resolve warnings in port_linux.c

This commit is contained in:
Jan F 2011-04-01 10:54:41 +02:00
parent 1f6bdc75f1
commit 8ecc9b0555
4 changed files with 108 additions and 72 deletions

View File

@ -1,7 +1,15 @@
diff -up openssh-5.8p1/entropy.c.entropy openssh-5.8p1/entropy.c diff -up openssh-5.8p1/entropy.c.entropy openssh-5.8p1/entropy.c
--- openssh-5.8p1/entropy.c.entropy 2011-01-13 11:05:29.000000000 +0100 --- openssh-5.8p1/entropy.c.entropy 2011-01-13 11:05:29.000000000 +0100
+++ openssh-5.8p1/entropy.c 2011-03-28 16:22:37.422648742 +0200 +++ openssh-5.8p1/entropy.c 2011-04-01 10:23:58.318648953 +0200
@@ -144,6 +144,9 @@ seed_rng(void) @@ -50,6 +50,7 @@
#include "pathnames.h"
#include "log.h"
#include "buffer.h"
+#include "openbsd-compat/port-linux.h"
/*
* Portable OpenSSH PRNG seeding:
@@ -144,6 +145,9 @@ seed_rng(void)
memset(buf, '\0', sizeof(buf)); memset(buf, '\0', sizeof(buf));
#endif /* OPENSSL_PRNG_ONLY */ #endif /* OPENSSL_PRNG_ONLY */
@ -13,7 +21,7 @@ diff -up openssh-5.8p1/entropy.c.entropy openssh-5.8p1/entropy.c
} }
diff -up openssh-5.8p1/openbsd-compat/Makefile.in.entropy openssh-5.8p1/openbsd-compat/Makefile.in diff -up openssh-5.8p1/openbsd-compat/Makefile.in.entropy openssh-5.8p1/openbsd-compat/Makefile.in
--- openssh-5.8p1/openbsd-compat/Makefile.in.entropy 2010-10-07 13:19:24.000000000 +0200 --- openssh-5.8p1/openbsd-compat/Makefile.in.entropy 2010-10-07 13:19:24.000000000 +0200
+++ openssh-5.8p1/openbsd-compat/Makefile.in 2011-03-28 16:22:37.484648793 +0200 +++ openssh-5.8p1/openbsd-compat/Makefile.in 2011-04-01 10:21:38.251648364 +0200
@@ -20,7 +20,7 @@ OPENBSD=base64.o basename.o bindresvport @@ -20,7 +20,7 @@ OPENBSD=base64.o basename.o bindresvport
COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
@ -23,10 +31,22 @@ diff -up openssh-5.8p1/openbsd-compat/Makefile.in.entropy openssh-5.8p1/openbsd-
.c.o: .c.o:
$(CC) $(CFLAGS) $(CPPFLAGS) -c $< $(CC) $(CFLAGS) $(CPPFLAGS) -c $<
diff -up openssh-5.8p1/openbsd-compat/port-linux.h.entropy openssh-5.8p1/openbsd-compat/port-linux.h
--- openssh-5.8p1/openbsd-compat/port-linux.h.entropy 2011-04-01 10:22:10.165648950 +0200
+++ openssh-5.8p1/openbsd-compat/port-linux.h 2011-04-01 10:22:36.965648719 +0200
@@ -19,6 +19,8 @@
#ifndef _PORT_LINUX_H
#define _PORT_LINUX_H
+void linux_seed(void);
+
#ifdef WITH_SELINUX
int ssh_selinux_enabled(void);
void ssh_selinux_setup_pty(char *, const char *);
diff -up openssh-5.8p1/openbsd-compat/port-linux-prng.c.entropy openssh-5.8p1/openbsd-compat/port-linux-prng.c diff -up openssh-5.8p1/openbsd-compat/port-linux-prng.c.entropy openssh-5.8p1/openbsd-compat/port-linux-prng.c
--- openssh-5.8p1/openbsd-compat/port-linux-prng.c.entropy 2011-03-28 16:22:37.508648739 +0200 --- openssh-5.8p1/openbsd-compat/port-linux-prng.c.entropy 2011-04-01 10:21:38.302648133 +0200
