diff options
-rw-r--r-- | ChangeLog | 4 | ||||
-rw-r--r-- | Makefile.in | 2 | ||||
-rw-r--r-- | bsd-misc.c | 62 | ||||
-rw-r--r-- | rsa.c | 22 | ||||
-rw-r--r-- | rsa.h | 4 |
5 files changed, 29 insertions, 65 deletions
@@ -1,3 +1,7 @@ | |||
1 | 20000127 | ||
2 | - Seed OpenSSL's random number generator before generating RSA keypairs | ||
3 | - Split random collector into seperate file | ||
4 | |||
1 | 20000126 | 5 | 20000126 |
2 | - Released 1.2.2 stable | 6 | - Released 1.2.2 stable |
3 | 7 | ||
diff --git a/Makefile.in b/Makefile.in index 1c917e704..7be35784e 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -34,7 +34,7 @@ GNOME_LIBS=`gnome-config --libs gnome gnomeui` | |||
34 | 34 | ||
35 | TARGETS=ssh sshd ssh-add ssh-keygen ssh-agent scp $(EXTRA_TARGETS) | 35 | TARGETS=ssh sshd ssh-add ssh-keygen ssh-agent scp $(EXTRA_TARGETS) |
36 | 36 | ||
37 | LIBOBJS= atomicio.o authfd.o authfile.o bsd-bindresvport.o bsd-daemon.o bsd-misc.o bsd-mktemp.o bsd-rresvport.o bsd-snprintf.o bsd-strlcat.o bsd-strlcpy.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o fake-getaddrinfo.o fake-getnameinfo.o fingerprint.o hostfile.o log.o match.o mpaux.o nchan.o packet.o radix.o readpass.o rsa.o tildexpand.o ttymodes.o uidswap.o xmalloc.o | 37 | LIBOBJS= atomicio.o authfd.o authfile.o bsd-bindresvport.o bsd-daemon.o bsd-misc.o bsd-mktemp.o bsd-rresvport.o bsd-snprintf.o bsd-strlcat.o bsd-strlcpy.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o fake-getaddrinfo.o fake-getnameinfo.o fingerprint.o hostfile.o log.o match.o mpaux.o nchan.o packet.o radix.o random.o readpass.o rsa.o tildexpand.o ttymodes.o uidswap.o xmalloc.o |
38 | 38 | ||
39 | SSHOBJS= ssh.o sshconnect.o log-client.o readconf.o clientloop.o | 39 | SSHOBJS= ssh.o sshconnect.o log-client.o readconf.o clientloop.o |
40 | 40 | ||
diff --git a/bsd-misc.c b/bsd-misc.c index b00c793c0..99fe29816 100644 --- a/bsd-misc.c +++ b/bsd-misc.c | |||
@@ -44,8 +44,6 @@ | |||
44 | 44 | ||
45 | #include <sys/types.h> | 45 | #include <sys/types.h> |
46 | #include <sys/stat.h> | 46 | #include <sys/stat.h> |
47 | #include <sys/socket.h> | ||
48 | #include <sys/un.h> | ||
49 | #include <fcntl.h> | 47 | #include <fcntl.h> |
50 | #ifdef HAVE_STDDEF_H | 48 | #ifdef HAVE_STDDEF_H |
51 | #include <stddef.h> | 49 | #include <stddef.h> |
@@ -54,10 +52,7 @@ | |||
54 | #include "xmalloc.h" | 52 | #include "xmalloc.h" |
55 | #include "ssh.h" | 53 | #include "ssh.h" |
56 | #include "bsd-misc.h" | 54 | #include "bsd-misc.h" |
57 | 55 | #include "random.h" | |
58 | #ifndef offsetof | ||
59 | #define offsetof(type, member) ((size_t) &((type *)0)->member) | ||
60 | #endif | ||
61 | 56 | ||
62 | #ifndef HAVE_ARC4RANDOM | 57 | #ifndef HAVE_ARC4RANDOM |
63 | 58 | ||
@@ -68,7 +63,6 @@ typedef struct | |||
68 | int j; | 63 | int j; |
69 | } rc4_t; | 64 | } rc4_t; |
70 | 65 | ||
