]> andersk Git - openssh.git/commitdiff
andersk / openssh.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0b65b62)
- (djm) Periodically rekey arc4random
authordjm <djm>
Tue, 29 Aug 2000 22:40:09 +0000 (22:40 +0000)
committerdjm <djm>
Tue, 29 Aug 2000 22:40:09 +0000 (22:40 +0000)
 - (djm) Clean up diff against OpenBSD.

ChangeLog patch | blob | blame | history
bsd-arc4random.c patch | blob | blame | history
key.h patch | blob | blame | history
ssh_config patch | blob | blame | history
sshd_config patch | blob | blame | history

diff --git a/ChangeLog b/ChangeLog
index 1fe68ed61135b1f648ac26f4e1f6cd83fe98e326..3af34b9ba1c900d2ed0dbe90f423ede04ad36ceb 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,7 @@
 20000830
  - (djm) Compile warning fixes from Mark Miller <markm@swoon.net>
+ - (djm) Periodically rekey arc4random
+ - (djm) Clean up diff against OpenBSD.
 
 20000829
  - (djm) Fix ^C ignored issue on Solaris. Diagnosis from Gert 
diff --git a/bsd-arc4random.c b/bsd-arc4random.c
index 4c2f0854fee281b911e05e9c01481ff60b508a80..a1f5154613110bf7bc8e07e52401529d4b90ab49 100644 (file)
--- a/bsd-arc4random.c
+++ b/bsd-arc4random.c
@@ -33,6 +33,12 @@
 
 #ifndef HAVE_ARC4RANDOM
 
+/* Size of key to use */
+#define SEED_SIZE 20
+
+/* Number of bytes to reseed after */
+#define REKEY_BYTES    (1 >> 18)
+
 static int rc4_ready = 0;
 static RC4_KEY rc4;
 
@@ -40,27 +46,30 @@ unsigned int arc4random(void)
 {
        unsigned int r = 0;
 
-       if (!rc4_ready)
+       if (rc4_ready <= 0)
                arc4random_stir();
        
        RC4(&rc4, sizeof(r), (unsigned char *)&r, (unsigned char *)&r);
+
+       rc4_ready -= sizeof(r);
        
        return(r);
 }
 
 void arc4random_stir(void)
 {
-       unsigned char rand_buf[32];
+       unsigned char rand_buf[SEED_SIZE];
        
        memset(&rc4, 0, sizeof(rc4));
 
        seed_rng();
+
        RAND_bytes(rand_buf, sizeof(rand_buf));
        
        RC4_set_key(&rc4, sizeof(rand_buf), rand_buf);
 
        memset(rand_buf, 0, sizeof(rand_buf));
        
-       rc4_ready = 1;
+       rc4_ready = REKEY_BYTES;
 }
 #endif /* !HAVE_ARC4RANDOM */
diff --git a/key.h b/key.h
index ed3f770b8be91205c55a7761ef4ff06014f0537b..53b3bfb26fdaefebf76fa2f5a7e0247e0c49f43f 100644 (file)
--- a/key.h
+++ b/key.h
@@ -19,7 +19,7 @@ int   key_equal(Key *a, Key *b);
 char   *key_fingerprint(Key *k);
 char   *key_type(Key *k);
 int    key_write(Key *key, FILE *f);
-unsigned int
-key_read(Key *key, char **cpp);
+unsigned int   key_read(Key *key, char **cpp);
+unsigned int   key_size(Key *k);
 
 #endif
diff --git a/ssh_config b/ssh_config
index 70275b392c88076e9293e2b33d712dbca0b29068..cb360d04b597449ad9040edee53e10eba338195f 100644 (file)
--- a/ssh_config
+++ b/ssh_config
@@ -27,11 +27,5 @@
 #   IdentityFile ~/.ssh/identity
 #   Port 22
 #   Protocol 2,1
-#   Cipher 3des
+#   Cipher blowfish
 #   EscapeChar ~
-
-# Be paranoid by default
-Host *
-       ForwardAgent no
-       ForwardX11 no
-       FallBackToRsh no
diff --git a/sshd_config b/sshd_config
index a97b780e809f8c45b2443bda1c63546756265e12..b89b19fc8e6fdff6f3edf2897ffb3c7670c41acb 100644 (file)
--- a/sshd_config
+++ b/sshd_config
@@ -48,7 +48,7 @@ PermitEmptyPasswords no
 #KerberosTgtPassing yes
 
 CheckMail no
-UseLogin no
+#UseLogin no
 
 #Subsystem     sftp    /usr/local/sbin/sftpd
 #MaxStartups 10:30:60
git-cvsimport mirror of OpenSSH
This page took 2.437402 seconds and 5 git commands to generate.