diff options
author | Damien Miller <djm@mindrot.org> | 2000-08-30 09:40:09 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2000-08-30 09:40:09 +1100 |
commit | c30d35ce3234371c20a388d81b4bafd389d3019f (patch) | |
tree | 700aa922a381fa51c8334f9d09cc8481d0619db3 | |
parent | 87d29ed405ce6a6aa56660c9c696f6b78a709034 (diff) |
- (djm) Periodically rekey arc4random
- (djm) Clean up diff against OpenBSD.
-rw-r--r-- | ChangeLog | 2 | ||||
-rw-r--r-- | bsd-arc4random.c | 15 | ||||
-rw-r--r-- | key.h | 4 | ||||
-rw-r--r-- | ssh_config | 8 | ||||
-rw-r--r-- | sshd_config | 2 |
5 files changed, 18 insertions, 13 deletions
@@ -1,5 +1,7 @@ | |||
1 | 20000830 | 1 | 20000830 |
2 | - (djm) Compile warning fixes from Mark Miller <markm@swoon.net> | 2 | - (djm) Compile warning fixes from Mark Miller <markm@swoon.net> |
3 | - (djm) Periodically rekey arc4random | ||
4 | - (djm) Clean up diff against OpenBSD. | ||
3 | 5 | ||
4 | 20000829 | 6 | 20000829 |
5 | - (djm) Fix ^C ignored issue on Solaris. Diagnosis from Gert | 7 | - (djm) Fix ^C ignored issue on Solaris. Diagnosis from Gert |
diff --git a/bsd-arc4random.c b/bsd-arc4random.c index 4c2f0854f..a1f515461 100644 --- a/bsd-arc4random.c +++ b/bsd-arc4random.c | |||
@@ -33,6 +33,12 @@ | |||
33 | 33 | ||
34 | #ifndef HAVE_ARC4RANDOM | 34 | #ifndef HAVE_ARC4RANDOM |
35 | 35 | ||
36 | /* Size of key to use */ | ||
37 | #define SEED_SIZE 20 | ||
38 | |||
39 | /* Number of bytes to reseed after */ | ||
40 | #define REKEY_BYTES (1 >> 18) | ||
41 | |||
36 | static int rc4_ready = 0; | 42 | static int rc4_ready = 0; |
37 | static RC4_KEY rc4; | 43 | static RC4_KEY rc4; |
38 | 44 | ||
@@ -40,27 +46,30 @@ unsigned int arc4random(void) | |||
40 | { | 46 | { |
41 | unsigned int r = 0; | 47 | unsigned int r = 0; |
42 | 48 | ||
43 | if (!rc4_ready) | 49 | if (rc4_ready <= 0) |
44 | arc4random_stir(); | 50 | arc4random_stir(); |
45 | 51 | ||
46 | RC4(&rc4, sizeof(r), (unsigned char *)&r, (unsigned char *)&r); | 52 | RC4(&rc4, sizeof(r), (unsigned char *)&r, (unsigned char *)&r); |
53 | |||
54 | rc4_ready -= sizeof(r); | ||
47 | 55 | ||
48 | return(r); | 56 | return(r); |
49 | } | 57 | } |
50 | 58 | ||
51 | void arc4random_stir(void) | 59 | void arc4random_stir(void) |
52 | { | 60 | { |
53 | unsigned char rand_buf[32]; | 61 | unsigned char rand_buf[SEED_SIZE]; |
54 | 62 | ||
55 | memset(&rc4, 0, sizeof(rc4)); | 63 | memset(&rc4, 0, sizeof(rc4)); |
56 | 64 | ||
57 | seed_rng(); | 65 | seed_rng(); |
66 | |||
58 | RAND_bytes(rand_buf, sizeof(rand_buf)); | 67 | RAND_bytes(rand_buf, sizeof(rand_buf)); |
59 | 68 | ||
60 | RC4_set_key(&rc4, sizeof(rand_buf), rand_buf); | 69 | RC4_set_key(&rc4, sizeof(rand_buf), rand_buf); |
61 | 70 | ||
62 | memset(rand_buf, 0, sizeof(rand_buf)); | 71 | memset(rand_buf, 0, sizeof(rand_buf)); |
63 | 72 | ||
64 | rc4_ready = 1; | 73 | rc4_ready = REKEY_BYTES; |
65 | } | 74 | } |
66 | #endif /* !HAVE_ARC4RANDOM */ | 75 | #endif /* !HAVE_ARC4RANDOM */ |
@@ -19,7 +19,7 @@ int key_equal(Key *a, Key *b); | |||
19 | char *key_fingerprint(Key *k); | 19 | char *key_fingerprint(Key *k); |
20 | char *key_type(Key *k); | 20 | char *key_type(Key *k); |
21 | int key_write(Key *key, FILE *f); | 21 | int key_write(Key *key, FILE *f); |
22 | unsigned int | 22 | unsigned int key_read(Key *key, char **cpp); |
23 | key_read(Key *key, char **cpp); | 23 | unsigned int key_size(Key *k); |
24 | 24 | ||
25 | #endif | 25 | #endif |
diff --git a/ssh_config b/ssh_config index 70275b392..cb360d04b 100644 --- a/ssh_config +++ b/ssh_config | |||
@@ -27,11 +27,5 @@ | |||
27 | # IdentityFile ~/.ssh/identity | 27 | # IdentityFile ~/.ssh/identity |
28 | # Port 22 | 28 | # Port 22 |
29 | # Protocol 2,1 | 29 | # Protocol 2,1 |
30 | # Cipher 3des | 30 | # Cipher blowfish |
31 | # EscapeChar ~ | 31 | # EscapeChar ~ |
32 | |||
33 | # Be paranoid by default | ||
34 | Host * | ||
35 | ForwardAgent no | ||
36 | ForwardX11 no | ||
37 | FallBackToRsh no | ||
diff --git a/sshd_config b/sshd_config index a97b780e8..b89b19fc8 100644 --- a/sshd_config +++ b/sshd_config | |||
@@ -48,7 +48,7 @@ PermitEmptyPasswords no | |||
48 | #KerberosTgtPassing yes | 48 | #KerberosTgtPassing yes |
49 | 49 | ||
50 | CheckMail no | 50 | CheckMail no |
51 | UseLogin no | 51 | #UseLogin no |
52 | 52 | ||
53 | #Subsystem sftp /usr/local/sbin/sftpd | 53 | #Subsystem sftp /usr/local/sbin/sftpd |
54 | #MaxStartups 10:30:60 | 54 | #MaxStartups 10:30:60 |