+++ openssh-5.8p1/openbsd-compat/port-linux-prng.c 2011-03-28 16:22:37.520650578 +0200 +++ openssh-5.8p1/openbsd-compat/port-linux-prng.c 2011-04-01 10:21:38.311648282 +0200
@@ -0,0 +1,55 @@ @@ -0,0 +1,56 @@
+/* $Id: port-linux.c,v 1.11.4.2 2011/02/04 00:43:08 djm Exp $ */ +/* $Id: port-linux.c,v 1.11.4.2 2011/02/04 00:43:08 djm Exp $ */
+ +
+/* +/*
@ -55,6 +75,7 @@ diff -up openssh-5.8p1/openbsd-compat/port-linux-prng.c.entropy openssh-5.8p1/op
+#include <stdarg.h> +#include <stdarg.h>
+#include <string.h> +#include <string.h>
+#include <stdio.h> +#include <stdio.h>
+#include <openssl/rand.h>
+ +
+#include "log.h" +#include "log.h"
+#include "xmalloc.h" +#include "xmalloc.h"
@ -84,7 +105,7 @@ diff -up openssh-5.8p1/openbsd-compat/port-linux-prng.c.entropy openssh-5.8p1/op
+} +}
diff -up openssh-5.8p1/ssh.1.entropy openssh-5.8p1/ssh.1 diff -up openssh-5.8p1/ssh.1.entropy openssh-5.8p1/ssh.1
--- openssh-5.8p1/ssh.1.entropy 2010-11-20 05:21:03.000000000 +0100 --- openssh-5.8p1/ssh.1.entropy 2010-11-20 05:21:03.000000000 +0100
+++ openssh-5.8p1/ssh.1 2011-03-28 16:22:37.621648461 +0200 +++ openssh-5.8p1/ssh.1 2011-04-01 10:21:38.352648197 +0200
@@ -1250,6 +1250,15 @@ For more information, see the @@ -1250,6 +1250,15 @@ For more information, see the
.Cm PermitUserEnvironment .Cm PermitUserEnvironment
option in option in
@ -103,7 +124,7 @@ diff -up openssh-5.8p1/ssh.1.entropy openssh-5.8p1/ssh.1
.It Pa ~/.rhosts .It Pa ~/.rhosts
diff -up openssh-5.8p1/ssh-add.1.entropy openssh-5.8p1/ssh-add.1 diff -up openssh-5.8p1/ssh-add.1.entropy openssh-5.8p1/ssh-add.1
--- openssh-5.8p1/ssh-add.1.entropy 2010-11-05 00:20:14.000000000 +0100 --- openssh-5.8p1/ssh-add.1.entropy 2010-11-05 00:20:14.000000000 +0100
+++ openssh-5.8p1/ssh-add.1 2011-03-28 16:22:37.674648474 +0200 +++ openssh-5.8p1/ssh-add.1 2011-04-01 10:21:38.416648713 +0200
@@ -157,6 +157,15 @@ to make this work.) @@ -157,6 +157,15 @@ to make this work.)
Identifies the path of a Identifies the path of a
.Ux Ns -domain .Ux Ns -domain
@ -122,7 +143,7 @@ diff -up openssh-5.8p1/ssh-add.1.entropy openssh-5.8p1/ssh-add.1
.Bl -tag -width Ds .Bl -tag -width Ds
diff -up openssh-5.8p1/ssh-agent.1.entropy openssh-5.8p1/ssh-agent.1 diff -up openssh-5.8p1/ssh-agent.1.entropy openssh-5.8p1/ssh-agent.1
--- openssh-5.8p1/ssh-agent.1.entropy 2010-12-01 01:50:35.000000000 +0100 --- openssh-5.8p1/ssh-agent.1.entropy 2010-12-01 01:50:35.000000000 +0100
+++ openssh-5.8p1/ssh-agent.1 2011-03-28 16:22:37.729648529 +0200 +++ openssh-5.8p1/ssh-agent.1 2011-04-01 10:21:38.459648714 +0200
@@ -198,6 +198,18 @@ sockets used to contain the connection t @@ -198,6 +198,18 @@ sockets used to contain the connection t
These sockets should only be readable by the owner. These sockets should only be readable by the owner.
The sockets should get automatically removed when the agent exits. The sockets should get automatically removed when the agent exits.
