mirror of git://anongit.mindrot.org/openssh.git
- djm@cvs.openbsd.org 2013/08/22 19:02:21
[sshd.c] Stir PRNG after post-accept fork. The child gets a different PRNG state anyway via rexec and explicit privsep reseeds, but it's good to be sure. ok markus@
This commit is contained in:
parent
ed4af412da
commit
045bda5cb8
|
@ -1,3 +1,11 @@
|
||||||
|
20130914
|
||||||
|
- (djm) OpenBSD CVS Sync
|
||||||
|
- djm@cvs.openbsd.org 2013/08/22 19:02:21
|
||||||
|
[sshd.c]
|
||||||
|
Stir PRNG after post-accept fork. The child gets a different PRNG state
|
||||||
|
anyway via rexec and explicit privsep reseeds, but it's good to be sure.
|
||||||
|
ok markus@
|
||||||
|
|
||||||
20130828
|
20130828
|
||||||
- (djm) [openbsd-compat/bsd-snprintf.c] teach our local snprintf code the
|
- (djm) [openbsd-compat/bsd-snprintf.c] teach our local snprintf code the
|
||||||
'j' (intmax_t/uintmax_t) and 'z' (size_t/ssize_t) conversions in case we
|
'j' (intmax_t/uintmax_t) and 'z' (size_t/ssize_t) conversions in case we
|
||||||
|
|
8
sshd.c
8
sshd.c
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: sshd.c,v 1.404 2013/07/19 07:37:48 markus Exp $ */
|
/* $OpenBSD: sshd.c,v 1.405 2013/08/22 19:02:21 djm Exp $ */
|
||||||
/*
|
/*
|
||||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||||
|
@ -613,6 +613,7 @@ privsep_preauth_child(void)
|
||||||
arc4random_stir();
|
arc4random_stir();
|
||||||
arc4random_buf(rnd, sizeof(rnd));
|
arc4random_buf(rnd, sizeof(rnd));
|
||||||
RAND_seed(rnd, sizeof(rnd));
|
RAND_seed(rnd, sizeof(rnd));
|
||||||
|
bzero(rnd, sizeof(rnd));
|
||||||
|
|
||||||
/* Demote the private keys to public keys. */
|
/* Demote the private keys to public keys. */
|
||||||
demote_sensitive_data();
|
demote_sensitive_data();
|
||||||
|
@ -747,6 +748,7 @@ privsep_postauth(Authctxt *authctxt)
|
||||||
arc4random_stir();
|
arc4random_stir();
|
||||||
arc4random_buf(rnd, sizeof(rnd));
|
arc4random_buf(rnd, sizeof(rnd));
|
||||||
RAND_seed(rnd, sizeof(rnd));
|
RAND_seed(rnd, sizeof(rnd));
|
||||||
|
bzero(rnd, sizeof(rnd));
|
||||||
|
|
||||||
/* Drop privileges */
|
/* Drop privileges */
|
||||||
do_setusercontext(authctxt->pw);
|
do_setusercontext(authctxt->pw);
|
||||||
|
@ -1139,6 +1141,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
|
||||||
struct sockaddr_storage from;
|
struct sockaddr_storage from;
|
||||||
socklen_t fromlen;
|
socklen_t fromlen;
|
||||||
pid_t pid;
|
pid_t pid;
|
||||||
|
u_char rnd[256];
|
||||||
|
|
||||||
/* setup fd set for accept */
|
/* setup fd set for accept */
|
||||||
fdset = NULL;
|
fdset = NULL;
|
||||||
|
@ -1339,6 +1342,9 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
|
||||||
* from that of the child
|
* from that of the child
|
||||||
*/
|
*/
|
||||||
arc4random_stir();
|
arc4random_stir();
|
||||||
|
arc4random_buf(rnd, sizeof(rnd));
|
||||||
|
RAND_seed(rnd, sizeof(rnd));
|
||||||
|
bzero(rnd, sizeof(rnd));
|
||||||
}
|
}
|
||||||
|
|
||||||
/* child process check (or debug mode) */
|
/* child process check (or debug mode) */
|
||||||
|
|
Loading…
Reference in New Issue