[src/trunk]: src/crypto/dist/ssh take the safest side, mandate rnd(4).

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/crypto/dist/ssh take the safest side, mandate rnd(4).
From: itojun <itojun%NetBSD.org@localhost>
Date: Fri, 24 Jan 2020 08:37:20 +0000

details:   https://anonhg.NetBSD.org/src/rev/faa842c632f5
branches:  trunk
changeset: 503801:faa842c632f5
user:      itojun <itojun%NetBSD.org@localhost>
date:      Wed Feb 14 04:46:58 2001 +0000

description:
take the safest side, mandate rnd(4).

diffstat:

 crypto/dist/ssh/random.c |  29 +++++++++++++++++++++--------
 crypto/dist/ssh/random.h |   3 ++-
 crypto/dist/ssh/sshd.c   |   3 +++
 3 files changed, 26 insertions(+), 9 deletions(-)

diffs (89 lines):

diff -r 7a8319478c8a -r faa842c632f5 crypto/dist/ssh/random.c
--- a/crypto/dist/ssh/random.c  Wed Feb 14 01:29:45 2001 +0000
+++ b/crypto/dist/ssh/random.c  Wed Feb 14 04:46:58 2001 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: random.c,v 1.3 2001/02/09 00:44:35 itojun Exp $        */
+/*     $NetBSD: random.c,v 1.4 2001/02/14 04:46:58 itojun Exp $        */
 
 /*-
  * Copyright (c) 2000 The NetBSD Foundation, Inc.
@@ -38,7 +38,7 @@
 
 #include <sys/cdefs.h>
 #ifndef lint
-__RCSID("$NetBSD: random.c,v 1.3 2001/02/09 00:44:35 itojun Exp $");
+__RCSID("$NetBSD: random.c,v 1.4 2001/02/14 04:46:58 itojun Exp $");
 #endif
 
 /*
@@ -58,9 +58,26 @@
 #include "includes.h"
 #include "pathnames.h"
 #include "random.h"
+#include "log.h"
 
 #define        BUFSIZE 32
 
+static const char *rndfail = "random number device is mandatory.  see rnd(4).";
+
+int
+arc4random_check(void)
+{
+       int fd;
+
+       fd = open(_PATH_URANDOM, O_RDONLY, 0666);
+       if (fd < 0) {
+               fatal(rndfail);
+               /*NOTREACHED*/
+       }
+       close(fd);
+       return 0;
+}
+
 void
 arc4random_stir(void)
 {
@@ -76,12 +93,8 @@
                (void) close(fd);
                memset(buf, 0, sizeof(buf));
        } else {
-               /*
-                * XXX We should stir in other environmental
-                * XXX noise, here.
-                */
-               RAND_pseudo_bytes(buf, sizeof(buf) >> 1);
-               RAND_seed(buf, sizeof(buf) >> 1);
+               fatal(rndfail);
+               /*NOTREACHED*/
        }
 }
 
diff -r 7a8319478c8a -r faa842c632f5 crypto/dist/ssh/random.h
--- a/crypto/dist/ssh/random.h  Wed Feb 14 01:29:45 2001 +0000
+++ b/crypto/dist/ssh/random.h  Wed Feb 14 04:46:58 2001 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: random.h,v 1.1 2001/02/07 17:05:33 itojun Exp $        */
+/*     $NetBSD: random.h,v 1.2 2001/02/14 04:46:58 itojun Exp $        */
 
 /*-
  * Copyright (c) 2000 The NetBSD Foundation, Inc.
@@ -36,5 +36,6 @@
  * POSSIBILITY OF SUCH DAMAGE.
  */
 
+int arc4random_check(void);
 void arc4random_stir(void);
 u_int32_t arc4random(void);
diff -r 7a8319478c8a -r faa842c632f5 crypto/dist/ssh/sshd.c
--- a/crypto/dist/ssh/sshd.c    Wed Feb 14 01:29:45 2001 +0000
+++ b/crypto/dist/ssh/sshd.c    Wed Feb 14 04:46:58 2001 +0000
@@ -556,6 +556,9 @@
        int startups = 0;
        int ret, key_used = 0;
 
+       if (arc4random_check() < 0)
+               fatal("rnd(4) is mandatory.");
+
        /* Save argv. */
        saved_argv = av;

Prev by Date: [src/trunk]: src/sys/ntfs Add per-mount filename conversion and compare hooks...
Next by Date: [src/trunk]: src/crypto/dist/ssh OpenSSH 2.3.2 as of 2001/2/14
Previous by Thread: [src/trunk]: src/sys/ntfs Add per-mount filename conversion and compare hooks...
Next by Thread: [src/trunk]: src/crypto/dist/ssh OpenSSH 2.3.2 as of 2001/2/14
Indexes:

Home | Main Index | Thread Index | Old Index