зеркало из https://github.com/Azure/sonic-openssh.git
- (dtucker) [entropy.c entropy.h sshd.c] Pass RNG seed to the reexec'ed
process when sshd relies on ssh-random-helper. Should result in faster logins on systems without a real random device or prngd. ok djm@
This commit is contained in:
Родитель
f1377bdeed
Коммит
c6f8219e0d
|
@ -1,6 +1,9 @@
|
|||
20050927
|
||||
- (dtucker) [entropy.c] Remove unnecessary tests for getuid and geteuid
|
||||
calls, since they can't possibly fail. ok djm@
|
||||
- (dtucker) [entropy.c entropy.h sshd.c] Pass RNG seed to the reexec'ed
|
||||
process when sshd relies on ssh-random-helper. Should result in faster
|
||||
logins on systems without a real random device or prngd. ok djm@
|
||||
|
||||
20050924
|
||||
- (dtucker) [auth2.c] Move start_pam() calls out of if-else block to remove
|
||||
|
@ -3017,4 +3020,4 @@
|
|||
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
|
||||
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
|
||||
|
||||
$Id: ChangeLog,v 1.3895 2005/09/27 09:50:25 dtucker Exp $
|
||||
$Id: ChangeLog,v 1.3896 2005/09/27 12:46:32 dtucker Exp $
|
||||
|
|
32
entropy.c
32
entropy.c
|
@ -26,6 +26,7 @@
|
|||
|
||||
#include <openssl/rand.h>
|
||||
#include <openssl/crypto.h>
|
||||
#include <openssl/err.h>
|
||||
|
||||
#include "ssh.h"
|
||||
#include "misc.h"
|
||||
|
@ -33,6 +34,8 @@
|
|||
#include "atomicio.h"
|
||||
#include "pathnames.h"
|
||||
#include "log.h"
|
||||
#include "buffer.h"
|
||||
#include "bufaux.h"
|
||||
|
||||
/*
|
||||
* Portable OpenSSH PRNG seeding:
|
||||
|
@ -45,7 +48,7 @@
|
|||
* XXX: we should tell the child how many bytes we need.
|
||||
*/
|
||||
|
||||
RCSID("$Id: entropy.c,v 1.50 2005/09/27 09:50:25 dtucker Exp $");
|
||||
RCSID("$Id: entropy.c,v 1.51 2005/09/27 12:46:32 dtucker Exp $");
|
||||
|
||||
#ifndef OPENSSL_PRNG_ONLY
|
||||
#define RANDOM_SEED_SIZE 48
|
||||
|
@ -150,3 +153,30 @@ init_rng(void)
|
|||
#endif
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_PRNG_ONLY
|
||||
void
|
||||
rexec_send_rng_seed(Buffer *m)
|
||||
{
|
||||
u_char buf[RANDOM_SEED_SIZE];
|
||||
|
||||
if (RAND_bytes(buf, sizeof(buf)) <= 0) {
|
||||
error("Couldn't obtain random bytes (error %ld)",
|
||||
ERR_get_error());
|
||||
buffer_put_string(m, "", 0);
|
||||
} else
|
||||
buffer_put_string(m, buf, sizeof(buf));
|
||||
}
|
||||
|
||||
void
|
||||
rexec_recv_rng_seed(Buffer *m)
|
||||
{
|
||||
char *buf;
|
||||
u_int len;
|
||||
|
||||
buf = buffer_get_string_ret(m, &len);
|
||||
if (buf != NULL) {
|
||||
debug3("rexec_recv_rng_seed: seeding rng with %u bytes", len);
|
||||
RAND_add(buf, len, len);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
|
|
@ -22,12 +22,17 @@
|
|||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
/* $Id: entropy.h,v 1.4 2001/02/09 01:55:36 djm Exp $ */
|
||||
/* $Id: entropy.h,v 1.5 2005/09/27 12:46:32 dtucker Exp $ */
|
||||
|
||||
#ifndef _RANDOMS_H
|
||||
#define _RANDOMS_H
|
||||
|
||||
#include "buffer.h"
|
||||
|
||||
void seed_rng(void);
|
||||
void init_rng(void);
|
||||
|
||||
void rexec_send_rng_seed(Buffer *);
|
||||
void rexec_recv_rng_seed(Buffer *);
|
||||
|
||||
#endif /* _RANDOMS_H */
|
||||
|
|
14
sshd.c
14
sshd.c
|
@ -800,6 +800,7 @@ send_rexec_state(int fd, Buffer *conf)
|
|||
* bignum iqmp "
|
||||
* bignum p "
|
||||
* bignum q "
|
||||
* string rngseed (only if OpenSSL is not self-seeded)
|
||||
*/
|
||||
buffer_init(&m);
|
||||
buffer_put_cstring(&m, buffer_ptr(conf));
|
||||
|
@ -816,6 +817,10 @@ send_rexec_state(int fd, Buffer *conf)
|
|||
} else
|
||||
buffer_put_int(&m, 0);
|
||||
|
||||
#ifndef OPENSSL_PRNG_ONLY
|
||||
rexec_send_rng_seed(&m);
|
||||
#endif
|
||||
|
||||
if (ssh_msg_send(fd, 0, &m) == -1)
|
||||
fatal("%s: ssh_msg_send failed", __func__);
|
||||
|
||||
|
@ -858,6 +863,11 @@ recv_rexec_state(int fd, Buffer *conf)
|
|||
rsa_generate_additional_parameters(
|
||||
sensitive_data.server_key->rsa);
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_PRNG_ONLY
|
||||
rexec_recv_rng_seed(&m);
|
||||
#endif
|
||||
|
||||
buffer_free(&m);
|
||||
|
||||
debug3("%s: done", __func__);
|
||||
|
@ -1051,8 +1061,6 @@ main(int ac, char **av)
|
|||
drop_cray_privs();
|
||||
#endif
|
||||
|
||||
seed_rng();
|
||||
|
||||
sensitive_data.server_key = NULL;
|
||||
sensitive_data.ssh1_host_key = NULL;
|
||||
sensitive_data.have_ssh1_key = 0;
|
||||
|
@ -1071,6 +1079,8 @@ main(int ac, char **av)
|
|||
if (!rexec_flag)
|
||||
buffer_free(&cfg);
|
||||
|
||||
seed_rng();
|
||||
|
||||
/* Fill in default values for those options not explicitly set. */
|
||||
fill_default_server_options(&options);
|
||||
|
||||
|
|
Загрузка…
Ссылка в новой задаче