[openssh-commits] [openssh] 01/01: Remove seed passing over reexec.
git+noreply at mindrot.org
git+noreply at mindrot.org
Thu Nov 10 13:13:38 AEDT 2022
This is an automated email from the git hooks/post-receive script.
dtucker pushed a commit to branch master
in repository openssh.
commit 5372db7e7985ba2c00f20fdff8942145ca99e033
Author: Darren Tucker <dtucker at dtucker.net>
Date: Thu Nov 10 12:44:51 2022 +1100
Remove seed passing over reexec.
This was added for the benefit of platforms using ssh-rand-helper to
prevent a delay on each connection as sshd reseeded itself.
ssh-random-helper is long gone, and since the re-exec happens before the
chroot the re-execed sshd can reseed itself normally. ok djm@
---
entropy.c | 34 ----------------------------------
sshd.c | 8 --------
2 files changed, 42 deletions(-)
diff --git a/entropy.c b/entropy.c
index a4088e43..842c66fd 100644
--- a/entropy.c
+++ b/entropy.c
@@ -57,40 +57,6 @@
* /dev/random), then collect RANDOM_SEED_SIZE bytes of randomness from
* PRNGd.
*/
-#ifndef OPENSSL_PRNG_ONLY
-
-void
-rexec_send_rng_seed(struct sshbuf *m)
-{
- u_char buf[RANDOM_SEED_SIZE];
- size_t len = sizeof(buf);
- int r;
-
- if (RAND_bytes(buf, sizeof(buf)) <= 0) {
- error("Couldn't obtain random bytes (error %ld)",
- ERR_get_error());
- len = 0;
- }
- if ((r = sshbuf_put_string(m, buf, len)) != 0)
- fatal("%s: buffer error: %s", __func__, ssh_err(r));
- explicit_bzero(buf, sizeof(buf));
-}
-
-void
-rexec_recv_rng_seed(struct sshbuf *m)
-{
- const u_char *buf = NULL;
- size_t len = 0;
- int r;
-
- if ((r = sshbuf_get_string_direct(m, &buf, &len)) != 0)
- fatal("%s: buffer error: %s", __func__, ssh_err(r));
-
- debug3("rexec_recv_rng_seed: seeding rng with %lu bytes",
- (unsigned long)len);
- RAND_add(buf, len, len);
-}
-#endif /* OPENSSL_PRNG_ONLY */
void
seed_rng(void)
diff --git a/sshd.c b/sshd.c
index 808d91ef..d5e6a133 100644
--- a/sshd.c
+++ b/sshd.c
@@ -937,14 +937,10 @@ send_rexec_state(int fd, struct sshbuf *conf)
* string filename
* string contents
* }
- * string rng_seed (if required)
*/
if ((r = sshbuf_put_stringb(m, conf)) != 0 ||
(r = sshbuf_put_stringb(m, inc)) != 0)
fatal_fr(r, "compose config");
-#if defined(WITH_OPENSSL) && !defined(OPENSSL_PRNG_ONLY)
- rexec_send_rng_seed(m);
-#endif
if (ssh_msg_send(fd, 0, m) == -1)
error_f("ssh_msg_send failed");
@@ -977,10 +973,6 @@ recv_rexec_state(int fd, struct sshbuf *conf)
(r = sshbuf_get_stringb(m, inc)) != 0)
fatal_fr(r, "parse config");
-#if defined(WITH_OPENSSL) && !defined(OPENSSL_PRNG_ONLY)
- rexec_recv_rng_seed(m);
-#endif
-
if (conf != NULL && (r = sshbuf_put(conf, cp, len)))
fatal_fr(r, "sshbuf_put");
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list