diff options
| -rw-r--r-- | ChangeLog | 9 | ||||
| -rw-r--r-- | dh.c | 4 | ||||
| -rw-r--r-- | sshd.c | 32 |
3 files changed, 17 insertions, 28 deletions
| @@ -14,6 +14,13 @@ | |||
| 14 | - (djm) [openbsd-compat/bsd-arc4random.c openbsd-compat/openbsd-compat.c] | 14 | - (djm) [openbsd-compat/bsd-arc4random.c openbsd-compat/openbsd-compat.c] |
| 15 | [configure.ac] Implement arc4random_buf(), import implementation of | 15 | [configure.ac] Implement arc4random_buf(), import implementation of |
| 16 | arc4random_uniform() from OpenBSD | 16 | arc4random_uniform() from OpenBSD |
| 17 | - (djm) OpenBSD CVS Sync | ||
| 18 | - djm@cvs.openbsd.org 2008/04/13 00:22:17 | ||
| 19 | [dh.c sshd.c] | ||
| 20 | Use arc4random_buf() when requesting more than a single word of output | ||
| 21 | Use arc4random_uniform() when the desired random number upper bound | ||
| 22 | is not a power of two | ||
| 23 | ok deraadt@ millert@ | ||
| 17 | 24 | ||
| 18 | 20080403 | 25 | 20080403 |
| 19 | - (djm) [openbsd-compat/bsd-poll.c] Include stdlib.h to avoid compile- | 26 | - (djm) [openbsd-compat/bsd-poll.c] Include stdlib.h to avoid compile- |
| @@ -3874,4 +3881,4 @@ | |||
| 3874 | OpenServer 6 and add osr5bigcrypt support so when someone migrates | 3881 | OpenServer 6 and add osr5bigcrypt support so when someone migrates |
| 3875 | passwords between UnixWare and OpenServer they will still work. OK dtucker@ | 3882 | passwords between UnixWare and OpenServer they will still work. OK dtucker@ |
| 3876 | 3883 | ||
| 3877 | $Id: ChangeLog,v 1.4909 2008/05/19 04:47:37 djm Exp $ | 3884 | $Id: ChangeLog,v 1.4910 2008/05/19 04:50:00 djm Exp $ |
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: dh.c,v 1.45 2007/09/27 00:15:57 ray Exp $ */ | 1 | /* $OpenBSD: dh.c,v 1.46 2008/04/13 00:22:17 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2000 Niels Provos. All rights reserved. | 3 | * Copyright (c) 2000 Niels Provos. All rights reserved. |
| 4 | * | 4 | * |
| @@ -153,7 +153,7 @@ choose_dh(int min, int wantbits, int max) | |||
| 153 | } | 153 | } |
| 154 | 154 | ||
| 155 | linenum = 0; | 155 | linenum = 0; |
| 156 | which = arc4random() % bestcount; | 156 | which = arc4random_uniform(bestcount); |
| 157 | while (fgets(line, sizeof(line), f)) { | 157 | while (fgets(line, sizeof(line), f)) { |
| 158 | if (!parse_prime(linenum, line, &dhg)) | 158 | if (!parse_prime(linenum, line, &dhg)) |
| 159 | continue; | 159 | continue; |
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: sshd.c,v 1.355 2008/02/14 13:10:31 mbalmer Exp $ */ | 1 | /* $OpenBSD: sshd.c,v 1.356 2008/04/13 00:22:17 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -368,9 +368,6 @@ grace_alarm_handler(int sig) | |||
| 368 | static void | 368 | static void |
| 369 | generate_ephemeral_server_key(void) | 369 | generate_ephemeral_server_key(void) |
| 370 | { | 370 | { |
| 371 | u_int32_t rnd = 0; | ||
| 372 | int i; | ||
| 373 | |||
| 374 | verbose("Generating %s%d bit RSA key.", | 371 | verbose("Generating %s%d bit RSA key.", |
| 375 | sensitive_data.server_key ? "new " : "", options.server_key_bits); | 372 | sensitive_data.server_key ? "new " : "", options.server_key_bits); |
| 376 | if (sensitive_data.server_key != NULL) | 373 | if (sensitive_data.server_key != NULL) |
| @@ -379,12 +376,7 @@ generate_ephemeral_server_key(void) | |||
| 379 | options.server_key_bits); | 376 | options.server_key_bits); |
| 380 | verbose("RSA key generation complete."); | 377 | verbose("RSA key generation complete."); |
| 381 | 378 | ||
| 382 | for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) { | 379 | arc4random_buf(sensitive_data.ssh1_cookie, SSH_SESSION_KEY_LENGTH); |
| 383 | if (i % 4 == 0) | ||
| 384 | rnd = arc4random(); | ||
| 385 | sensitive_data.ssh1_cookie[i] = rnd & 0xff; | ||
| 386 | rnd >>= 8; | ||
| 387 | } | ||