@ -144,7 +165,7 @@ diff -up openssh-5.8p1/ssh-agent.1.entropy openssh-5.8p1/ssh-agent.1
.Xr ssh-add 1 , .Xr ssh-add 1 ,
diff -up openssh-5.8p1/sshd.8.entropy openssh-5.8p1/sshd.8 diff -up openssh-5.8p1/sshd.8.entropy openssh-5.8p1/sshd.8
--- openssh-5.8p1/sshd.8.entropy 2010-11-05 00:20:14.000000000 +0100 --- openssh-5.8p1/sshd.8.entropy 2010-11-05 00:20:14.000000000 +0100
+++ openssh-5.8p1/sshd.8 2011-03-28 16:22:37.789648521 +0200 +++ openssh-5.8p1/sshd.8 2011-04-01 10:21:38.505648778 +0200
@@ -937,6 +937,18 @@ concurrently for different ports, this c @@ -937,6 +937,18 @@ concurrently for different ports, this c
started last). started last).
The content of this file is not sensitive; it can be world-readable. The content of this file is not sensitive; it can be world-readable.
@ -166,7 +187,7 @@ diff -up openssh-5.8p1/sshd.8.entropy openssh-5.8p1/sshd.8
.Xr sftp 1 , .Xr sftp 1 ,
diff -up openssh-5.8p1/ssh-keygen.1.entropy openssh-5.8p1/ssh-keygen.1 diff -up openssh-5.8p1/ssh-keygen.1.entropy openssh-5.8p1/ssh-keygen.1
--- openssh-5.8p1/ssh-keygen.1.entropy 2010-11-05 00:20:14.000000000 +0100 --- openssh-5.8p1/ssh-keygen.1.entropy 2010-11-05 00:20:14.000000000 +0100
+++ openssh-5.8p1/ssh-keygen.1 2011-03-28 16:22:37.845648487 +0200 +++ openssh-5.8p1/ssh-keygen.1 2011-04-01 10:21:38.554648691 +0200
@@ -655,6 +655,18 @@ Contains Diffie-Hellman groups used for @@ -655,6 +655,18 @@ Contains Diffie-Hellman groups used for
The file format is described in The file format is described in
.Xr moduli 5 . .Xr moduli 5 .
@ -188,7 +209,7 @@ diff -up openssh-5.8p1/ssh-keygen.1.entropy openssh-5.8p1/ssh-keygen.1
.Xr ssh-add 1 , .Xr ssh-add 1 ,
diff -up openssh-5.8p1/ssh-keysign.8.entropy openssh-5.8p1/ssh-keysign.8 diff -up openssh-5.8p1/ssh-keysign.8.entropy openssh-5.8p1/ssh-keysign.8
--- openssh-5.8p1/ssh-keysign.8.entropy 2010-08-31 14:41:14.000000000 +0200 --- openssh-5.8p1/ssh-keysign.8.entropy 2010-08-31 14:41:14.000000000 +0200
+++ openssh-5.8p1/ssh-keysign.8 2011-03-28 16:22:37.900648475 +0200 +++ openssh-5.8p1/ssh-keysign.8 2011-04-01 10:21:38.606648660 +0200
@@ -78,6 +78,18 @@ must be set-uid root if host-based authe @@ -78,6 +78,18 @@ must be set-uid root if host-based authe
If these files exist they are assumed to contain public certificate If these files exist they are assumed to contain public certificate
information corresponding with the private keys above. information corresponding with the private keys above.

