- Seed OpenSSL's random number generator before generating RSA keypairs

- Split random collector into seperate file
author: Damien Miller <djm@mindrot.org> 2000-01-29 20:40:22 +1100
committer: Damien Miller <djm@mindrot.org> 2000-01-29 20:40:22 +1100
commit: f07390e90da683fecbf55849a3cee6dc9b79a3e3 (patch)
tree: c9c7ad28557e08ff024da1e9a5302fc78d4de4f7
parent: 4e61b79d5bcb3c5ac3014fe55be55214e23b2927 (diff)
5 files changed, 29 insertions, 65 deletions
diff --git a/ChangeLog b/ChangeLog
index 30421b726..30c215700 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+20000127
+ - Seed OpenSSL's random number generator before generating RSA keypairs
+ - Split random collector into seperate file
 20000126
 - Released 1.2.2 stable
diff --git a/Makefile.in b/Makefile.in
index 1c917e704..7be35784e 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -34,7 +34,7 @@ GNOME_LIBS=`gnome-config --libs gnome gnomeui`
 TARGETS=ssh sshd ssh-add ssh-keygen ssh-agent scp $(EXTRA_TARGETS)
-LIBOBJS= atomicio.o authfd.o authfile.o bsd-bindresvport.o bsd-daemon.o bsd-misc.o bsd-mktemp.o bsd-rresvport.o bsd-snprintf.o bsd-strlcat.o bsd-strlcpy.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o fake-getaddrinfo.o fake-getnameinfo.o fingerprint.o hostfile.o log.o match.o mpaux.o nchan.o packet.o radix.o readpass.o rsa.o tildexpand.o ttymodes.o uidswap.o xmalloc.o 
+LIBOBJS= atomicio.o authfd.o authfile.o bsd-bindresvport.o bsd-daemon.o bsd-misc.o bsd-mktemp.o bsd-rresvport.o bsd-snprintf.o bsd-strlcat.o bsd-strlcpy.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o fake-getaddrinfo.o fake-getnameinfo.o fingerprint.o hostfile.o log.o match.o mpaux.o nchan.o packet.o radix.o random.o readpass.o rsa.o tildexpand.o ttymodes.o uidswap.o xmalloc.o 
 SSHOBJS= ssh.o sshconnect.o log-client.o readconf.o clientloop.o
diff --git a/bsd-misc.c b/bsd-misc.c
index b00c793c0..99fe29816 100644
--- a/bsd-misc.c
+++ b/bsd-misc.c
@@ -44,8 +44,6 @@
 #include <sys/types.h>
 #include <sys/stat.h>
-#include <sys/socket.h>
-#include <sys/un.h>
 #include <fcntl.h>
 #ifdef HAVE_STDDEF_H
 #include <stddef.h>
@@ -54,10 +52,7 @@
 #include "xmalloc.h"
 #include "ssh.h"
 #include "bsd-misc.h"
+#include "random.h"
-#ifndef offsetof
-#define offsetof(type, member) ((size_t) &((type *)0)->member)
-#endif
 #ifndef HAVE_ARC4RANDOM
@@ -68,7 +63,6 @@ typedef struct
        int j;
 } rc4_t;
-void get_random_bytes(unsigned char *buf, int len);
 void rc4_key(rc4_t *r, unsigned char *key, int len);
 void rc4_getbytes(rc4_t *r, unsigned char *buffer, int len);
@@ -134,59 +128,7 @@ void arc4random_stir(void)
        
        get_random_bytes(rand_buf, sizeof(rand_buf));
        rc4_key(rc4, rand_buf, sizeof(rand_buf));
-}
+        memset(rand_buf, 0, sizeof(rand_buf));
-void get_random_bytes(unsigned char *buf, int len)
-{
-        static int random_pool;