| 388 | arc4random_stir(); | 380 | arc4random_stir(); |
| 389 | } | 381 | } |
| 390 | 382 | ||
| @@ -583,16 +575,14 @@ demote_sensitive_data(void) | |||
| 583 | static void | 575 | static void |
| 584 | privsep_preauth_child(void) | 576 | privsep_preauth_child(void) |
| 585 | { | 577 | { |
| 586 | u_int32_t rnd[256]; | 578 | u_int32_t rnd[256]; |
| 587 | gid_t gidset[1]; | 579 | gid_t gidset[1]; |
| 588 | u_int i; | ||
| 589 | 580 | ||
| 590 | /* Enable challenge-response authentication for privilege separation */ | 581 | /* Enable challenge-response authentication for privilege separation */ |
| 591 | privsep_challenge_enable(); | 582 | privsep_challenge_enable(); |
| 592 | 583 | ||
| 593 | arc4random_stir(); | 584 | arc4random_stir(); |
| 594 | for (i = 0; i < 256; i++) | 585 | arc4random_buf(rnd, sizeof(rnd)); |
| 595 | rnd[i] = arc4random(); | ||
| 596 | RAND_seed(rnd, sizeof(rnd)); | 586 | RAND_seed(rnd, sizeof(rnd)); |
| 597 | 587 | ||
| 598 | /* Demote the private keys to public keys. */ | 588 | /* Demote the private keys to public keys. */ |
| @@ -666,7 +656,6 @@ static void | |||
| 666 | privsep_postauth(Authctxt *authctxt) | 656 | privsep_postauth(Authctxt *authctxt) |
| 667 | { | 657 | { |
| 668 | u_int32_t rnd[256]; | 658 | u_int32_t rnd[256]; |
| 669 | u_int i; | ||
| 670 | 659 | ||
| 671 | #ifdef DISABLE_FD_PASSING | 660 | #ifdef DISABLE_FD_PASSING |
| 672 | if (1) { | 661 | if (1) { |
| @@ -700,8 +689,7 @@ privsep_postauth(Authctxt *authctxt) | |||
| 700 | demote_sensitive_data(); | 689 | demote_sensitive_data(); |
| 701 | 690 | ||
| 702 | arc4random_stir(); | 691 | arc4random_stir(); |
| 703 | for (i = 0; i < 256; i++) | 692 | arc4random_buf(rnd, sizeof(rnd)); |
| 704 | rnd[i] = arc4random(); | ||
| 705 | RAND_seed(rnd, sizeof(rnd)); | 693 | RAND_seed(rnd, sizeof(rnd)); |
| 706 | 694 | ||
| 707 | /* Drop privileges */ | 695 | /* Drop privileges */ |
| @@ -803,7 +791,7 @@ drop_connection(int startups) | |||
| 803 | p *= startups - options.max_startups_begin; | 791 | p *= startups - options.max_startups_begin; |
| 804 | p /= options.max_startups - options.max_startups_begin; | 792 | p /= options.max_startups - options.max_startups_begin; |
| 805 | p += options.max_startups_rate; | 793 | p += options.max_startups_rate; |
| 806 | r = arc4random() % 100; | 794 | r = arc4random_uniform(100); |
| 807 | 795 | ||
| 808 | debug("drop_connection: p %d, r %d", p, r); | 796 | debug("drop_connection: p %d, r %d", p, r); |
| 809 | return (r < p) ? 1 : 0; | 797 | return (r < p) ? 1 : 0; |
| @@ -1956,7 +1944,6 @@ do_ssh1_kex(void) | |||
| 1956 | u_char session_key[SSH_SESSION_KEY_LENGTH]; | 1944 | u_char session_key[SSH_SESSION_KEY_LENGTH]; |
| 1957 | u_char cookie[8]; | 1945 | u_char cookie[8]; |
| 1958 | u_int cipher_type, auth_mask, protocol_flags; | 1946 | u_int cipher_type, auth_mask, protocol_flags; |
| 1959 | u_int32_t rnd = 0; | ||
| 1960 | 1947 | ||
| 1961 | /* | 1948 | /* |
| 1962 | * Generate check bytes that the client must send back in the user | 1949 | * Generate check bytes that the client must send back in the user |
| @@ -1967,12 +1954,7 @@ do_ssh1_kex(void) | |||
| 1967 | * cookie. This only affects rhosts authentication, and this is one | 1954 | * cookie. This only affects rhosts authentication, and this is one |
| 1968 | * of the reasons why it is inherently insecure. | 1955 | * of the reasons why it is inherently insecure. |
| 1969 | */ | 1956 | */ |
| 1970 | for (i = 0; i < 8; i++) { | 1957 | arc4random_buf(cookie, sizeof(cookie)); |
| 1971 | if (i % 4 == 0) | ||
| 1972 | rnd = arc4random(); | ||
| 1973 | cookie[i] = rnd & 0xff; | ||
| 1974 | rnd >>= 8; | ||
| 1975 | } | ||
| 1976 | 1958 | ||
| 1977 | /* | 1959 | /* |
| 1978 | * Send our public key. We include in the packet 64 bits of random | 1960 | * Send our public key. We include in the packet 64 bits of random |