View File

@ -1,6 +1,6 @@
diff -up openssh-5.8p1/authfile.c.fips openssh-5.8p1/authfile.c diff -up openssh-5.8p1/authfile.c.fips openssh-5.8p1/authfile.c
--- openssh-5.8p1/authfile.c.fips 2010-12-01 02:03:39.000000000 +0100 --- openssh-5.8p1/authfile.c.fips 2010-12-01 02:03:39.000000000 +0100
+++ openssh-5.8p1/authfile.c 2011-02-25 09:23:19.000000000 +0100 +++ openssh-5.8p1/authfile.c 2011-04-01 09:34:12.136698711 +0200
@@ -145,8 +145,14 @@ key_private_rsa1_to_blob(Key *key, Buffe @@ -145,8 +145,14 @@ key_private_rsa1_to_blob(Key *key, Buffe
/* Allocate space for the private part of the key in the buffer. */ /* Allocate space for the private part of the key in the buffer. */
cp = buffer_append_space(&encrypted, buffer_len(&buffer)); cp = buffer_append_space(&encrypted, buffer_len(&buffer));
@ -35,8 +35,8 @@ diff -up openssh-5.8p1/authfile.c.fips openssh-5.8p1/authfile.c
buffer_ptr(blob), buffer_len(blob)); buffer_ptr(blob), buffer_len(blob));
cipher_cleanup(&ciphercontext); cipher_cleanup(&ciphercontext);
diff -up openssh-5.8p1/cipher.c.fips openssh-5.8p1/cipher.c diff -up openssh-5.8p1/cipher.c.fips openssh-5.8p1/cipher.c
--- openssh-5.8p1/cipher.c.fips 2011-02-25 09:23:18.000000000 +0100 --- openssh-5.8p1/cipher.c.fips 2011-04-01 09:34:05.444648701 +0200
+++ openssh-5.8p1/cipher.c 2011-02-25 09:23:19.000000000 +0100 +++ openssh-5.8p1/cipher.c 2011-04-01 09:34:12.184648648 +0200
@@ -40,6 +40,7 @@ @@ -40,6 +40,7 @@
#include <sys/types.h> #include <sys/types.h>
@ -123,7 +123,7 @@ diff -up openssh-5.8p1/cipher.c.fips openssh-5.8p1/cipher.c
/* /*
diff -up openssh-5.8p1/cipher-ctr.c.fips openssh-5.8p1/cipher-ctr.c diff -up openssh-5.8p1/cipher-ctr.c.fips openssh-5.8p1/cipher-ctr.c
--- openssh-5.8p1/cipher-ctr.c.fips 2010-10-07 13:06:42.000000000 +0200 --- openssh-5.8p1/cipher-ctr.c.fips 2010-10-07 13:06:42.000000000 +0200
+++ openssh-5.8p1/cipher-ctr.c 2011-02-25 09:23:19.000000000 +0100 +++ openssh-5.8p1/cipher-ctr.c 2011-04-01 09:34:12.228648747 +0200
@@ -140,7 +140,8 @@ evp_aes_128_ctr(void) @@ -140,7 +140,8 @@ evp_aes_128_ctr(void)
aes_ctr.do_cipher = ssh_aes_ctr; aes_ctr.do_cipher = ssh_aes_ctr;
#ifndef SSH_OLD_EVP #ifndef SSH_OLD_EVP
@ -135,8 +135,8 @@ diff -up openssh-5.8p1/cipher-ctr.c.fips openssh-5.8p1/cipher-ctr.c
return (&aes_ctr); return (&aes_ctr);
} }
diff -up openssh-5.8p1/cipher.h.fips openssh-5.8p1/cipher.h diff -up openssh-5.8p1/cipher.h.fips openssh-5.8p1/cipher.h
--- openssh-5.8p1/cipher.h.fips 2011-02-25 09:23:18.000000000 +0100 --- openssh-5.8p1/cipher.h.fips 2011-04-01 09:34:05.488648661 +0200
+++ openssh-5.8p1/cipher.h 2011-02-25 09:23:19.000000000 +0100 +++ openssh-5.8p1/cipher.h 2011-04-01 09:34:12.270648743 +0200
@@ -87,7 +87,7 @@ void cipher_init(CipherContext *, Ciphe @@ -87,7 +87,7 @@ void cipher_init(CipherContext *, Ciphe
const u_char *, u_int, int); const u_char *, u_int, int);
void cipher_crypt(CipherContext *, u_char *, const u_char *, u_int); void cipher_crypt(CipherContext *, u_char *, const u_char *, u_int);
@ -147,8 +147,8 @@ diff -up openssh-5.8p1/cipher.h.fips openssh-5.8p1/cipher.h
u_int cipher_keylen(const Cipher *); u_int cipher_keylen(const Cipher *);