-        int c;
-#ifdef HAVE_EGD
-        char egd_message[2] = { 0x02, 0x00 };
-        struct sockaddr_un addr;
-        int addr_len;
-        memset(&addr, '\0', sizeof(addr));
-        addr.sun_family = AF_UNIX;
-        
-        /* FIXME: compile time check? */
-        if (sizeof(RANDOM_POOL) > sizeof(addr.sun_path))
-                fatal("Random pool path is too long");
-        
-        strcpy(addr.sun_path, RANDOM_POOL);
-        
-        addr_len = offsetof(struct sockaddr_un, sun_path) + sizeof(RANDOM_POOL);
-        
-        random_pool = socket(AF_UNIX, SOCK_STREAM, 0);
-        
-        if (random_pool == -1)
-                fatal("Couldn't create AF_UNIX socket: %s", strerror(errno));
-        
-        if (connect(random_pool, (struct sockaddr*)&addr, addr_len) == -1)
-                fatal("Couldn't connect to EGD socket \"%s\": %s", addr.sun_path, strerror(errno));
-        if (len > 255)
-                fatal("Too many bytes to read from EGD");
-        
-        /* Send blocking read request to EGD */
-        egd_message[1] = len;
-        c = atomicio(write, random_pool, egd_message, sizeof(egd_message));
-        if (c == -1)
-                fatal("Couldn't write to EGD socket \"%s\": %s", RANDOM_POOL, strerror(errno));
-#else /* HAVE_EGD */
-        random_pool = open(RANDOM_POOL, O_RDONLY);
-        if (random_pool == -1)
-                fatal("Couldn't open random pool \"%s\": %s", RANDOM_POOL, strerror(errno));
-#endif /* HAVE_EGD */
-        c = atomicio(read, random_pool, buf, len);
-        if (c <= 0)
-                fatal("Couldn't read from random pool \"%s\": %s", RANDOM_POOL, strerror(errno));
-        
-        close(random_pool);
 }
 #endif /* !HAVE_ARC4RANDOM */
diff --git a/rsa.c b/rsa.c
index 5e7297be0..597d20fb8 100644
--- a/rsa.c
+++ b/rsa.c
@@ -35,11 +35,12 @@
 */
 #include "includes.h"
-RCSID("$Id: rsa.c,v 1.6 1999/12/17 03:02:47 damien Exp $");
+RCSID("$Id: rsa.c,v 1.7 2000/01/29 09:40:22 damien Exp $");
 #include "rsa.h"
 #include "ssh.h"
 #include "xmalloc.h"
+#include "random.h"
 int rsa_verbose = 1;
@@ -64,13 +65,26 @@ keygen_progress(int p, int n, void *arg)
        const char progress_chars[] = ".o+O?";
        if ((p < 0) || (p > (sizeof(progress_chars) - 2)))
-                p = 4;
+                p = sizeof(progress_chars) - 2;
-        printf("%c", progress_chars[p]);
+        putchar(progress_chars[p]);
        fflush(stdout);
 }
 /*
+ * Seed OpenSSL's random number generator
+ */
+void
+seed_rng()
+{
+        char buf[32];
+        get_random_bytes(buf, sizeof(buf));
+        RAND_seed(buf, sizeof(buf));
+        memset(buf, 0, sizeof(buf));
+}
+/*
 * Generates RSA public and private keys.  This initializes the data
 * structures; they should be freed with rsa_clear_private_key and
 * rsa_clear_public_key.
