summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog4
-rw-r--r--Makefile.in2
-rw-r--r--bsd-misc.c62
-rw-r--r--rsa.c22
-rw-r--r--rsa.h4
5 files changed, 29 insertions, 65 deletions
diff --git a/ChangeLog b/ChangeLog
index 30421b726..30c215700 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
120000127
2 - Seed OpenSSL's random number generator before generating RSA keypairs
3 - Split random collector into seperate file
4
120000126 520000126
2 - Released 1.2.2 stable 6 - Released 1.2.2 stable
3 7
diff --git a/Makefile.in b/Makefile.in
index 1c917e704..7be35784e 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -34,7 +34,7 @@ GNOME_LIBS=`gnome-config --libs gnome gnomeui`
34 34
35TARGETS=ssh sshd ssh-add ssh-keygen ssh-agent scp $(EXTRA_TARGETS) 35TARGETS=ssh sshd ssh-add ssh-keygen ssh-agent scp $(EXTRA_TARGETS)
36 36
37LIBOBJS= atomicio.o authfd.o authfile.o bsd-bindresvport.o bsd-daemon.o bsd-misc.o bsd-mktemp.o bsd-rresvport.o bsd-snprintf.o bsd-strlcat.o bsd-strlcpy.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o fake-getaddrinfo.o fake-getnameinfo.o fingerprint.o hostfile.o log.o match.o mpaux.o nchan.o packet.o radix.o readpass.o rsa.o tildexpand.o ttymodes.o uidswap.o xmalloc.o 37LIBOBJS= atomicio.o authfd.o authfile.o bsd-bindresvport.o bsd-daemon.o bsd-misc.o bsd-mktemp.o bsd-rresvport.o bsd-snprintf.o bsd-strlcat.o bsd-strlcpy.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o fake-getaddrinfo.o fake-getnameinfo.o fingerprint.o hostfile.o log.o match.o mpaux.o nchan.o packet.o radix.o random.o readpass.o rsa.o tildexpand.o ttymodes.o uidswap.o xmalloc.o
38 38
39SSHOBJS= ssh.o sshconnect.o log-client.o readconf.o clientloop.o 39SSHOBJS= ssh.o sshconnect.o log-client.o readconf.o clientloop.o
40 40
diff --git a/bsd-misc.c b/bsd-misc.c
index b00c793c0..99fe29816 100644
--- a/bsd-misc.c
+++ b/bsd-misc.c
@@ -44,8 +44,6 @@
44 44
45#include <sys/types.h> 45#include <sys/types.h>
46#include <sys/stat.h> 46#include <sys/stat.h>
47#include <sys/socket.h>
48#include <sys/un.h>
49#include <fcntl.h> 47#include <fcntl.h>
50#ifdef HAVE_STDDEF_H 48#ifdef HAVE_STDDEF_H
51#include <stddef.h> 49#include <stddef.h>
@@ -54,10 +52,7 @@
54#include "xmalloc.h" 52#include "xmalloc.h"
55#include "ssh.h" 53#include "ssh.h"
56#include "bsd-misc.h" 54#include "bsd-misc.h"
57 55#include "random.h"
58#ifndef offsetof
59#define offsetof(type, member) ((size_t) &((type *)0)->member)
60#endif
61 56
62#ifndef HAVE_ARC4RANDOM 57#ifndef HAVE_ARC4RANDOM
63 58
@@ -68,7 +63,6 @@ typedef struct
68 int j; 63 int j;
69} rc4_t; 64} rc4_t;
70 65
71void get_random_bytes(unsigned char *buf, int len);
72void rc4_key(rc4_t *r, unsigned char *key, int len); 66void rc4_key(rc4_t *r, unsigned char *key, int len);
73void rc4_getbytes(rc4_t *r, unsigned char *buffer, int len); 67void rc4_getbytes(rc4_t *r, unsigned char *buffer, int len);
74 68
@@ -134,59 +128,7 @@ void arc4random_stir(void)
134 128
135 get_random_bytes(rand_buf, sizeof(rand_buf)); 129 get_random_bytes(rand_buf, sizeof(rand_buf));
136 rc4_key(rc4, rand_buf, sizeof(rand_buf)); 130 rc4_key(rc4, rand_buf, sizeof(rand_buf));
137} 131 memset(rand_buf, 0, sizeof(rand_buf));
138
139void get_random_bytes(unsigned char *buf, int len)
140{
141 static int random_pool;
142 int c;
143#ifdef HAVE_EGD
144 char egd_message[2] = { 0x02, 0x00 };
145 struct sockaddr_un addr;
146 int addr_len;
147
148 memset(&addr, '\0', sizeof(addr));
149 addr.sun_family = AF_UNIX;
150
151 /* FIXME: compile time check? */
152 if (sizeof(RANDOM_POOL) > sizeof(addr.sun_path))
153 fatal("Random pool path is too long");
154
155 strcpy(addr.sun_path, RANDOM_POOL);
156
157 addr_len = offsetof(struct sockaddr_un, sun_path) + sizeof(RANDOM_POOL);
158
159 random_pool = socket(AF_UNIX, SOCK_STREAM, 0);
160
161 if (random_pool == -1)
162 fatal("Couldn't create AF_UNIX socket: %s", strerror(errno));
163
164 if (connect(random_pool, (struct sockaddr*)&addr, addr_len) == -1)
165 fatal("Couldn't connect to EGD socket \"%s\": %s", addr.sun_path, strerror(errno));
166
167 if (len > 255)
168 fatal("Too many bytes to read from EGD");
169
170 /* Send blocking read request to EGD */
171 egd_message[1] = len;
172
173 c = atomicio(write, random_pool, egd_message, sizeof(egd_message));
174 if (c == -1)
175 fatal("Couldn't write to EGD socket \"%s\": %s", RANDOM_POOL, strerror(errno));
176
177#else /* HAVE_EGD */
178
179 random_pool = open(RANDOM_POOL, O_RDONLY);
180 if (random_pool == -1)
181 fatal("Couldn't open random pool \"%s\": %s", RANDOM_POOL, strerror(errno));
182
183#endif /* HAVE_EGD */
184
185 c = atomicio(read, random_pool, buf, len);
186 if (c <= 0)
187 fatal("Couldn't read from random pool \"%s\": %s", RANDOM_POOL, strerror(errno));
188
189 close(random_pool);
190} 132}
191#endif /* !HAVE_ARC4RANDOM */ 133#endif /* !HAVE_ARC4RANDOM */
192 134
diff --git a/rsa.c b/rsa.c
index 5e7297be0..597d20fb8 100644
--- a/rsa.c
+++ b/rsa.c
@@ -35,11 +35,12 @@
35*/ 35*/
36 36
37#include "includes.h" 37#include "includes.h"
38RCSID("$Id: rsa.c,v 1.6 1999/12/17 03:02:47 damien Exp $"); 38RCSID("$Id: rsa.c,v 1.7 2000/01/29 09:40:22 damien Exp $");
39 39
40#include "rsa.h" 40#include "rsa.h"
41#include "ssh.h" 41#include "ssh.h"
42#include "xmalloc.h" 42#include "xmalloc.h"
43#include "random.h"
43 44
44int rsa_verbose = 1; 45int rsa_verbose = 1;
45 46
@@ -64,13 +65,26 @@ keygen_progress(int p, int n, void *arg)
64 const char progress_chars[] = ".o+O?"; 65 const char progress_chars[] = ".o+O?";
65 66
66 if ((p < 0) || (p > (sizeof(progress_chars) - 2))) 67 if ((p < 0) || (p > (sizeof(progress_chars) - 2)))
67 p = 4; 68 p = sizeof(progress_chars) - 2;
68 69
69 printf("%c", progress_chars[p]); 70 putchar(progress_chars[p]);
70 fflush(stdout); 71 fflush(stdout);
71} 72}
72 73
73/* 74/*
75 * Seed OpenSSL's random number generator
76 */
77void
78seed_rng()
79{
80 char buf[32];
81
82 get_random_bytes(buf, sizeof(buf));
83 RAND_seed(buf, sizeof(buf));
84 memset(buf, 0, sizeof(buf));
85}
86
87/*
74 * Generates RSA public and private keys. This initializes the data 88 * Generates RSA public and private keys. This initializes the data
75 * structures; they should be freed with rsa_clear_private_key and 89 * structures; they should be freed with rsa_clear_private_key and
76 * rsa_clear_public_key. 90 * rsa_clear_public_key.
@@ -81,6 +95,8 @@ rsa_generate_key(RSA *prv, RSA *pub, unsigned int bits)
81{ 95{
82 RSA *key; 96 RSA *key;
83 97
98 seed_rng();
99
84 if (rsa_verbose) { 100 if (rsa_verbose) {
85 printf("Generating RSA keys: "); 101 printf("Generating RSA keys: ");
86 fflush(stdout); 102 fflush(stdout);
diff --git a/rsa.h b/rsa.h
index 485a94dcd..57c00a146 100644
--- a/rsa.h
+++ b/rsa.h
@@ -13,7 +13,7 @@
13 * 13 *
14*/ 14*/
15 15
16/* RCSID("$Id: rsa.h,v 1.5 1999/11/25 00:54:59 damien Exp $"); */ 16/* RCSID("$Id: rsa.h,v 1.6 2000/01/29 09:40:22 damien Exp $"); */
17 17
18#ifndef RSA_H 18#ifndef RSA_H
19#define RSA_H 19#define RSA_H
@@ -23,11 +23,13 @@
23#ifdef HAVE_OPENSSL 23#ifdef HAVE_OPENSSL
24#include <openssl/bn.h> 24#include <openssl/bn.h>
25#include <openssl/rsa.h> 25#include <openssl/rsa.h>
26#include <openssl/rand.h>
26#endif 27#endif
27 28
28#ifdef HAVE_SSL 29#ifdef HAVE_SSL
29#include <ssl/bn.h> 30#include <ssl/bn.h>
30#include <ssl/rsa.h> 31#include <ssl/rsa.h>
32#include <ssl/rand.h>
31#endif 33#endif
32 34
33/* Calls SSL RSA_generate_key, only copies to prv and pub */ 35/* Calls SSL RSA_generate_key, only copies to prv and pub */