u_int cipher_is_cbc(const Cipher *); u_int cipher_is_cbc(const Cipher *);
diff -up openssh-5.8p1/key.c.fips openssh-5.8p1/key.c diff -up openssh-5.8p1/key.c.fips openssh-5.8p1/key.c
--- openssh-5.8p1/key.c.fips 2011-02-25 09:23:19.000000000 +0100 --- openssh-5.8p1/key.c.fips 2011-04-01 09:34:07.105648513 +0200
+++ openssh-5.8p1/key.c 2011-02-25 09:24:35.000000000 +0100 +++ openssh-5.8p1/key.c 2011-04-01 09:34:12.329648473 +0200
@@ -40,6 +40,7 @@ @@ -40,6 +40,7 @@
#include <sys/types.h> #include <sys/types.h>
@ -175,8 +175,8 @@ diff -up openssh-5.8p1/key.c.fips openssh-5.8p1/key.c
} }
return rv; return rv;
diff -up openssh-5.8p1/mac.c.fips openssh-5.8p1/mac.c diff -up openssh-5.8p1/mac.c.fips openssh-5.8p1/mac.c
--- openssh-5.8p1/mac.c.fips 2011-02-25 09:23:18.000000000 +0100 --- openssh-5.8p1/mac.c.fips 2011-04-01 09:34:06.204648928 +0200
+++ openssh-5.8p1/mac.c 2011-02-25 09:23:19.000000000 +0100 +++ openssh-5.8p1/mac.c 2011-04-01 09:34:12.379648663 +0200
@@ -28,6 +28,7 @@ @@ -28,6 +28,7 @@
#include <sys/types.h> #include <sys/types.h>
@ -227,9 +227,9 @@ diff -up openssh-5.8p1/mac.c.fips openssh-5.8p1/mac.c
for (i = 0; macs[i].name; i++) { for (i = 0; macs[i].name; i++) {
if (strcmp(name, macs[i].name) == 0) { if (strcmp(name, macs[i].name) == 0) {
diff -up openssh-5.8p1/Makefile.in.fips openssh-5.8p1/Makefile.in diff -up openssh-5.8p1/Makefile.in.fips openssh-5.8p1/Makefile.in
--- openssh-5.8p1/Makefile.in.fips 2011-02-25 09:23:19.000000000 +0100 --- openssh-5.8p1/Makefile.in.fips 2011-04-01 09:34:09.725648593 +0200
+++ openssh-5.8p1/Makefile.in 2011-02-25 09:23:19.000000000 +0100 +++ openssh-5.8p1/Makefile.in 2011-04-01 09:34:12.422658984 +0200
@@ -145,25 +145,25 @@ libssh.a: $(LIBSSH_OBJS) @@ -146,25 +146,25 @@ libssh.a: $(LIBSSH_OBJS)
$(RANLIB) $@ $(RANLIB) $@
ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS) ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
@ -261,7 +261,7 @@ diff -up openssh-5.8p1/Makefile.in.fips openssh-5.8p1/Makefile.in
ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o
$(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) $(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
@@ -172,7 +172,7 @@ ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) l @@ -173,7 +173,7 @@ ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) l
$(LD) -o $@ ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS) $(LD) -o $@ ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o
@ -272,7 +272,7 @@ diff -up openssh-5.8p1/Makefile.in.fips openssh-5.8p1/Makefile.in
$(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
diff -up openssh-5.8p1/myproposal.h.fips openssh-5.8p1/myproposal.h diff -up openssh-5.8p1/myproposal.h.fips openssh-5.8p1/myproposal.h
--- openssh-5.8p1/myproposal.h.fips 2011-01-13 12:00:22.000000000 +0100 --- openssh-5.8p1/myproposal.h.fips 2011-01-13 12:00:22.000000000 +0100
+++ openssh-5.8p1/myproposal.h 2011-02-25 09:23:19.000000000 +0100 +++ openssh-5.8p1/myproposal.h 2011-04-01 09:34:12.583648839 +0200
@@ -81,7 +81,12 @@ @@ -81,7 +81,12 @@
"hmac-sha1-96,hmac-md5-96" "hmac-sha1-96,hmac-md5-96"