71 | void get_random_bytes(unsigned char *buf, int len); | ||
72 | void rc4_key(rc4_t *r, unsigned char *key, int len); | 66 | void rc4_key(rc4_t *r, unsigned char *key, int len); |
73 | void rc4_getbytes(rc4_t *r, unsigned char *buffer, int len); | 67 | void rc4_getbytes(rc4_t *r, unsigned char *buffer, int len); |
74 | 68 | ||
@@ -134,59 +128,7 @@ void arc4random_stir(void) | |||
134 | 128 | ||
135 | get_random_bytes(rand_buf, sizeof(rand_buf)); | 129 | get_random_bytes(rand_buf, sizeof(rand_buf)); |
136 | rc4_key(rc4, rand_buf, sizeof(rand_buf)); | 130 | rc4_key(rc4, rand_buf, sizeof(rand_buf)); |
137 | } | 131 | memset(rand_buf, 0, sizeof(rand_buf)); |
138 | |||
139 | void get_random_bytes(unsigned char *buf, int len) | ||
140 | { | ||
141 | static int random_pool; | ||
142 | int c; | ||
143 | #ifdef HAVE_EGD | ||
144 | char egd_message[2] = { 0x02, 0x00 }; | ||
145 | struct sockaddr_un addr; | ||
146 | int addr_len; | ||
147 | |||
148 | memset(&addr, '\0', sizeof(addr)); | ||
149 | addr.sun_family = AF_UNIX; | ||
150 | |||
151 | /* FIXME: compile time check? */ | ||
152 | if (sizeof(RANDOM_POOL) > sizeof(addr.sun_path)) | ||
153 | fatal("Random pool path is too long"); | ||
154 | |||
155 | strcpy(addr.sun_path, RANDOM_POOL); | ||
156 | |||
157 | addr_len = offsetof(struct sockaddr_un, sun_path) + sizeof(RANDOM_POOL); | ||
158 | |||
159 | random_pool = socket(AF_UNIX, SOCK_STREAM, 0); | ||
160 | |||
161 | if (random_pool == -1) | ||
162 | fatal("Couldn't create AF_UNIX socket: %s", strerror(errno)); | ||
163 | |||
164 | if (connect(random_pool, (struct sockaddr*)&addr, addr_len) == -1) | ||
165 | fatal("Couldn't connect to EGD socket \"%s\": %s", addr.sun_path, strerror(errno)); | ||
166 | |||
167 | if (len > 255) | ||
168 | fatal("Too many bytes to read from EGD"); | ||
169 | |||
170 | /* Send blocking read request to EGD */ | ||
171 | egd_message[1] = len; | ||
172 | |||
173 | c = atomicio(write, random_pool, egd_message, sizeof(egd_message)); | ||
174 | if (c == -1) | ||
175 | fatal("Couldn't write to EGD socket \"%s\": %s", RANDOM_POOL, strerror(errno)); | ||
176 | |||
177 | #else /* HAVE_EGD */ | ||
178 | |||
179 | random_pool = open(RANDOM_POOL, O_RDONLY); | ||
180 | if (random_pool == -1) | ||
181 | fatal("Couldn't open random pool \"%s\": %s", RANDOM_POOL, strerror(errno)); | ||
182 | |||
183 | #endif /* HAVE_EGD */ | ||
184 | |||
185 | c = atomicio(read, random_pool, buf, len); | ||
186 | if (c <= 0) | ||
187 | fatal("Couldn't read from random pool \"%s\": %s", RANDOM_POOL, strerror(errno)); | ||
188 | |||
189 | close(random_pool); | ||
190 | } | 132 | } |
191 | #endif /* !HAVE_ARC4RANDOM */ | 133 | #endif /* !HAVE_ARC4RANDOM */ |
192 | 134 | ||
@@ -35,11 +35,12 @@ | |||
35 | */ | 35 | */ |
36 | 36 | ||
37 | #include "includes.h" | 37 | #include "includes.h" |
