diff options
| author | Damien Miller <djm@mindrot.org> | 2000-01-29 20:40:22 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2000-01-29 20:40:22 +1100 |
| commit | f07390e90da683fecbf55849a3cee6dc9b79a3e3 (patch) | |
| tree | c9c7ad28557e08ff024da1e9a5302fc78d4de4f7 | |
| parent | 4e61b79d5bcb3c5ac3014fe55be55214e23b2927 (diff) | |
- Seed OpenSSL's random number generator before generating RSA keypairs
- Split random collector into seperate file
| -rw-r--r-- | ChangeLog | 4 | ||||
| -rw-r--r-- | Makefile.in | 2 | ||||
| -rw-r--r-- | bsd-misc.c | 62 | ||||
| -rw-r--r-- | rsa.c | 22 | ||||
| -rw-r--r-- | rsa.h | 4 |
5 files changed, 29 insertions, 65 deletions
@@ -1,3 +1,7 @@ +20000127 + - Seed OpenSSL's random number generator before generating RSA keypairs + - Split random collector into seperate file + 20000126 - Released 1.2.2 stable diff --git a/Makefile.in b/Makefile.in index 1c917e70..7be35784 100644 --- a/Makefile.in +++ b/Makefile.in @@ -34,7 +34,7 @@ GNOME_LIBS=`gnome-config --libs gnome gnomeui` TARGETS=ssh sshd ssh-add ssh-keygen ssh-agent scp $(EXTRA_TARGETS) -LIBOBJS= atomicio.o authfd.o authfile.o bsd-bindresvport.o bsd-daemon.o bsd-misc.o bsd-mktemp.o bsd-rresvport.o bsd-snprintf.o bsd-strlcat.o bsd-strlcpy.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o fake-getaddrinfo.o fake-getnameinfo.o fingerprint.o hostfile.o log.o match.o mpaux.o nchan.o packet.o radix.o readpass.o rsa.o tildexpand.o ttymodes.o uidswap.o xmalloc.o +LIBOBJS= atomicio.o authfd.o authfile.o bsd-bindresvport.o bsd-daemon.o bsd-misc.o bsd-mktemp.o bsd-rresvport.o bsd-snprintf.o bsd-strlcat.o bsd-strlcpy.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o fake-getaddrinfo.o fake-getnameinfo.o fingerprint.o hostfile.o log.o match.o mpaux.o nchan.o packet.o radix.o random.o readpass.o rsa.o tildexpand.o ttymodes.o uidswap.o xmalloc.o SSHOBJS= ssh.o sshconnect.o log-client.o readconf.o clientloop.o @@ -44,8 +44,6 @@ #include <sys/types.h> #include <sys/stat.h> -#include <sys/socket.h> -#include <sys/un.h> #include <fcntl.h> #ifdef HAVE_STDDEF_H #include <stddef.h> @@ -54,10 +52,7 @@ #include "xmalloc.h" #include "ssh.h" #include "bsd-misc.h" - -#ifndef offsetof -#define offsetof(type, member) ((size_t) &((type *)0)->member) -#endif +#include "random.h" #ifndef HAVE_ARC4RANDOM @@ -68,7 +63,6 @@ typedef struct int j; } rc4_t; -void get_random_bytes(unsigned char *buf, int len); void rc4_key(rc4_t *r, unsigned char *key, int len); void rc4_getbytes(rc4_t *r, unsigned char *buffer, int len); @@ -134,59 +128,7 @@ void arc4random_stir(void) get_random_bytes(rand_buf, sizeof(rand_buf)); rc4_key(rc4, rand_buf, sizeof(rand_buf)); -} - -void get_random_bytes(unsigned char *buf, int len) -{ - static int random_pool; - int c; -#ifdef HAVE_EGD - char egd_message[2] = { 0x02, 0x00 }; - struct sockaddr_un addr; - int