- (djm) Periodically rekey arc4random

- (djm) Clean up diff against OpenBSD.

ChangeLog

@@ -1,5 +1,7 @@
 20000830
  - (djm) Compile warning fixes from Mark Miller <markm@swoon.net>
+ - (djm) Periodically rekey arc4random
+ - (djm) Clean up diff against OpenBSD.
 
 20000829
  - (djm) Fix ^C ignored issue on Solaris. Diagnosis from Gert 

bsd-arc4random.c

@@ -33,6 +33,12 @@
 
 #ifndef HAVE_ARC4RANDOM
 
+/* Size of key to use */
+#define SEED_SIZE 20
+
+/* Number of bytes to reseed after */
+#define REKEY_BYTES	(1 >> 18)
+
 static int rc4_ready = 0;
 static RC4_KEY rc4;
 
@@ -40,27 +46,30 @@ unsigned int arc4random(void)
 {
 	unsigned int r = 0;
 
-	if (!rc4_ready)
+	if (rc4_ready <= 0)
 		arc4random_stir();
 	
 	RC4(&rc4, sizeof(r), (unsigned char *)&r, (unsigned char *)&r);
+
+	rc4_ready -= sizeof(r);
 	
 	return(r);
 }
 
 void arc4random_stir(void)
 {
-	unsigned char rand_buf[32];
+	unsigned char rand_buf[SEED_SIZE];
 	
 	memset(&rc4, 0, sizeof(rc4));
 
 	seed_rng();
+
 	RAND_bytes(rand_buf, sizeof(rand_buf));
 	
 	RC4_set_key(&rc4, sizeof(rand_buf), rand_buf);
 
 	memset(rand_buf, 0, sizeof(rand_buf));
 	
-	rc4_ready = 1;
+	rc4_ready = REKEY_BYTES;
 }
 #endif /* !HAVE_ARC4RANDOM */

key.h

@@ -19,7 +19,7 @@ int	key_equal(Key *a, Key *b);
 char	*key_fingerprint(Key *k);
 char	*key_type(Key *k);
 int	key_write(Key *key, FILE *f);
-unsigned int
-key_read(Key *key, char **cpp);
+unsigned int	key_read(Key *key, char **cpp);
+unsigned int	key_size(Key *k);
 
 #endif

ssh_config

@@ -27,11 +27,5 @@
 #   IdentityFile ~/.ssh/identity
 #   Port 22
 #   Protocol 2,1
-#   Cipher 3des
+#   Cipher blowfish
 #   EscapeChar ~
-
-# Be paranoid by default
-Host *
-	ForwardAgent no
-	ForwardX11 no
-	FallBackToRsh no

sshd_config

@@ -48,7 +48,7 @@ PermitEmptyPasswords no
 #KerberosTgtPassing yes
 
 CheckMail no
-UseLogin no
+#UseLogin no
 
 #Subsystem	sftp	/usr/local/sbin/sftpd
 #MaxStartups 10:30:60