@@ -81,6 +95,8 @@ rsa_generate_key(RSA *prv, RSA *pub, unsigned int bits)
 {
        RSA *key;
+        seed_rng();
+        
        if (rsa_verbose) {
                printf("Generating RSA keys:  ");
                fflush(stdout);
diff --git a/rsa.h b/rsa.h
index 485a94dcd..57c00a146 100644
--- a/rsa.h
+++ b/rsa.h
@@ -13,7 +13,7 @@
 * 
 */
-/* RCSID("$Id: rsa.h,v 1.5 1999/11/25 00:54:59 damien Exp $"); */
+/* RCSID("$Id: rsa.h,v 1.6 2000/01/29 09:40:22 damien Exp $"); */
 #ifndef RSA_H
 #define RSA_H
@@ -23,11 +23,13 @@
 #ifdef HAVE_OPENSSL
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
+#include <openssl/rand.h>
 #endif
 #ifdef HAVE_SSL
 #include <ssl/bn.h>
 #include <ssl/rsa.h>
+#include <ssl/rand.h>
 #endif
 /* Calls SSL RSA_generate_key, only copies to prv and pub */
author	Damien Miller <djm@mindrot.org>	2000-01-29 20:40:22 +1100
committer	Damien Miller <djm@mindrot.org>	2000-01-29 20:40:22 +1100
commit	f07390e90da683fecbf55849a3cee6dc9b79a3e3 (patch)
tree	c9c7ad28557e08ff024da1e9a5302fc78d4de4f7
parent	4e61b79d5bcb3c5ac3014fe55be55214e23b2927 (diff)

diff --git a/ChangeLog b/ChangeLog index 30421b726..30c215700 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -1,3 +1,7 @@
		1	20000127
		2	- Seed OpenSSL's random number generator before generating RSA keypairs
		3	- Split random collector into seperate file
		4
1	20000126	5	20000126
2	- Released 1.2.2 stable	6	- Released 1.2.2 stable
3		7


diff --git a/Makefile.in b/Makefile.in index 1c917e704..7be35784e 100644 --- a/Makefile.in +++ b/Makefile.in
@@ -34,7 +34,7 @@ GNOME_LIBS=`gnome-config --libs gnome gnomeui`
34		34
35	TARGETS=ssh sshd ssh-add ssh-keygen ssh-agent scp $(EXTRA_TARGETS)	35	TARGETS=ssh sshd ssh-add ssh-keygen ssh-agent scp $(EXTRA_TARGETS)
36		36
37	LIBOBJS= atomicio.o authfd.o authfile.o bsd-bindresvport.o bsd-daemon.o bsd-misc.o bsd-mktemp.o bsd-rresvport.o bsd-snprintf.o bsd-strlcat.o bsd-strlcpy.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o fake-getaddrinfo.o fake-getnameinfo.o fingerprint.o hostfile.o log.o match.o mpaux.o nchan.o packet.o radix.o readpass.o rsa.o tildexpand.o ttymodes.o uidswap.o xmalloc.o	37	LIBOBJS= atomicio.o authfd.o authfile.o bsd-bindresvport.o bsd-daemon.o bsd-misc.o bsd-mktemp.o bsd-rresvport.o bsd-snprintf.o bsd-strlcat.o bsd-strlcpy.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o fake-getaddrinfo.o fake-getnameinfo.o fingerprint.o hostfile.o log.o match.o mpaux.o nchan.o packet.o radix.o random.o readpass.o rsa.o tildexpand.o ttymodes.o uidswap.o xmalloc.o
38		38
39	SSHOBJS= ssh.o sshconnect.o log-client.o readconf.o clientloop.o	39	SSHOBJS= ssh.o sshconnect.o log-client.o readconf.o clientloop.o
40		40


diff --git a/bsd-misc.c b/bsd-misc.c index b00c793c0..99fe29816 100644 --- a/bsd-misc.c +++ b/bsd-misc.c
@@ -44,8 +44,6 @@
44		44
45	#include <sys/types.h>	45	#include <sys/types.h>
