diff options
| author | djm <djm> | 2008-05-19 04:50:00 +0000 |
|---|---|---|
| committer | djm <djm> | 2008-05-19 04:50:00 +0000 |
| commit | a1e37c5fac57353ca7637c0dd6d3deaf4ce24452 (patch) | |
| tree | c86070babcddeb3d6e8dcb696318c7152dd9fc8a | |
| parent | f690d624665500312faee3becf0de7f302d77d2d (diff) | |
| download | openssh-a1e37c5fac57353ca7637c0dd6d3deaf4ce24452.tar.gz | |
- (djm) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2008/04/13 00:22:17
[dh.c sshd.c]
Use arc4random_buf() when requesting more than a single word of output
Use arc4random_uniform() when the desired random number upper bound
is not a power of two
ok deraadt@ millert@
| -rw-r--r-- | ChangeLog | 9 | ||||
| -rw-r--r-- | dh.c | 4 | ||||
| -rw-r--r-- | sshd.c | 32 |
3 files changed, 17 insertions, 28 deletions
@@ -14,6 +14,13 @@ - (djm) [openbsd-compat/bsd-arc4random.c openbsd-compat/openbsd-compat.c] [configure.ac] Implement arc4random_buf(), import implementation of arc4random_uniform() from OpenBSD + - (djm) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2008/04/13 00:22:17 + [dh.c sshd.c] + Use arc4random_buf() when requesting more than a single word of output + Use arc4random_uniform() when the desired random number upper bound + is not a power of two + ok deraadt@ millert@ 20080403 - (djm) [openbsd-compat/bsd-poll.c] Include stdlib.h to avoid compile- @@ -3874,4 +3881,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4909 2008/05/19 04:47:37 djm Exp $ +$Id: ChangeLog,v 1.4910 2008/05/19 04:50:00 djm Exp $ @@ -1,4 +1,4 @@ -/* $OpenBSD: dh.c,v 1.45 2007/09/27 00:15:57 ray Exp $ */ +/* $OpenBSD: dh.c,v 1.46 2008/04/13 00:22:17 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * @@ -153,7 +153,7 @@ choose_dh(int min, int wantbits, int max) } linenum = 0; - which = arc4random() % bestcount; + which = arc4random_uniform(bestcount); while (fgets(line, sizeof(line), f)) { if (!parse_prime(linenum, line, &dhg)) continue; @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.355 2008/02/14 13:10:31 mbalmer Exp $ */ +/* $OpenBSD: sshd.c,v 1.356 2008/04/13 00:22:17 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -368,9 +368,6 @@ grace_alarm_handler(int sig) static void generate_ephemeral_server_key(void) { - u_int32_t rnd = 0; - int i; - verbose("Generating %s%d bit RSA key.", sensitive_data.server_key ? "new " : "", options.server_key_bits); if (sensitive_data.server_key != NULL) @@ -379,12 +376,7 @@ generate_ephemeral_server_key(void) options.server_key_bits); verbose("RSA key generation complete."); - for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) { - if (i % 4 == 0) - rnd = arc4random(); - sensitive_data.ssh1_cookie[i] = rnd & 0xff; - rnd >>= 8; - } + arc4random_buf(sensitive_data.ssh1_cookie, SSH_SESSION_KEY_LENGTH); arc4random_stir(); } @@ -583,16 +575,14 @@ demote_sensitive_data(void) static void privsep_preauth_child(void) { - u_int32_t rnd[256]; + u_int32_t rnd[256]; gid_t gidset[1]; - u_int i; /* Enable challenge-response authentication for privilege separation */ privsep_challenge_enable(); arc4random_stir(); - for (i = 0; i < 256; i++) - rnd[i] = arc4random(); + arc4random_buf(rnd, sizeof(rnd)); RAND_seed(rnd, sizeof(rnd)); /* Demote the private keys to public keys. */ @@ -666,7 +656,6 @@ static void privsep_postauth(Authctxt *authctxt) { u_int32_t rnd[256]; - u_int i; #ifdef DISABLE_FD_PASSING if (1) { @@ -700,8 +689,7 @@ privsep_postauth(Authctxt *authctxt) demote_sensitive_data(); arc4random_stir(); - for (i = 0; i < 256; i++) - rnd[i] = arc4random(); + arc4random_buf(rnd, sizeof(rnd)); RAND_seed(rnd, sizeof(rnd)); /* Drop privileges */ @@ -803,7 +791,7 @@ drop_connection(int startups) p *= startups - options.max_startups_begin; p /= options.max_startups - options.max_startups_begin; p += options.max_startups_rate; - r = arc4random() % 100; + r = arc4random_uniform(100); debug("drop_connection: p %d, r %d", p, r); return (r < p) ? 1 : 0; @@ -1956,7 +1944,6 @@ do_ssh1_kex(void) u_char session_key[SSH_SESSION_KEY_LENGTH]; u_char cookie[8]; u_int cipher_type, auth_mask, protocol_flags; - u_int32_t rnd = 0; /* * Generate check bytes that the client must send back in the user @@ -1967,12 +1954,7 @@ do_ssh1_kex(void) * cookie. This only affects rhosts authentication, and this is one * of the reasons why it is inherently insecure. */ - for (i = 0; i < 8; i++) { - if (i % 4 == 0) - rnd = arc4random(); - cookie[i] = rnd & 0xff; - rnd >>= 8; - } + arc4random_buf(cookie, sizeof(cookie)); /* * Send our public key. We include in the packet 64 bits of random |