diff options
author | Damien Miller <djm@mindrot.org> | 2008-05-19 14:50:00 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2008-05-19 14:50:00 +1000 |
commit | 354c48c641e7fbdc273ee8e1239ff71d73a1ec3e (patch) | |
tree | ab82abcf3687b6433990584ac62f89132c73db4b /sshd.c | |
parent | a4be7c23fdcf8a1da5420068dc4bd4db45af9c9c (diff) |
- (djm) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2008/04/13 00:22:17
[dh.c sshd.c]
Use arc4random_buf() when requesting more than a single word of output
Use arc4random_uniform() when the desired random number upper bound
is not a power of two
ok deraadt@ millert@
Diffstat (limited to 'sshd.c')
-rw-r--r-- | sshd.c | 32 |
1 files changed, 7 insertions, 25 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshd.c,v 1.355 2008/02/14 13:10:31 mbalmer Exp $ */ | 1 | /* $OpenBSD: sshd.c,v 1.356 2008/04/13 00:22:17 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -368,9 +368,6 @@ grace_alarm_handler(int sig) | |||
368 | static void | 368 | static void |
369 | generate_ephemeral_server_key(void) | 369 | generate_ephemeral_server_key(void) |
370 | { | 370 | { |
371 | u_int32_t rnd = 0; | ||
372 | int i; | ||
373 | |||
374 | verbose("Generating %s%d bit RSA key.", | 371 | verbose("Generating %s%d bit RSA key.", |
375 | sensitive_data.server_key ? "new " : "", options.server_key_bits); | 372 | sensitive_data.server_key ? "new " : "", options.server_key_bits); |
376 | if (sensitive_data.server_key != NULL) | 373 | if (sensitive_data.server_key != NULL) |
@@ -379,12 +376,7 @@ generate_ephemeral_server_key(void) | |||
379 | options.server_key_bits); | 376 | options.server_key_bits); |
380 | verbose("RSA key generation complete."); | 377 | verbose("RSA key generation complete."); |
381 | 378 | ||
382 | for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) { | 379 | arc4random_buf(sensitive_data.ssh1_cookie, SSH_SESSION_KEY_LENGTH); |
383 | if (i % 4 == 0) | ||
384 | rnd = arc4random(); | ||
385 | sensitive_data.ssh1_cookie[i] = rnd & 0xff; | ||
386 | rnd >>= 8; | ||
387 | } | ||
388 | arc4random_stir(); | 380 | arc4random_stir(); |
389 | } | 381 | } |
390 | 382 | ||
@@ -583,16 +575,14 @@ demote_sensitive_data(void) | |||
583 | static void | 575 | static void |
584 | privsep_preauth_child(void) | 576 | privsep_preauth_child(void) |
585 | { | 577 | { |
586 | u_int32_t rnd[256]; | 578 | u_int32_t rnd[256]; |
587 | gid_t gidset[1]; | 579 | gid_t gidset[1]; |
588 | u_int i; | ||
589 | 580 | ||
590 | /* Enable challenge-response authentication for privilege separation */ | 581 | /* Enable challenge-response authentication for privilege separation */ |
591 | privsep_challenge_enable(); | 582 | privsep_challenge_enable(); |
592 | 583 | ||
593 | arc4random_stir(); | 584 | arc4random_stir(); |
594 | for (i = 0; i < 256; i++) | 585 | arc4random_buf(rnd, sizeof(rnd)); |
595 | rnd[i] = arc4random(); | ||
596 | RAND_seed(rnd, sizeof(rnd)); | 586 | RAND_seed(rnd, sizeof(rnd)); |
597 | 587 | ||
598 | /* Demote the private keys to public keys. */ | 588 | /* Demote the private keys to public keys. */ |
@@ -666,7 +656,6 @@ static void | |||
666 | privsep_postauth(Authctxt *authctxt) | 656 | privsep_postauth(Authctxt *authctxt) |
667 | { | 657 | { |
668 | u_int32_t rnd[256]; | 658 | u_int32_t rnd[256]; |
669 | u_int i; | ||
670 | 659 | ||
671 | #ifdef DISABLE_FD_PASSING | 660 | #ifdef DISABLE_FD_PASSING |
672 | if (1) { | 661 | if (1) { |
@@ -700,8 +689,7 @@ privsep_postauth(Authctxt *authctxt) | |||
700 | demote_sensitive_data(); | 689 | demote_sensitive_data(); |
701 | 690 | ||
702 | arc4random_stir(); | 691 | arc4random_stir(); |
703 | for (i = 0; i < 256; i++) | 692 | arc4random_buf(rnd, sizeof(rnd)); |
704 | rnd[i] = arc4random(); | ||
705 | RAND_seed(rnd, sizeof(rnd)); | 693 | RAND_seed(rnd, sizeof(rnd)); |
706 | 694 | ||
707 | /* Drop privileges */ | 695 | /* Drop privileges */ |
@@ -803,7 +791,7 @@ drop_connection(int startups) | |||
803 | p *= startups - options.max_startups_begin; | 791 | p *= startups - options.max_startups_begin; |
804 | p /= options.max_startups - options.max_startups_begin; | 792 | p /= options.max_startups - options.max_startups_begin; |
805 | p += options.max_startups_rate; | 793 | p += options.max_startups_rate; |
806 | r = arc4random() % 100; | 794 | r = arc4random_uniform(100); |
807 | 795 | ||
808 | debug("drop_connection: p %d, r %d", p, r); | 796 | debug("drop_connection: p %d, r %d", p, r); |
809 | return (r < p) ? 1 : 0; | 797 | return (r < p) ? 1 : 0; |
@@ -1956,7 +1944,6 @@ do_ssh1_kex(void) | |||
1956 | u_char session_key[SSH_SESSION_KEY_LENGTH]; | 1944 | u_char session_key[SSH_SESSION_KEY_LENGTH]; |
1957 | u_char cookie[8]; | 1945 | u_char cookie[8]; |
1958 | u_int cipher_type, auth_mask, protocol_flags; | 1946 | u_int cipher_type, auth_mask, protocol_flags; |
1959 | u_int32_t rnd = 0; | ||
1960 | 1947 | ||
1961 | /* | 1948 | /* |
1962 | * Generate check bytes that the client must send back in the user | 1949 | * Generate check bytes that the client must send back in the user |
@@ -1967,12 +1954,7 @@ do_ssh1_kex(void) | |||
1967 | * cookie. This only affects rhosts authentication, and this is one | 1954 | * cookie. This only affects rhosts authentication, and this is one |
1968 | * of the reasons why it is inherently insecure. | 1955 | * of the reasons why it is inherently insecure. |
1969 | */ | 1956 | */ |
1970 | for (i = 0; i < 8; i++) { | 1957 | arc4random_buf(cookie, sizeof(cookie)); |
1971 | if (i % 4 == 0) | ||
1972 | rnd = arc4random(); | ||
1973 | cookie[i] = rnd & 0xff; | ||
1974 | rnd >>= 8; | ||
1975 | } | ||
1976 | 1958 | ||
1977 | /* | 1959 | /* |
1978 | * Send our public key. We include in the packet 64 bits of random | 1960 | * Send our public key. We include in the packet 64 bits of random |