46	#include <sys/stat.h>	46	#include <sys/stat.h>
47	#include <sys/socket.h>
48	#include <sys/un.h>
49	#include <fcntl.h>	47	#include <fcntl.h>
50	#ifdef HAVE_STDDEF_H	48	#ifdef HAVE_STDDEF_H
51	#include <stddef.h>	49	#include <stddef.h>
@@ -54,10 +52,7 @@
54	#include "xmalloc.h"	52	#include "xmalloc.h"
55	#include "ssh.h"	53	#include "ssh.h"
56	#include "bsd-misc.h"	54	#include "bsd-misc.h"
57		55	#include "random.h"
58	#ifndef offsetof
59	#define offsetof(type, member) ((size_t) &((type *)0)->member)
60	#endif
61		56
62	#ifndef HAVE_ARC4RANDOM	57	#ifndef HAVE_ARC4RANDOM
63		58
@@ -68,7 +63,6 @@ typedef struct
68	int j;	63	int j;
69	} rc4_t;	64	} rc4_t;
70		65
71	void get_random_bytes(unsigned char *buf, int len);
72	void rc4_key(rc4_t r, unsigned char key, int len);	66	void rc4_key(rc4_t r, unsigned char key, int len);
73	void rc4_getbytes(rc4_t r, unsigned char buffer, int len);	67	void rc4_getbytes(rc4_t r, unsigned char buffer, int len);
74		68
@@ -134,59 +128,7 @@ void arc4random_stir(void)
134		128
135	get_random_bytes(rand_buf, sizeof(rand_buf));	129	get_random_bytes(rand_buf, sizeof(rand_buf));
136	rc4_key(rc4, rand_buf, sizeof(rand_buf));	130	rc4_key(rc4, rand_buf, sizeof(rand_buf));
137	}	131	memset(rand_buf, 0, sizeof(rand_buf));
138
139	void get_random_bytes(unsigned char *buf, int len)
140	{
141	static int random_pool;
142	int c;
143	#ifdef HAVE_EGD
144	char egd_message[2] = { 0x02, 0x00 };
145	struct sockaddr_un addr;
146	int addr_len;
147
148	memset(&addr, '\0', sizeof(addr));
149	addr.sun_family = AF_UNIX;
150
151	/* FIXME: compile time check? */
152	if (sizeof(RANDOM_POOL) > sizeof(addr.sun_path))
153	fatal("Random pool path is too long");
154
155	strcpy(addr.sun_path, RANDOM_POOL);
156
157	addr_len = offsetof(struct sockaddr_un, sun_path) + sizeof(RANDOM_POOL);
158
159	random_pool = socket(AF_UNIX, SOCK_STREAM, 0);
160
161	if (random_pool == -1)
162	fatal("Couldn't create AF_UNIX socket: %s", strerror(errno));
163
164	if (connect(random_pool, (struct sockaddr*)&addr, addr_len) == -1)
165	fatal("Couldn't connect to EGD socket \"%s\": %s", addr.sun_path, strerror(errno));
166
167	if (len > 255)
168	fatal("Too many bytes to read from EGD");
169
170	/* Send blocking read request to EGD */
171	egd_message[1] = len;
172
173	c = atomicio(write, random_pool, egd_message, sizeof(egd_message));
174	if (c == -1)
175	fatal("Couldn't write to EGD socket \"%s\": %s", RANDOM_POOL, strerror(errno));
176
177	#else /* HAVE_EGD */
178
179	random_pool = open(RANDOM_POOL, O_RDONLY);
180	if (random_pool == -1)
181	fatal("Couldn't open random pool \"%s\": %s", RANDOM_POOL, strerror(errno));
182
183	#endif /* HAVE_EGD */
184
185	c = atomicio(read, random_pool, buf, len);
186	if (c <= 0)
187	fatal("Couldn't read from random pool \"%s\": %s", RANDOM_POOL, strerror(errno));
188
