From 10fa00c8476a5b1eb72a7097dbcdf16f00f4c7e9 Mon Sep 17 00:00:00 2001
From: djm <djm>
Date: Tue, 29 Aug 2000 22:40:09 +0000
Subject: [PATCH]  - (djm) Periodically rekey arc4random  - (djm) Clean up diff
 against OpenBSD.

---
 ChangeLog        |  2 ++
 bsd-arc4random.c | 15 ++++++++++++---
 key.h            |  4 ++--
 ssh_config       |  8 +-------
 sshd_config      |  2 +-
 5 files changed, 18 insertions(+), 13 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 1fe68ed6..3af34b9b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,7 @@
 20000830
  - (djm) Compile warning fixes from Mark Miller <markm@swoon.net>
+ - (djm) Periodically rekey arc4random
+ - (djm) Clean up diff against OpenBSD.
 
 20000829
  - (djm) Fix ^C ignored issue on Solaris. Diagnosis from Gert 
diff --git a/bsd-arc4random.c b/bsd-arc4random.c
index 4c2f0854..a1f51546 100644
--- a/bsd-arc4random.c
+++ b/bsd-arc4random.c
@@ -33,6 +33,12 @@
 
 #ifndef HAVE_ARC4RANDOM
 
+/* Size of key to use */
+#define SEED_SIZE 20
+
+/* Number of bytes to reseed after */
+#define REKEY_BYTES	(1 >> 18)
+
 static int rc4_ready = 0;
 static RC4_KEY rc4;
 
@@ -40,27 +46,30 @@ unsigned int arc4random(void)
 {
 	unsigned int r = 0;
 
-	if (!rc4_ready)
+	if (rc4_ready <= 0)
 		arc4random_stir();
 	
 	RC4(&rc4, sizeof(r), (unsigned char *)&r, (unsigned char *)&r);
+
+	rc4_ready -= sizeof(r);
 	
 	return(r);
 }
 
 void arc4random_stir(void)
 {
-	unsigned char rand_buf[32];
+	unsigned char rand_buf[SEED_SIZE];
 	
 	memset(&rc4, 0, sizeof(rc4));
 
 	seed_rng();
+
 	RAND_bytes(rand_buf, sizeof(rand_buf));
 	
 	RC4_set_key(&rc4, sizeof(rand_buf), rand_buf);
 
 	memset(rand_buf, 0, sizeof(rand_buf));
 	
-	rc4_ready = 1;
+	rc4_ready = REKEY_BYTES;
 }
 #endif /* !HAVE_ARC4RANDOM */
diff --git a/key.h b/key.h
index ed3f770b..53b3bfb2 100644
--- a/key.h
+++ b/key.h
@@ -19,7 +19,7 @@ int	key_equal(Key *a, Key *b);
 char	*key_fingerprint(Key *k);
 char	*key_type(Key *k);
 int	key_write(Key *key, FILE *f);
-unsigned int
-key_read(Key *key, char **cpp);
+unsigned int	key_read(Key *key, char **cpp);
+unsigned int	key_size(Key *k);
 
 #endif
diff --git a/ssh_config b/ssh_config
index 70275b39..cb360d04 100644
--- a/ssh_config
+++ b/ssh_config
@@ -27,11 +27,5 @@
 #   IdentityFile ~/.ssh/identity
 #   Port 22
 #   Protocol 2,1
-#   Cipher 3des
+#   Cipher blowfish
 #   EscapeChar ~
-
-# Be paranoid by default
-Host *
-	ForwardAgent no
-	ForwardX11 no
-	FallBackToRsh no
diff --git a/sshd_config b/sshd_config
index a97b780e..b89b19fc 100644
--- a/sshd_config
+++ b/sshd_config
@@ -48,7 +48,7 @@ PermitEmptyPasswords no
 #KerberosTgtPassing yes
 
 CheckMail no
-UseLogin no
+#UseLogin no
 
 #Subsystem	sftp	/usr/local/sbin/sftpd
 #MaxStartups 10:30:60
-- 
2.45.1