38 | RCSID("$Id: rsa.c,v 1.6 1999/12/17 03:02:47 damien Exp $"); | 38 | RCSID("$Id: rsa.c,v 1.7 2000/01/29 09:40:22 damien Exp $"); |
39 | 39 | ||
40 | #include "rsa.h" | 40 | #include "rsa.h" |
41 | #include "ssh.h" | 41 | #include "ssh.h" |
42 | #include "xmalloc.h" | 42 | #include "xmalloc.h" |
43 | #include "random.h" | ||
43 | 44 | ||
44 | int rsa_verbose = 1; | 45 | int rsa_verbose = 1; |
45 | 46 | ||
@@ -64,13 +65,26 @@ keygen_progress(int p, int n, void *arg) | |||
64 | const char progress_chars[] = ".o+O?"; | 65 | const char progress_chars[] = ".o+O?"; |
65 | 66 | ||
66 | if ((p < 0) || (p > (sizeof(progress_chars) - 2))) | 67 | if ((p < 0) || (p > (sizeof(progress_chars) - 2))) |
67 | p = 4; | 68 | p = sizeof(progress_chars) - 2; |
68 | 69 | ||
69 | printf("%c", progress_chars[p]); | 70 | putchar(progress_chars[p]); |
70 | fflush(stdout); | 71 | fflush(stdout); |
71 | } | 72 | } |
72 | 73 | ||
73 | /* | 74 | /* |
75 | * Seed OpenSSL's random number generator | ||
76 | */ | ||
77 | void | ||
78 | seed_rng() | ||
79 | { | ||
80 | char buf[32]; | ||
81 | |||
82 | get_random_bytes(buf, sizeof(buf)); | ||
83 | RAND_seed(buf, sizeof(buf)); | ||
84 | memset(buf, 0, sizeof(buf)); | ||
85 | } | ||
86 | |||
87 | /* | ||
74 | * Generates RSA public and private keys. This initializes the data | 88 | * Generates RSA public and private keys. This initializes the data |
75 | * structures; they should be freed with rsa_clear_private_key and | 89 | * structures; they should be freed with rsa_clear_private_key and |
76 | * rsa_clear_public_key. | 90 | * rsa_clear_public_key. |
@@ -81,6 +95,8 @@ rsa_generate_key(RSA *prv, RSA *pub, unsigned int bits) | |||
81 | { | 95 | { |
82 | RSA *key; | 96 | RSA *key; |
83 | 97 | ||
98 | seed_rng(); | ||
99 | |||
84 | if (rsa_verbose) { | 100 | if (rsa_verbose) { |
85 | printf("Generating RSA keys: "); | 101 | printf("Generating RSA keys: "); |
86 | fflush(stdout); | 102 | fflush(stdout); |
@@ -13,7 +13,7 @@ | |||
13 | * | 13 | * |
14 | */ | 14 | */ |
15 | 15 | ||
16 | /* RCSID("$Id: rsa.h,v 1.5 1999/11/25 00:54:59 damien Exp $"); */ | 16 | /* RCSID("$Id: rsa.h,v 1.6 2000/01/29 09:40:22 damien Exp $"); */ |
17 | 17 | ||
18 | #ifndef RSA_H | 18 | #ifndef RSA_H |
19 | #define RSA_H | 19 | #define RSA_H |
@@ -23,11 +23,13 @@ | |||
23 | #ifdef HAVE_OPENSSL | 23 | #ifdef HAVE_OPENSSL |
24 | #include <openssl/bn.h> | 24 | #include <openssl/bn.h> |
25 | #include <openssl/rsa.h> | 25 | #include <openssl/rsa.h> |
26 | #include <openssl/rand.h> | ||
26 | #endif | 27 | #endif |
27 | 28 | ||
28 | #ifdef HAVE_SSL | 29 | #ifdef HAVE_SSL |
29 | #include <ssl/bn.h> | 30 | #include <ssl/bn.h> |
30 | #include <ssl/rsa.h> | 31 | #include <ssl/rsa.h> |
32 | #include <ssl/rand.h> | ||
31 | #endif | 33 | #endif |
32 | 34 | ||
33 | /* Calls SSL RSA_generate_key, only copies to prv and pub */ | 35 | /* Calls SSL RSA_generate_key, only copies to prv and pub */ |