summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2000-08-30 09:40:09 +1100
committerDamien Miller <djm@mindrot.org>2000-08-30 09:40:09 +1100
commitc30d35ce3234371c20a388d81b4bafd389d3019f (patch)
tree700aa922a381fa51c8334f9d09cc8481d0619db3
parent87d29ed405ce6a6aa56660c9c696f6b78a709034 (diff)
- (djm) Periodically rekey arc4random
- (djm) Clean up diff against OpenBSD.
Diffstat
-rw-r--r--ChangeLog2
-rw-r--r--bsd-arc4random.c15
-rw-r--r--key.h4
-rw-r--r--ssh_config8
-rw-r--r--sshd_config2
5 files changed, 18 insertions, 13 deletions
diff --git a/ChangeLog b/ChangeLog
index 1fe68ed61..3af34b9ba 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,7 @@
120000830 120000830
2 - (djm) Compile warning fixes from Mark Miller <markm@swoon.net> 2 - (djm) Compile warning fixes from Mark Miller <markm@swoon.net>
3 - (djm) Periodically rekey arc4random
4 - (djm) Clean up diff against OpenBSD.
3 5
420000829 620000829
5 - (djm) Fix ^C ignored issue on Solaris. Diagnosis from Gert 7 - (djm) Fix ^C ignored issue on Solaris. Diagnosis from Gert
diff --git a/bsd-arc4random.c b/bsd-arc4random.c
index 4c2f0854f..a1f515461 100644
--- a/bsd-arc4random.c
+++ b/bsd-arc4random.c
@@ -33,6 +33,12 @@
33 33
34#ifndef HAVE_ARC4RANDOM 34#ifndef HAVE_ARC4RANDOM
35 35
36/* Size of key to use */
37#define SEED_SIZE 20
38
39/* Number of bytes to reseed after */
40#define REKEY_BYTES (1 >> 18)
41
36static int rc4_ready = 0; 42static int rc4_ready = 0;
37static RC4_KEY rc4; 43static RC4_KEY rc4;
38 44
@@ -40,27 +46,30 @@ unsigned int arc4random(void)
40{ 46{
41 unsigned int r = 0; 47 unsigned int r = 0;
42 48
43 if (!rc4_ready) 49 if (rc4_ready <= 0)
44 arc4random_stir(); 50 arc4random_stir();
45 51
46 RC4(&rc4, sizeof(r), (unsigned char *)&r, (unsigned char *)&r); 52 RC4(&rc4, sizeof(r), (unsigned char *)&r, (unsigned char *)&r);
53
54 rc4_ready -= sizeof(r);
47 55
48 return(r); 56 return(r);
49} 57}
50 58
51void arc4random_stir(void) 59void arc4random_stir(void)
52{ 60{
53 unsigned char rand_buf[32]; 61 unsigned char rand_buf[SEED_SIZE];
54 62
55 memset(&rc4, 0, sizeof(rc4)); 63 memset(&rc4, 0, sizeof(rc4));
56 64
57 seed_rng(); 65 seed_rng();
66
58 RAND_bytes(rand_buf, sizeof(rand_buf)); 67 RAND_bytes(rand_buf, sizeof(rand_buf));
59 68
60 RC4_set_key(&rc4, sizeof(rand_buf), rand_buf); 69 RC4_set_key(&rc4, sizeof(rand_buf), rand_buf);
61 70
62 memset(rand_buf, 0, sizeof(rand_buf)); 71 memset(rand_buf, 0, sizeof(rand_buf));
63 72
64 rc4_ready = 1; 73 rc4_ready = REKEY_BYTES;
65} 74}
66#endif /* !HAVE_ARC4RANDOM */ 75#endif /* !HAVE_ARC4RANDOM */
diff --git a/key.h b/key.h
index ed3f770b8..53b3bfb26 100644
--- a/key.h
+++ b/key.h
@@ -19,7 +19,7 @@ int key_equal(Key *a, Key *b);
19char *key_fingerprint(Key *k); 19char *key_fingerprint(Key *k);
20char *key_type(Key *k); 20char *key_type(Key *k);
21int key_write(Key *key, FILE *f); 21int key_write(Key *key, FILE *f);
22unsigned int 22unsigned int key_read(Key *key, char **cpp);
23key_read(Key *key, char **cpp); 23unsigned int key_size(Key *k);
24 24
25#endif 25#endif
diff --git a/ssh_config b/ssh_config
index 70275b392..cb360d04b 100644
--- a/ssh_config
+++ b/ssh_config
@@ -27,11 +27,5 @@
27# IdentityFile ~/.ssh/identity 27# IdentityFile ~/.ssh/identity
28# Port 22 28# Port 22
29# Protocol 2,1 29# Protocol 2,1
30# Cipher 3des 30# Cipher blowfish
31# EscapeChar ~ 31# EscapeChar ~
32
33# Be paranoid by default
34Host *
35 ForwardAgent no
36 ForwardX11 no
37 FallBackToRsh no
diff --git a/sshd_config b/sshd_config
index a97b780e8..b89b19fc8 100644
--- a/sshd_config
+++ b/sshd_config
@@ -48,7 +48,7 @@ PermitEmptyPasswords no
48#KerberosTgtPassing yes 48#KerberosTgtPassing yes
49 49
50CheckMail no 50CheckMail no
51UseLogin no 51#UseLogin no
52 52
53#Subsystem sftp /usr/local/sbin/sftpd 53#Subsystem sftp /usr/local/sbin/sftpd
54#MaxStartups 10:30:60 54#MaxStartups 10:30:60
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-05 19:45:12 +0000