diff options
author | Damien Miller <djm@mindrot.org> | 2004-07-19 09:30:38 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2004-07-19 09:30:38 +1000 |
commit | 65df1745743a2f0f5b6647a223f781bb153e6449 (patch) | |
tree | 3f1c71e3edcc46a81f8372826cba961aa464eb2d | |
parent | 0999174755bbc5b50d65bfa95e0b322ffd12337c (diff) |
- (djm) [openbsd-compat/bsd-arc4random.c] Discard early keystream, like OpenBSD
ok dtucker@
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | openbsd-compat/bsd-arc4random.c | 12 |
2 files changed, 15 insertions, 3 deletions
@@ -1,3 +1,7 @@ | |||
1 | 20040719 | ||
2 | - (djm) [openbsd-compat/bsd-arc4random.c] Discard early keystream, like OpenBSD | ||
3 | ok dtucker@ | ||
4 | |||
1 | 20040717 | 5 | 20040717 |
2 | - (dtucker) [logintest.c scp.c sftp-server.c sftp.c ssh-add.c ssh-agent.c | 6 | - (dtucker) [logintest.c scp.c sftp-server.c sftp.c ssh-add.c ssh-agent.c |
3 | ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c ssh.c sshd.c | 7 | ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c ssh.c sshd.c |
@@ -1527,4 +1531,4 @@ | |||
1527 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM | 1531 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM |
1528 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu | 1532 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu |
1529 | 1533 | ||
1530 | $Id: ChangeLog,v 1.3477 2004/07/17 07:05:14 dtucker Exp $ | 1534 | $Id: ChangeLog,v 1.3478 2004/07/18 23:30:38 djm Exp $ |
diff --git a/openbsd-compat/bsd-arc4random.c b/openbsd-compat/bsd-arc4random.c index 22003ff0a..5284e1af8 100644 --- a/openbsd-compat/bsd-arc4random.c +++ b/openbsd-compat/bsd-arc4random.c | |||
@@ -17,7 +17,7 @@ | |||
17 | #include "includes.h" | 17 | #include "includes.h" |
18 | #include "log.h" | 18 | #include "log.h" |
19 | 19 | ||
20 | RCSID("$Id: bsd-arc4random.c,v 1.8 2004/02/17 05:49:55 djm Exp $"); | 20 | RCSID("$Id: bsd-arc4random.c,v 1.9 2004/07/18 23:30:40 djm Exp $"); |
21 | 21 | ||
22 | #ifndef HAVE_ARC4RANDOM | 22 | #ifndef HAVE_ARC4RANDOM |
23 | 23 | ||
@@ -56,13 +56,21 @@ unsigned int arc4random(void) | |||
56 | void arc4random_stir(void) | 56 | void arc4random_stir(void) |
57 | { | 57 | { |
58 | unsigned char rand_buf[SEED_SIZE]; | 58 | unsigned char rand_buf[SEED_SIZE]; |
59 | int i; | ||
59 | 60 | ||
60 | memset(&rc4, 0, sizeof(rc4)); | 61 | memset(&rc4, 0, sizeof(rc4)); |
61 | if (RAND_bytes(rand_buf, sizeof(rand_buf)) <= 0) | 62 | if (RAND_bytes(rand_buf, sizeof(rand_buf)) <= 0) |
62 | fatal("Couldn't obtain random bytes (error %ld)", | 63 | fatal("Couldn't obtain random bytes (error %ld)", |
63 | ERR_get_error()); | 64 | ERR_get_error()); |
64 | RC4_set_key(&rc4, sizeof(rand_buf), rand_buf); | 65 | RC4_set_key(&rc4, sizeof(rand_buf), rand_buf); |
65 | RC4(&rc4, sizeof(rand_buf), rand_buf, rand_buf); | 66 | |
67 | /* | ||
68 | * Discard early keystream, as per recommendations in: | ||
69 | * http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/Rc4_ksa.ps | ||
70 | */ | ||
71 | for(i = 0; i <= 256; i += sizeof(rand_buf)) | ||
72 | RC4(&rc4, sizeof(rand_buf), rand_buf, rand_buf); | ||
73 | |||
66 | memset(rand_buf, 0, sizeof(rand_buf)); | 74 | memset(rand_buf, 0, sizeof(rand_buf)); |
67 | 75 | ||
68 | rc4_ready = REKEY_BYTES; | 76 | rc4_ready = REKEY_BYTES; |