Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / c30d35ce3234371c20a388d81b4bafd389d3019f^! / .
commitc30d35ce3234371c20a388d81b4bafd389d3019f[log] [tgz]
authorDamien Miller <djm@mindrot.org>Wed Aug 30 09:40:09 2000 +1100
committerDamien Miller <djm@mindrot.org>Wed Aug 30 09:40:09 2000 +1100
tree700aa922a381fa51c8334f9d09cc8481d0619db3
parent87d29ed405ce6a6aa56660c9c696f6b78a709034 [diff]
 - (djm) Periodically rekey arc4random
 - (djm) Clean up diff against OpenBSD.

diff --git a/ChangeLog b/ChangeLog
index 1fe68ed..3af34b9 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -1,5 +1,7 @@
 20000830
  - (djm) Compile warning fixes from Mark Miller <markm@swoon.net>
+ - (djm) Periodically rekey arc4random
+ - (djm) Clean up diff against OpenBSD.
 
 20000829
  - (djm) Fix ^C ignored issue on Solaris. Diagnosis from Gert 

diff --git a/bsd-arc4random.c b/bsd-arc4random.c
index 4c2f085..a1f5154 100644
--- a/bsd-arc4random.c
+++ b/bsd-arc4random.c

@@ -33,6 +33,12 @@
 
 #ifndef HAVE_ARC4RANDOM
 
+/* Size of key to use */
+#define SEED_SIZE 20
+
+/* Number of bytes to reseed after */
+#define REKEY_BYTES	(1 >> 18)
+
 static int rc4_ready = 0;
 static RC4_KEY rc4;
 
@@ -40,27 +46,30 @@
 {
 	unsigned int r = 0;
 
-	if (!rc4_ready)
+	if (rc4_ready <= 0)
 		arc4random_stir();
 	
 	RC4(&rc4, sizeof(r), (unsigned char *)&r, (unsigned char *)&r);
+
+	rc4_ready -= sizeof(r);
 	
 	return(r);
 }
 
 void arc4random_stir(void)
 {
-	unsigned char rand_buf[32];
+	unsigned char rand_buf[SEED_SIZE];
 	
 	memset(&rc4, 0, sizeof(rc4));
 
 	seed_rng();
+
 	RAND_bytes(rand_buf, sizeof(rand_buf));
 	
 	RC4_set_key(&rc4, sizeof(rand_buf), rand_buf);
 
 	memset(rand_buf, 0, sizeof(rand_buf));
 	
-	rc4_ready = 1;
+	rc4_ready = REKEY_BYTES;
 }
 #endif /* !HAVE_ARC4RANDOM */

diff --git a/key.h b/key.h
index ed3f770..53b3bfb 100644
--- a/key.h
+++ b/key.h

@@ -19,7 +19,7 @@
 char	*key_fingerprint(Key *k);
 char	*key_type(Key *k);
 int	key_write(Key *key, FILE *f);
-unsigned int
-key_read(Key *key, char **cpp);
+unsigned int	key_read(Key *key, char **cpp);
+unsigned int	key_size(Key *k);
 
 #endif

diff --git a/ssh_config b/ssh_config
index 70275b3..cb360d0 100644
--- a/ssh_config
+++ b/ssh_config

@@ -27,11 +27,5 @@
 #   IdentityFile ~/.ssh/identity
 #   Port 22
 #   Protocol 2,1
-#   Cipher 3des
+#   Cipher blowfish
 #   EscapeChar ~
-
-# Be paranoid by default
-Host *
-	ForwardAgent no
-	ForwardX11 no
-	FallBackToRsh no

diff --git a/sshd_config b/sshd_config
index a97b780..b89b19f 100644
--- a/sshd_config
+++ b/sshd_config

@@ -48,7 +48,7 @@
 #KerberosTgtPassing yes
 
 CheckMail no
-UseLogin no
+#UseLogin no
 
 #Subsystem	sftp	/usr/local/sbin/sftpd
 #MaxStartups 10:30:60