addr_len; - - memset(&addr, '\0', sizeof(addr)); - addr.sun_family = AF_UNIX; - - /* FIXME: compile time check? */ - if (sizeof(RANDOM_POOL) > sizeof(addr.sun_path)) - fatal("Random pool path is too long"); - - strcpy(addr.sun_path, RANDOM_POOL); - - addr_len = offsetof(struct sockaddr_un, sun_path) + sizeof(RANDOM_POOL); - - random_pool = socket(AF_UNIX, SOCK_STREAM, 0); - - if (random_pool == -1) - fatal("Couldn't create AF_UNIX socket: %s", strerror(errno)); - - if (connect(random_pool, (struct sockaddr*)&addr, addr_len) == -1) - fatal("Couldn't connect to EGD socket \"%s\": %s", addr.sun_path, strerror(errno)); - - if (len > 255) - fatal("Too many bytes to read from EGD"); - - /* Send blocking read request to EGD */ - egd_message[1] = len; - - c = atomicio(write, random_pool, egd_message, sizeof(egd_message)); - if (c == -1) - fatal("Couldn't write to EGD socket \"%s\": %s", RANDOM_POOL, strerror(errno)); - -#else /* HAVE_EGD */ - - random_pool = open(RANDOM_POOL, O_RDONLY); - if (random_pool == -1) - fatal("Couldn't open random pool \"%s\": %s", RANDOM_POOL, strerror(errno)); - -#endif /* HAVE_EGD */ - - c = atomicio(read, random_pool, buf, len); - if (c <= 0) - fatal("Couldn't read from random pool \"%s\": %s", RANDOM_POOL, strerror(errno)); - - close(random_pool); + memset(rand_buf, 0, sizeof(rand_buf)); } #endif /* !HAVE_ARC4RANDOM */ @@ -35,11 +35,12 @@ */ #include "includes.h" -RCSID("$Id: rsa.c,v 1.6 1999/12/17 03:02:47 damien Exp $"); +RCSID("$Id: rsa.c,v 1.7 2000/01/29 09:40:22 damien Exp $"); #include "rsa.h" #include "ssh.h" #include "xmalloc.h" +#include "random.h" int rsa_verbose = 1; @@ -64,13 +65,26 @@ keygen_progress(int p, int n, void *arg) const char progress_chars[] = ".o+O?"; if ((p < 0) || (p > (sizeof(progress_chars) - 2))) - p = 4; + p = sizeof(progress_chars) - 2; - printf("%c", progress_chars[p]); + putchar(progress_chars[p]); fflush(stdout); } /* + * Seed OpenSSL's random number generator + */ +void +seed_rng() +{ + char buf[32]; + + get_random_bytes(buf, sizeof(buf)); + RAND_seed(buf, sizeof(buf)); + memset(buf, 0, sizeof(buf)); +} + +/* * Generates RSA public and private keys. This initializes the data * structures; they should be freed with rsa_clear_private_key and * rsa_clear_public_key. @@ -81,6 +95,8 @@ rsa_generate_key(RSA *prv, RSA *pub, unsigned int bits) { RSA *key; + seed_rng(); + if (rsa_verbose) { printf("Generating RSA keys: "); fflush(stdout); @@ -13,7 +13,7 @@ * */ -/* RCSID("$Id: rsa.h,v 1.5 1999/11/25 00:54:59 damien Exp $"); */ +/* RCSID("$Id: rsa.h,v 1.6 2000/01/29 09:40:22 damien Exp $"); */ #ifndef RSA_H #define RSA_H @@ -23,11 +23,13 @@ #ifdef HAVE_OPENSSL #include <openssl/bn.h> #include <openssl/rsa.h> +#include <openssl/rand.h> #endif #ifdef HAVE_SSL #include <ssl/bn.h> #include <ssl/rsa.h> +#include <ssl/rand.h> #endif /* Calls SSL RSA_generate_key, only copies to prv and pub */ |