#define KEX_DEFAULT_COMP "none,zlib@openssh.com,zlib" #define KEX_DEFAULT_COMP "none,zlib@openssh.com,zlib"
@ -289,51 +289,65 @@ diff -up openssh-5.8p1/myproposal.h.fips openssh-5.8p1/myproposal.h
KEX_DEFAULT_KEX, KEX_DEFAULT_KEX,
diff -up openssh-5.8p1/openbsd-compat/bsd-arc4random.c.fips openssh-5.8p1/openbsd-compat/bsd-arc4random.c diff -up openssh-5.8p1/openbsd-compat/bsd-arc4random.c.fips openssh-5.8p1/openbsd-compat/bsd-arc4random.c
--- openssh-5.8p1/openbsd-compat/bsd-arc4random.c.fips 2010-03-25 22:52:02.000000000 +0100 --- openssh-5.8p1/openbsd-compat/bsd-arc4random.c.fips 2010-03-25 22:52:02.000000000 +0100
+++ openssh-5.8p1/openbsd-compat/bsd-arc4random.c 2011-02-25 09:23:19.000000000 +0100 +++ openssh-5.8p1/openbsd-compat/bsd-arc4random.c 2011-04-01 09:36:17.282648749 +0200
@@ -39,6 +39,7 @@ @@ -37,25 +37,18 @@
static int rc4_ready = 0; #define REKEY_BYTES (1 << 24)
static RC4_KEY rc4;
static int rc4_ready = 0;
-static RC4_KEY rc4;
+#if 0
unsigned int unsigned int
arc4random(void) arc4random(void)
{ {
@@ -82,6 +83,32 @@ arc4random_stir(void) unsigned int r = 0;
- static int first_time = 1;
rc4_ready = REKEY_BYTES;
}
+#else
+unsigned int
+arc4random(void)
+{
+ unsigned int r = 0;
+ void *rp = &r; + void *rp = &r;
+
- if (rc4_ready <= 0) {
- if (first_time)
- seed_rng();
- first_time = 0;
+ if (!rc4_ready) { + if (!rc4_ready) {
+ arc4random_stir(); arc4random_stir();
+ } }
+ RAND_bytes(rp, sizeof(r)); + RAND_bytes(rp, sizeof(r));
+
+ return(r); - RC4(&rc4, sizeof(r), (unsigned char *)&r, (unsigned char *)&r);
+} -
+ - rc4_ready -= sizeof(r);
+void -
+arc4random_stir(void) return(r);
+{ }
+ unsigned char rand_buf[SEED_SIZE];
+ @@ -63,24 +56,11 @@ void
+ if (RAND_bytes(rand_buf, sizeof(rand_buf)) <= 0) arc4random_stir(void)
+ fatal("Couldn't obtain random bytes (error %ld)", {
+ ERR_get_error()); unsigned char rand_buf[SEED_SIZE];
- int i;
- memset(&rc4, 0, sizeof(rc4));
if (RAND_bytes(rand_buf, sizeof(rand_buf)) <= 0)
fatal("Couldn't obtain random bytes (error %ld)",
ERR_get_error());
- RC4_set_key(&rc4, sizeof(rand_buf), rand_buf);
-
- /*
- * Discard early keystream, as per recommendations in:
- * http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/Rc4_ksa.ps
- */
- for(i = 0; i <= 256; i += sizeof(rand_buf))
- RC4(&rc4, sizeof(rand_buf), rand_buf, rand_buf);
-
- memset(rand_buf, 0, sizeof(rand_buf));
-
- rc4_ready = REKEY_BYTES;
+ rc4_ready = 1; + rc4_ready = 1;
+} }
+#endif
#endif /* !HAVE_ARC4RANDOM */ #endif /* !HAVE_ARC4RANDOM */
#ifndef HAVE_ARC4RANDOM_BUF
diff -up openssh-5.8p1/ssh.c.fips openssh-5.8p1/ssh.c diff -up openssh-5.8p1/ssh.c.fips openssh-5.8p1/ssh.c
--- openssh-5.8p1/ssh.c.fips 2011-02-04 01:42:15.000000000 +0100 --- openssh-5.8p1/ssh.c.fips 2011-02-04 01:42:15.000000000 +0100
+++ openssh-5.8p1/ssh.c 2011-02-25 09:23:19.000000000 +0100 +++ openssh-5.8p1/ssh.c 2011-04-01 09:34:12.689648154 +0200
@@ -73,6 +73,8 @@ @@ -73,6 +73,8 @@
#include <openssl/evp.h> #include <openssl/evp.h>
@ -397,8 +411,8 @@ diff -up openssh-5.8p1/ssh.c.fips openssh-5.8p1/ssh.c
if (ssh_connect(host, &hostaddr, options.port, if (ssh_connect(host, &hostaddr, options.port,
