-/* $OpenBSD: sshd.c,v 1.355 2008/02/14 13:10:31 mbalmer Exp $ */
+/* $OpenBSD: sshd.c,v 1.356 2008/04/13 00:22:17 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
static void
generate_ephemeral_server_key(void)
{
- u_int32_t rnd = 0;
- int i;
-
verbose("Generating %s%d bit RSA key.",
sensitive_data.server_key ? "new " : "", options.server_key_bits);
if (sensitive_data.server_key != NULL)
options.server_key_bits);
verbose("RSA key generation complete.");
- for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) {
- if (i % 4 == 0)
- rnd = arc4random();
- sensitive_data.ssh1_cookie[i] = rnd & 0xff;
- rnd >>= 8;
- }
+ arc4random_buf(sensitive_data.ssh1_cookie, SSH_SESSION_KEY_LENGTH);
arc4random_stir();
}
static void
privsep_preauth_child(void)
{
- u_int32_t rnd[256];
+ u_int32_t rnd[256];
gid_t gidset[1];
- u_int i;
/* Enable challenge-response authentication for privilege separation */
privsep_challenge_enable();
arc4random_stir();
- for (i = 0; i < 256; i++)
- rnd[i] = arc4random();
+ arc4random_buf(rnd, sizeof(rnd));
RAND_seed(rnd, sizeof(rnd));
/* Demote the private keys to public keys. */
privsep_postauth(Authctxt *authctxt)
{
u_int32_t rnd[256];
- u_int i;
#ifdef DISABLE_FD_PASSING
if (1) {
demote_sensitive_data();
arc4random_stir();
- for (i = 0; i < 256; i++)
- rnd[i] = arc4random();
+ arc4random_buf(rnd, sizeof(rnd));
RAND_seed(rnd, sizeof(rnd));
/* Drop privileges */
p *= startups - options.max_startups_begin;
p /= options.max_startups - options.max_startups_begin;
p += options.max_startups_rate;
- r = arc4random() % 100;
+ r = arc4random_uniform(100);
debug("drop_connection: p %d, r %d", p, r);
return (r < p) ? 1 : 0;
u_char session_key[SSH_SESSION_KEY_LENGTH];
u_char cookie[8];
u_int cipher_type, auth_mask, protocol_flags;
- u_int32_t rnd = 0;
/*
* Generate check bytes that the client must send back in the user
* cookie. This only affects rhosts authentication, and this is one
* of the reasons why it is inherently insecure.
*/
- for (i = 0; i < 8; i++) {
- if (i % 4 == 0)
- rnd = arc4random();
- cookie[i] = rnd & 0xff;
- rnd >>= 8;
- }
+ arc4random_buf(cookie, sizeof(cookie));
/*
* Send our public key. We include in the packet 64 bits of random