189	close(random_pool);
190	}	132	}
191	#endif /* !HAVE_ARC4RANDOM */	133	#endif /* !HAVE_ARC4RANDOM */
192		134


diff --git a/rsa.c b/rsa.c index 5e7297be0..597d20fb8 100644 --- a/rsa.c +++ b/rsa.c
@@ -35,11 +35,12 @@
35	*/	35	*/
36		36
37	#include "includes.h"	37	#include "includes.h"
38	RCSID("$Id: rsa.c,v 1.6 1999/12/17 03:02:47 damien Exp $");	38	RCSID("$Id: rsa.c,v 1.7 2000/01/29 09:40:22 damien Exp $");
39		39
40	#include "rsa.h"	40	#include "rsa.h"
41	#include "ssh.h"	41	#include "ssh.h"
42	#include "xmalloc.h"	42	#include "xmalloc.h"
		43	#include "random.h"
43		44
44	int rsa_verbose = 1;	45	int rsa_verbose = 1;
45		46
@@ -64,13 +65,26 @@ keygen_progress(int p, int n, void *arg)
64	const char progress_chars[] = ".o+O?";	65	const char progress_chars[] = ".o+O?";
65		66
66	if ((p < 0) \|\| (p > (sizeof(progress_chars) - 2)))	67	if ((p < 0) \|\| (p > (sizeof(progress_chars) - 2)))
67	p = 4;	68	p = sizeof(progress_chars) - 2;
68		69
69	printf("%c", progress_chars[p]);	70	putchar(progress_chars[p]);
70	fflush(stdout);	71	fflush(stdout);
71	}	72	}
72		73
73	/*	74	/*
		75	* Seed OpenSSL's random number generator
		76	*/
		77	void
		78	seed_rng()
		79	{
		80	char buf[32];
		81
		82	get_random_bytes(buf, sizeof(buf));
		83	RAND_seed(buf, sizeof(buf));
		84	memset(buf, 0, sizeof(buf));
		85	}
		86
		87	/*
74	* Generates RSA public and private keys. This initializes the data	88	* Generates RSA public and private keys. This initializes the data
75	* structures; they should be freed with rsa_clear_private_key and	89	* structures; they should be freed with rsa_clear_private_key and
76	* rsa_clear_public_key.	90	* rsa_clear_public_key.
@@ -81,6 +95,8 @@ rsa_generate_key(RSA prv, RSA pub, unsigned int bits)
81	{	95	{
82	RSA *key;	96	RSA *key;
83		97
		98	seed_rng();
		99
84	if (rsa_verbose) {	100	if (rsa_verbose) {
85	printf("Generating RSA keys: ");	101	printf("Generating RSA keys: ");
86	fflush(stdout);	102	fflush(stdout);


diff --git a/rsa.h b/rsa.h index 485a94dcd..57c00a146 100644 --- a/rsa.h +++ b/rsa.h
@@ -13,7 +13,7 @@
13	*	13	*
14	*/	14	*/
15		15
16	/* RCSID("$Id: rsa.h,v 1.5 1999/11/25 00:54:59 damien Exp $"); */	16	/* RCSID("$Id: rsa.h,v 1.6 2000/01/29 09:40:22 damien Exp $"); */
17		17
18	#ifndef RSA_H	18	#ifndef RSA_H
19	#define RSA_H	19	#define RSA_H
@@ -23,11 +23,13 @@
23	#ifdef HAVE_OPENSSL	23	#ifdef HAVE_OPENSSL
24	#include <openssl/bn.h>	24	#include <openssl/bn.h>
25	#include <openssl/rsa.h>	25	#include <openssl/rsa.h>
		26	#include <openssl/rand.h>
26	#endif	27	#endif
27		28
28	#ifdef HAVE_SSL	29	#ifdef HAVE_SSL
29	#include <ssl/bn.h>	30	#include <ssl/bn.h>
30	#include <ssl/rsa.h>	31	#include <ssl/rsa.h>
		32	#include <ssl/rand.h>
31	#endif	33	#endif
32		34
33	/* Calls SSL RSA_generate_key, only copies to prv and pub */	35	/* Calls SSL RSA_generate_key, only copies to prv and pub */