summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog2
-rw-r--r--bsd-arc4random.c15
-rw-r--r--key.h4
-rw-r--r--ssh_config8
-rw-r--r--sshd_config2
5 files changed, 18 insertions, 13 deletions
diff --git a/ChangeLog b/ChangeLog
index 1fe68ed6..3af34b9b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,7 @@
20000830
- (djm) Compile warning fixes from Mark Miller <markm@swoon.net>
+ - (djm) Periodically rekey arc4random
+ - (djm) Clean up diff against OpenBSD.
20000829
- (djm) Fix ^C ignored issue on Solaris. Diagnosis from Gert
diff --git a/bsd-arc4random.c b/bsd-arc4random.c
index 4c2f0854..a1f51546 100644
--- a/bsd-arc4random.c
+++ b/bsd-arc4random.c
@@ -33,6 +33,12 @@
#ifndef HAVE_ARC4RANDOM
+/* Size of key to use */
+#define SEED_SIZE 20
+
+/* Number of bytes to reseed after */
+#define REKEY_BYTES (1 >> 18)
+
static int rc4_ready = 0;
static RC4_KEY rc4;
@@ -40,27 +46,30 @@ unsigned int arc4random(void)
{
unsigned int r = 0;
- if (!rc4_ready)
+ if (rc4_ready <= 0)
arc4random_stir();
RC4(&rc4, sizeof(r), (unsigned char *)&r, (unsigned char *)&r);
+
+ rc4_ready -= sizeof(r);
return(r);
}
void arc4random_stir(void)
{
- unsigned char rand_buf[32];
+ unsigned char rand_buf[SEED_SIZE];
memset(&rc4, 0, sizeof(rc4));
seed_rng();
+
RAND_bytes(rand_buf, sizeof(rand_buf));
RC4_set_key(&rc4, sizeof(rand_buf), rand_buf);
memset(rand_buf, 0, sizeof(rand_buf));
- rc4_ready = 1;
+ rc4_ready = REKEY_BYTES;
}
#endif /* !HAVE_ARC4RANDOM */
diff --git a/key.h b/key.h
index ed3f770b..53b3bfb2 100644
--- a/key.h
+++ b/key.h
@@ -19,7 +19,7 @@ int key_equal(Key *a, Key *b);
char *key_fingerprint(Key *k);
char *key_type(Key *k);
int key_write(Key *key, FILE *f);
-unsigned int
-key_read(Key *key, char **cpp);
+unsigned int key_read(Key *key, char **cpp);
+unsigned int key_size(Key *k);
#endif
diff --git a/ssh_config b/ssh_config
index 70275b39..cb360d04 100644
--- a/ssh_config
+++ b/ssh_config
@@ -27,11 +27,5 @@
# IdentityFile ~/.ssh/identity
# Port 22
# Protocol 2,1
-# Cipher 3des
+# Cipher blowfish
# EscapeChar ~
-
-# Be paranoid by default
-Host *
- ForwardAgent no
- ForwardX11 no
- FallBackToRsh no
diff --git a/sshd_config b/sshd_config
index a97b780e..b89b19fc 100644
--- a/sshd_config
+++ b/sshd_config
@@ -48,7 +48,7 @@ PermitEmptyPasswords no
#KerberosTgtPassing yes
CheckMail no
-UseLogin no
+#UseLogin no
#Subsystem sftp /usr/local/sbin/sftpd
#MaxStartups 10:30:60
View Lorry Controller Status