[openssh-commits] [openssh] 02/03: upstream commit
git+noreply at mindrot.org
git+noreply at mindrot.org
Wed Sep 21 11:04:11 AEST 2016
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
commit 492710894acfcc2f173d14d1d45bd2e688df605d
Author: natano at openbsd.org <natano at openbsd.org>
Date: Mon Sep 19 07:52:42 2016 +0000
upstream commit
Replace two more arc4random() loops with
arc4random_buf().
tweaks and ok dtucker
ok deraadt
Upstream-ID: 738d3229130ccc7eac975c190276ca6fcf0208e4
---
channels.c | 18 +++++++-----------
sshconnect1.c | 10 ++--------
2 files changed, 9 insertions(+), 19 deletions(-)
diff --git a/channels.c b/channels.c
index 241aa3c..5d8c2a0 100644
--- a/channels.c
+++ b/channels.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.c,v 1.352 2016/09/12 01:22:38 deraadt Exp $ */
+/* $OpenBSD: channels.c,v 1.353 2016/09/19 07:52:42 natano Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -4215,7 +4215,6 @@ x11_request_forwarding_with_spoofing(int client_session_id, const char *disp,
char *new_data;
int screen_number;
const char *cp;
- u_int32_t rnd = 0;
if (x11_saved_display == NULL)
x11_saved_display = xstrdup(disp);
@@ -4236,23 +4235,20 @@ x11_request_forwarding_with_spoofing(int client_session_id, const char *disp,
if (x11_saved_proto == NULL) {
/* Save protocol name. */
x11_saved_proto = xstrdup(proto);
- /*
- * Extract real authentication data and generate fake data
- * of the same length.
- */
+
+ /* Extract real authentication data. */
x11_saved_data = xmalloc(data_len);
- x11_fake_data = xmalloc(data_len);
for (i = 0; i < data_len; i++) {
if (sscanf(data + 2 * i, "%2x", &value) != 1)
fatal("x11_request_forwarding: bad "
"authentication data: %.100s", data);
- if (i % 4 == 0)
- rnd = arc4random();
x11_saved_data[i] = value;
- x11_fake_data[i] = rnd & 0xff;
- rnd >>= 8;
}
x11_saved_data_len = data_len;
+
+ /* Generate fake data of the same length. */
+ x11_fake_data = xmalloc(data_len);
+ arc4random_buf(x11_fake_data, data_len);
x11_fake_data_len = data_len;
}
diff --git a/sshconnect1.c b/sshconnect1.c
index bfc523b..a045361 100644
--- a/sshconnect1.c
+++ b/sshconnect1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect1.c,v 1.78 2015/11/15 22:26:49 jcs Exp $ */
+/* $OpenBSD: sshconnect1.c,v 1.79 2016/09/19 07:52:42 natano Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -509,7 +509,6 @@ ssh_kex(char *host, struct sockaddr *hostaddr)
u_char cookie[8];
u_int supported_ciphers;
u_int server_flags, client_flags;
- u_int32_t rnd = 0;
debug("Waiting for server public key.");
@@ -568,12 +567,7 @@ ssh_kex(char *host, struct sockaddr *hostaddr)
* random number, interpreted as a 32-byte key, with the least
* significant 8 bits being the first byte of the key.
*/
- for (i = 0; i < 32; i++) {
- if (i % 4 == 0)
- rnd = arc4random();
- session_key[i] = rnd & 0xff;
- rnd >>= 8;
- }
+ arc4random_buf(session_key, sizeof(session_key));
/*
* According to the protocol spec, the first byte of the session key
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list