diff options
author | Damien Miller <djm@mindrot.org> | 2008-05-19 14:50:00 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2008-05-19 14:50:00 +1000 |
commit | 354c48c641e7fbdc273ee8e1239ff71d73a1ec3e (patch) | |
tree | ab82abcf3687b6433990584ac62f89132c73db4b | |
parent | a4be7c23fdcf8a1da5420068dc4bd4db45af9c9c (diff) |
- (djm) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2008/04/13 00:22:17
[dh.c sshd.c]
Use arc4random_buf() when requesting more than a single word of output
Use arc4random_uniform() when the desired random number upper bound
is not a power of two
ok deraadt@ millert@
-rw-r--r-- | ChangeLog | 9 | ||||
-rw-r--r-- | dh.c | 4 | ||||
-rw-r--r-- | sshd.c | 32 |
3 files changed, 17 insertions, 28 deletions
@@ -14,6 +14,13 @@ | |||
14 | - (djm) [openbsd-compat/bsd-arc4random.c openbsd-compat/openbsd-compat.c] | 14 | - (djm) [openbsd-compat/bsd-arc4random.c openbsd-compat/openbsd-compat.c] |
15 | [configure.ac] Implement arc4random_buf(), import implementation of | 15 | [configure.ac] Implement arc4random_buf(), import implementation of |
16 | arc4random_uniform() from OpenBSD | 16 | arc4random_uniform() from OpenBSD |
17 | - (djm) OpenBSD CVS Sync | ||
18 | - djm@cvs.openbsd.org 2008/04/13 00:22:17 | ||
19 | [dh.c sshd.c] | ||
20 | Use arc4random_buf() when requesting more than a single word of output | ||
21 | Use arc4random_uniform() when the desired random number upper bound | ||
22 | is not a power of two | ||
23 | ok deraadt@ millert@ | ||
17 | 24 | ||
18 | 20080403 | 25 | 20080403 |
19 | - (djm) [openbsd-compat/bsd-poll.c] Include stdlib.h to avoid compile- | 26 | - (djm) [openbsd-compat/bsd-poll.c] Include stdlib.h to avoid compile- |
@@ -3874,4 +3881,4 @@ | |||
3874 | OpenServer 6 and add osr5bigcrypt support so when someone migrates | 3881 | OpenServer 6 and add osr5bigcrypt support so when someone migrates |
3875 | passwords between UnixWare and OpenServer they will still work. OK dtucker@ | 3882 | passwords between UnixWare and OpenServer they will still work. OK dtucker@ |
3876 | 3883 | ||
3877 | $Id: ChangeLog,v 1.4909 2008/05/19 04:47:37 djm Exp $ | 3884 | $Id: ChangeLog,v 1.4910 2008/05/19 04:50:00 djm Exp $ |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: dh.c,v 1.45 2007/09/27 00:15:57 ray Exp $ */ | 1 | /* $OpenBSD: dh.c,v 1.46 2008/04/13 00:22:17 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Niels Provos. All rights reserved. | 3 | * Copyright (c) 2000 Niels Provos. All rights reserved. |
4 | * | 4 | * |
@@ -153,7 +153,7 @@ choose_dh(int min, int wantbits, int max) | |||
153 | } | 153 | } |
154 | 154 | ||
155 | linenum = 0; | 155 | linenum = 0; |
156 | which = arc4random() % bestcount; | 156 | which = arc4random_uniform(bestcount); |
157 | while (fgets(line, sizeof(line), f)) { | 157 | while (fgets(line, sizeof(line), f)) { |
158 | if (!parse_prime(linenum, line, &dhg)) | 158 | if (!parse_prime(linenum, line, &dhg)) |
159 | continue; | 159 | continue; |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshd.c,v 1.355 2008/02/14 13:10:31 mbalmer Exp $ */ | 1 | /* $OpenBSD: sshd.c,v 1.356 2008/04/13 00:22:17 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -368,9 +368,6 @@ grace_alarm_handler(int sig) | |||
368 | static void | 368 | static void |
369 | generate_ephemeral_server_key(void) | 369 | generate_ephemeral_server_key(void) |
370 | { | 370 | { |
371 | u_int32_t rnd = 0; | ||
372 | int i; | ||
373 | |||
374 | verbose("Generating %s%d bit RSA key.", | 371 | verbose("Generating %s%d bit RSA key.", |
375 | sensitive_data.server_key ? "new " : "", options.server_key_bits); | 372 | sensitive_data.server_key ? "new " : "", options.server_key_bits); |
376 | if (sensitive_data.server_key != NULL) | 373 | if (sensitive_data.server_key != NULL) |
@@ -379,12 +376,7 @@ generate_ephemeral_server_key(void) | |||
379 | options.server_key_bits); | 376 | options.server_key_bits); |
380 | verbose("RSA key generation complete."); | 377 | verbose("RSA key generation complete."); |
381 | 378 | ||
