euid;
|
int original_euid;
|
||||||
|
|
||||||
|
|
|
@ -24,7 +24,7 @@
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
|
|
||||||
RCSID("$Id: bsd-arc4random.c,v 1.2 2001/02/09 01:55:36 djm Exp $");
|
RCSID("$Id: bsd-arc4random.c,v 1.3 2001/03/18 22:38:16 djm Exp $");
|
||||||
|
|
||||||
#ifndef HAVE_ARC4RANDOM
|
#ifndef HAVE_ARC4RANDOM
|
||||||
|
|
||||||
|
@ -43,10 +43,15 @@ static RC4_KEY rc4;
|
||||||
unsigned int arc4random(void)
|
unsigned int arc4random(void)
|
||||||
{
|
{
|
||||||
unsigned int r = 0;
|
unsigned int r = 0;
|
||||||
|
static int first_time = 1;
|
||||||
|
|
||||||
if (rc4_ready <= 0)
|
if (rc4_ready <= 0) {
|
||||||
|
if (!first_time)
|
||||||
|
seed_rng();
|
||||||
|
first_time = 0;
|
||||||
arc4random_stir();
|
arc4random_stir();
|
||||||
|
}
|
||||||
|
|
||||||
RC4(&rc4, sizeof(r), (unsigned char *)&r, (unsigned char *)&r);
|
RC4(&rc4, sizeof(r), (unsigned char *)&r, (unsigned char *)&r);
|
||||||
|
|
||||||
rc4_ready -= sizeof(r);
|
rc4_ready -= sizeof(r);
|
||||||
|
@ -57,17 +62,14 @@ unsigned int arc4random(void)
|
||||||
void arc4random_stir(void)
|
void arc4random_stir(void)
|
||||||
{
|
{
|
||||||
unsigned char rand_buf[SEED_SIZE];
|
unsigned char rand_buf[SEED_SIZE];
|
||||||
|
|
||||||
memset(&rc4, 0, sizeof(rc4));
|
memset(&rc4, 0, sizeof(rc4));
|
||||||
|
if (!RAND_bytes(rand_buf, sizeof(rand_buf)))
|
||||||
seed_rng();
|
fatal("Couldn't obtain random bytes (error %ld)",
|
||||||
|
ERR_get_error());
|
||||||
RAND_bytes(rand_buf, sizeof(rand_buf));
|
|
||||||
|
|
||||||
RC4_set_key(&rc4, sizeof(rand_buf), rand_buf);
|
RC4_set_key(&rc4, sizeof(rand_buf), rand_buf);
|
||||||
|
|
||||||
memset(rand_buf, 0, sizeof(rand_buf));
|
memset(rand_buf, 0, sizeof(rand_buf));
|
||||||
|
|
||||||
rc4_ready = REKEY_BYTES;
|
rc4_ready = REKEY_BYTES;
|
||||||
}
|
}
|
||||||
#endif /* !HAVE_ARC4RANDOM */
|
#endif /* !HAVE_ARC4RANDOM */
|
||||||
|
|
|
@ -740,6 +740,7 @@ main(int ac, char **av)
|
||||||
|
|
||||||
__progname = get_progname(av[0]);
|
__progname = get_progname(av[0]);
|
||||||
init_rng();
|
init_rng();
|
||||||
|
seed_rng();
|
||||||
|
|
||||||
#ifdef __GNU_LIBRARY__
|
#ifdef __GNU_LIBRARY__
|
||||||
while ((ch = getopt(ac, av, "+cks")) != -1) {
|
while ((ch = getopt(ac, av, "+cks")) != -1) {
|
||||||
|
|
|
@ -639,6 +639,7 @@ main(int ac, char **av)
|
||||||
|
|
||||||
__progname = get_progname(av[0]);
|
__progname = get_progname(av[0]);
|
||||||
init_rng();
|
init_rng();
|
||||||
|
seed_rng();
|
||||||
|
|
||||||
SSLeay_add_all_algorithms();
|
SSLeay_add_all_algorithms();
|
||||||
|
|
||||||
|
|
2
ssh.c
2
ssh.c
|
@ -576,6 +576,8 @@ main(int ac, char **av)
|
||||||
/* reinit */
|
/* reinit */
|
||||||
log_init(av[0], options.log_level, SYSLOG_FACILITY_USER, 1);
|
log_init(av[0], options.log_level, SYSLOG_FACILITY_USER, 1);
|
||||||
|
|
||||||
|
seed_rng();
|
||||||
|
|
||||||
if (options.user == NULL)
|
if (options.user == NULL)
|
||||||
options.user = xstrdup(pw->pw_name);
|
options.user = xstrdup(pw->pw_name);
|
||||||
|
|
||||||
|
|
2
sshd.c
2
sshd.c
|
@ -687,6 +687,8 @@ main(int ac, char **av)
|
||||||
options.log_facility == -1 ? SYSLOG_FACILITY_AUTH : options.log_facility,
|
options.log_facility == -1 ? SYSLOG_FACILITY_AUTH : options.log_facility,
|
||||||
!inetd_flag);
|
!inetd_flag);
|
||||||
|
|
||||||
|
seed_rng();
|
||||||
|
|
||||||
/* Read server configuration options from the configuration file. */
|
/* Read server configuration options from the configuration file. */
|
||||||
read_server_config(&options, config_file_name);
|
read_server_config(&options, config_file_name);
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue