mirror of
git://anongit.mindrot.org/openssh.git
synced 2024-11-30 18:03:32 +08:00
- Seed OpenSSL's random number generator before generating RSA keypairs
- Split random collector into seperate file
This commit is contained in:
parent
4e61b79d5b
commit
f07390e90d
@ -1,3 +1,7 @@
|
||||
20000127
|
||||
- Seed OpenSSL's random number generator before generating RSA keypairs
|
||||
- Split random collector into seperate file
|
||||
|
||||
20000126
|
||||
- Released 1.2.2 stable
|
||||
|
||||
|
@ -34,7 +34,7 @@ GNOME_LIBS=`gnome-config --libs gnome gnomeui`
|
||||
|
||||
TARGETS=ssh sshd ssh-add ssh-keygen ssh-agent scp $(EXTRA_TARGETS)
|
||||
|
||||
LIBOBJS= atomicio.o authfd.o authfile.o bsd-bindresvport.o bsd-daemon.o bsd-misc.o bsd-mktemp.o bsd-rresvport.o bsd-snprintf.o bsd-strlcat.o bsd-strlcpy.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o fake-getaddrinfo.o fake-getnameinfo.o fingerprint.o hostfile.o log.o match.o mpaux.o nchan.o packet.o radix.o readpass.o rsa.o tildexpand.o ttymodes.o uidswap.o xmalloc.o
|
||||
LIBOBJS= atomicio.o authfd.o authfile.o bsd-bindresvport.o bsd-daemon.o bsd-misc.o bsd-mktemp.o bsd-rresvport.o bsd-snprintf.o bsd-strlcat.o bsd-strlcpy.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o fake-getaddrinfo.o fake-getnameinfo.o fingerprint.o hostfile.o log.o match.o mpaux.o nchan.o packet.o radix.o random.o readpass.o rsa.o tildexpand.o ttymodes.o uidswap.o xmalloc.o
|
||||
|
||||
SSHOBJS= ssh.o sshconnect.o log-client.o readconf.o clientloop.o
|
||||
|
||||
|
62
bsd-misc.c
62
bsd-misc.c
@ -44,8 +44,6 @@
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/stat.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/un.h>
|
||||
#include <fcntl.h>
|
||||
#ifdef HAVE_STDDEF_H
|
||||
#include <stddef.h>
|
||||
@ -54,10 +52,7 @@
|
||||
#include "xmalloc.h"
|
||||
#include "ssh.h"
|
||||
#include "bsd-misc.h"
|
||||
|
||||
#ifndef offsetof
|
||||
#define offsetof(type, member) ((size_t) &((type *)0)->member)
|
||||
#endif
|
||||
#include "random.h"
|
||||
|
||||
#ifndef HAVE_ARC4RANDOM
|
||||
|
||||
@ -68,7 +63,6 @@ typedef struct
|
||||
int j;
|
||||
} rc4_t;
|
||||
|
||||
void get_random_bytes(unsigned char *buf, int len);
|
||||
void rc4_key(rc4_t *r, unsigned char *key, int len);
|
||||
void rc4_getbytes(rc4_t *r, unsigned char *buffer, int len);
|
||||
|
||||
@ -134,59 +128,7 @@ void arc4random_stir(void)
|
||||
|
||||
get_random_bytes(rand_buf, sizeof(rand_buf));
|
||||
rc4_key(rc4, rand_buf, sizeof(rand_buf));
|
||||
}
|
||||
|
||||
void get_random_bytes(unsigned char *buf, int len)
|
||||
{
|
||||
static int random_pool;
|
||||
int c;
|
||||
#ifdef HAVE_EGD
|
||||
char egd_message[2] = { 0x02, 0x00 };
|
||||
struct sockaddr_un addr;
|
||||
int addr_len;
|
||||
|
||||
memset(&addr, '\0', sizeof(addr));
|
||||
addr.sun_family = AF_UNIX;
|
||||
|
||||
/* FIXME: compile time check? */
|
||||
if (sizeof(RANDOM_POOL) > sizeof(addr.sun_path))
|
||||
fatal("Random pool path is too long");
|
||||
|
||||
strcpy(addr.sun_path, RANDOM_POOL);
|
||||
|
||||
addr_len = offsetof(struct sockaddr_un, sun_path) + sizeof(RANDOM_POOL);
|
||||
|
||||
random_pool = socket(AF_UNIX, SOCK_STREAM, 0);
|
||||
|
||||
if (random_pool == -1)
|
||||
fatal("Couldn't create AF_UNIX socket: %s", strerror(errno));
|
||||
|
||||
if (connect(random_pool, (struct sockaddr*)&addr, addr_len) == -1)
|
||||
fatal("Couldn't connect to EGD socket \"%s\": %s", addr.sun_path, strerror(errno));
|
||||
|
||||
if (len > 255)
|
||||
fatal("Too many bytes to read from EGD");
|
||||
|
||||
/* Send blocking read request to EGD */
|
||||
egd_message[1] = len;
|
||||
|
||||
c = atomicio(write, random_pool, egd_message, sizeof(egd_message));
|
||||
if (c == -1)
|
||||
fatal("Couldn't write to EGD socket \"%s\": %s", RANDOM_POOL, strerror(errno));
|
||||
|
||||
#else /* HAVE_EGD */
|
||||
|
||||
random_pool = open(RANDOM_POOL, O_RDONLY);
|
||||
if (random_pool == -1)
|
||||
fatal("Couldn't open random pool \"%s\": %s", RANDOM_POOL, strerror(errno));
|
||||
|
||||
#endif /* HAVE_EGD */
|
||||
|
||||
c = atomicio(read, random_pool, buf, len);
|
||||
if (c <= 0)
|
||||
fatal("Couldn't read from random pool \"%s\": %s", RANDOM_POOL, strerror(errno));
|
||||
|
||||
close(random_pool);
|
||||
memset(rand_buf, 0, sizeof(rand_buf));
|
||||
}
|
||||
#endif /* !HAVE_ARC4RANDOM */
|
||||
|
||||
|
22
rsa.c
22
rsa.c
@ -35,11 +35,12 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$Id: rsa.c,v 1.6 1999/12/17 03:02:47 damien Exp $");
|
||||
RCSID("$Id: rsa.c,v 1.7 2000/01/29 09:40:22 damien Exp $");
|
||||
|
||||
#include "rsa.h"
|
||||
#include "ssh.h"
|
||||
#include "xmalloc.h"
|
||||
#include "random.h"
|
||||
|
||||
int rsa_verbose = 1;
|
||||
|
||||
@ -64,12 +65,25 @@ keygen_progress(int p, int n, void *arg)
|
||||
const char progress_chars[] = ".o+O?";
|
||||
|
||||
if ((p < 0) || (p > (sizeof(progress_chars) - 2)))
|
||||
p = 4;
|
||||
p = sizeof(progress_chars) - 2;
|
||||
|
||||
printf("%c", progress_chars[p]);
|
||||
putchar(progress_chars[p]);
|
||||
fflush(stdout);
|
||||
}
|
||||
|
||||
/*
|
||||
* Seed OpenSSL's random number generator
|
||||
*/
|
||||
void
|
||||
seed_rng()
|
||||
{
|
||||
char buf[32];
|
||||
|
||||
get_random_bytes(buf, sizeof(buf));
|
||||
RAND_seed(buf, sizeof(buf));
|
||||
memset(buf, 0, sizeof(buf));
|
||||
}
|
||||
|
||||
/*
|
||||
* Generates RSA public and private keys. This initializes the data
|
||||
* structures; they should be freed with rsa_clear_private_key and
|
||||
@ -81,6 +95,8 @@ rsa_generate_key(RSA *prv, RSA *pub, unsigned int bits)
|
||||
{
|
||||
RSA *key;
|
||||
|
||||
seed_rng();
|
||||
|
||||
if (rsa_verbose) {
|
||||
printf("Generating RSA keys: ");
|
||||
fflush(stdout);
|
||||
|
4
rsa.h
4
rsa.h
@ -13,7 +13,7 @@
|
||||
*
|
||||
*/
|
||||
|
||||
/* RCSID("$Id: rsa.h,v 1.5 1999/11/25 00:54:59 damien Exp $"); */
|
||||
/* RCSID("$Id: rsa.h,v 1.6 2000/01/29 09:40:22 damien Exp $"); */
|
||||
|
||||
#ifndef RSA_H
|
||||
#define RSA_H
|
||||
@ -23,11 +23,13 @@
|
||||
#ifdef HAVE_OPENSSL
|
||||
#include <openssl/bn.h>
|
||||
#include <openssl/rsa.h>
|
||||
#include <openssl/rand.h>
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_SSL
|
||||
#include <ssl/bn.h>
|
||||
#include <ssl/rsa.h>
|
||||
#include <ssl/rand.h>
|
||||
#endif
|
||||
|
||||
/* Calls SSL RSA_generate_key, only copies to prv and pub */
|
||||
|
Loading…
Reference in New Issue
Block a user