382 | for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) { | 379 | arc4random_buf(sensitive_data.ssh1_cookie, SSH_SESSION_KEY_LENGTH); |
383 | if (i % 4 == 0) | ||
384 | rnd = arc4random(); | ||
385 | sensitive_data.ssh1_cookie[i] = rnd & 0xff; | ||
386 | rnd >>= 8; | ||
387 | } | ||
388 | arc4random_stir(); | 380 | arc4random_stir(); |
389 | } | 381 | } |
390 | 382 | ||
@@ -583,16 +575,14 @@ demote_sensitive_data(void) | |||
583 | static void | 575 | static void |
584 | privsep_preauth_child(void) | 576 | privsep_preauth_child(void) |
585 | { | 577 | { |
586 | u_int32_t rnd[256]; | 578 | u_int32_t rnd[256]; |
587 | gid_t gidset[1]; | 579 | gid_t gidset[1]; |
588 | u_int i; | ||
589 | 580 | ||
590 | /* Enable challenge-response authentication for privilege separation */ | 581 | /* Enable challenge-response authentication for privilege separation */ |
591 | privsep_challenge_enable(); | 582 | privsep_challenge_enable(); |
592 | 583 | ||
593 | arc4random_stir(); | 584 | arc4random_stir(); |
594 | for (i = 0; i < 256; i++) | 585 | arc4random_buf(rnd, sizeof(rnd)); |
595 | rnd[i] = arc4random(); | ||
596 | RAND_seed(rnd, sizeof(rnd)); | 586 | RAND_seed(rnd, sizeof(rnd)); |
597 | 587 | ||
598 | /* Demote the private keys to public keys. */ | 588 | /* Demote the private keys to public keys. */ |
@@ -666,7 +656,6 @@ static void | |||
666 | privsep_postauth(Authctxt *authctxt) | 656 | privsep_postauth(Authctxt *authctxt) |
667 | { | 657 | { |
668 | u_int32_t rnd[256]; | 658 | u_int32_t rnd[256]; |
669 | u_int i; | ||
670 | 659 | ||
671 | #ifdef DISABLE_FD_PASSING | 660 | #ifdef DISABLE_FD_PASSING |
672 | if (1) { | 661 | if (1) { |
@@ -700,8 +689,7 @@ privsep_postauth(Authctxt *authctxt) | |||
700 | demote_sensitive_data(); | 689 | demote_sensitive_data(); |
701 | 690 | ||
702 | arc4random_stir(); | 691 | arc4random_stir(); |
703 | for (i = 0; i < 256; i++) | 692 | arc4random_buf(rnd, sizeof(rnd)); |
704 | rnd[i] = arc4random(); | ||
705 | RAND_seed(rnd, sizeof(rnd)); | 693 | RAND_seed(rnd, sizeof(rnd)); |
706 | 694 | ||
707 | /* Drop privileges */ | 695 | /* Drop privileges */ |
@@ -803,7 +791,7 @@ drop_connection(int startups) | |||
803 | p *= startups - options.max_startups_begin; | 791 | p *= startups - options.max_startups_begin; |
804 | p /= options.max_startups - options.max_startups_begin; | 792 | p /= options.max_startups - options.max_startups_begin; |
805 | p += options.max_startups_rate; | 793 | p += options.max_startups_rate; |
806 | r = arc4random() % 100; | 794 | r = arc4random_uniform(100); |
807 | 795 | ||
808 | debug("drop_connection: p %d, r %d", p, r); | 796 | debug("drop_connection: p %d, r %d", p, r); |
809 | return (r < p) ? 1 : 0; | 797 | return (r < p) ? 1 : 0; |
@@ -1956,7 +1944,6 @@ do_ssh1_kex(void) | |||
1956 | u_char session_key[SSH_SESSION_KEY_LENGTH]; | 1944 | u_char session_key[SSH_SESSION_KEY_LENGTH]; |
1957 | u_char cookie[8]; | 1945 | u_char cookie[8]; |
1958 | u_int cipher_type, auth_mask, protocol_flags; | 1946 | u_int cipher_type, auth_mask, protocol_flags; |
1959 | u_int32_t rnd = 0; | ||
1960 | 1947 | ||
1961 | /* | 1948 | /* |
1962 | * Generate check bytes that the client must send back in the user | 1949 | * Generate check bytes that the client must send back in the user |
@@ -1967,12 +1954,7 @@ do_ssh1_kex(void) | |||
1967 | * cookie. This only affects rhosts authentication, and this is one | 1954 | * cookie. This only affects rhosts authentication, and this is one |
1968 | * of the reasons why it is inherently insecure. | 1955 | * of the reasons why it is inherently insecure. |
1969 | */ | 1956 | */ |
1970 | for (i = 0; i < 8; i++) { | 1957 | arc4random_buf(cookie, sizeof(cookie)); |
1971 | if (i % 4 == 0) | ||
1972 | rnd = arc4random(); | ||
1973 | cookie[i] = rnd & 0xff; | ||
1974 | rnd >>= 8; | ||
1975 | } | ||
1976 | 1958 | ||
1977 | /* | 1959 | /* |
1978 | * Send our public key. We include in the packet 64 bits of random | 1960 | * Send our public key. We include in the packet 64 bits of random |