options.address_family, options.connection_attempts, &timeout_ms, options.address_family, options.connection_attempts, &timeout_ms,
diff -up openssh-5.8p1/sshconnect2.c.fips openssh-5.8p1/sshconnect2.c diff -up openssh-5.8p1/sshconnect2.c.fips openssh-5.8p1/sshconnect2.c
--- openssh-5.8p1/sshconnect2.c.fips 2011-02-25 09:23:18.000000000 +0100 --- openssh-5.8p1/sshconnect2.c.fips 2011-04-01 09:34:03.780648205 +0200
+++ openssh-5.8p1/sshconnect2.c 2011-02-25 09:23:19.000000000 +0100 +++ openssh-5.8p1/sshconnect2.c 2011-04-01 09:34:12.739648223 +0200
@@ -44,6 +44,8 @@ @@ -44,6 +44,8 @@
#include <vis.h> #include <vis.h>
#endif #endif
@ -432,8 +446,8 @@ diff -up openssh-5.8p1/sshconnect2.c.fips openssh-5.8p1/sshconnect2.c
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
options.hostkeyalgorithms; options.hostkeyalgorithms;
diff -up openssh-5.8p1/sshd.c.fips openssh-5.8p1/sshd.c diff -up openssh-5.8p1/sshd.c.fips openssh-5.8p1/sshd.c
--- openssh-5.8p1/sshd.c.fips 2011-02-25 09:23:19.000000000 +0100 --- openssh-5.8p1/sshd.c.fips 2011-04-01 09:34:11.218648712 +0200
+++ openssh-5.8p1/sshd.c 2011-02-25 09:23:19.000000000 +0100 +++ openssh-5.8p1/sshd.c 2011-04-01 09:34:12.835695243 +0200
@@ -76,6 +76,8 @@ @@ -76,6 +76,8 @@
#include <openssl/bn.h> #include <openssl/bn.h>
#include <openssl/md5.h> #include <openssl/md5.h>
@ -443,7 +457,7 @@ diff -up openssh-5.8p1/sshd.c.fips openssh-5.8p1/sshd.c
#include "openbsd-compat/openssl-compat.h" #include "openbsd-compat/openssl-compat.h"
#ifdef HAVE_SECUREWARE #ifdef HAVE_SECUREWARE
@@ -1364,6 +1366,12 @@ main(int ac, char **av) @@ -1368,6 +1370,12 @@ main(int ac, char **av)
(void)set_auth_parameters(ac, av); (void)set_auth_parameters(ac, av);
#endif #endif
__progname = ssh_get_progname(av[0]); __progname = ssh_get_progname(av[0]);
@ -456,7 +470,7 @@ diff -up openssh-5.8p1/sshd.c.fips openssh-5.8p1/sshd.c
init_rng(); init_rng();
/* Save argv. Duplicate so setproctitle emulation doesn't clobber it */ /* Save argv. Duplicate so setproctitle emulation doesn't clobber it */
@@ -1525,8 +1533,6 @@ main(int ac, char **av) @@ -1529,8 +1537,6 @@ main(int ac, char **av)
else else
closefrom(REEXEC_DEVCRYPTO_RESERVED_FD); closefrom(REEXEC_DEVCRYPTO_RESERVED_FD);
@ -465,7 +479,7 @@ diff -up openssh-5.8p1/sshd.c.fips openssh-5.8p1/sshd.c
/* /*
* Force logging to stderr until we have loaded the private host * Force logging to stderr until we have loaded the private host
* key (unless started from inetd) * key (unless started from inetd)
@@ -1645,6 +1651,10 @@ main(int ac, char **av) @@ -1649,6 +1655,10 @@ main(int ac, char **av)
debug("private host key: #%d type %d %s", i, key->type, debug("private host key: #%d type %d %s", i, key->type,
key_type(key)); key_type(key));
} }
@ -476,7 +490,7 @@ diff -up openssh-5.8p1/sshd.c.fips openssh-5.8p1/sshd.c
if ((options.protocol & SSH_PROTO_1) && !sensitive_data.have_ssh1_key) { if ((options.protocol & SSH_PROTO_1) && !sensitive_data.have_ssh1_key) {
logit("Disabling protocol version 1. Could not load host key"); logit("Disabling protocol version 1. Could not load host key");
options.protocol &= ~SSH_PROTO_1; options.protocol &= ~SSH_PROTO_1;
@@ -1809,6 +1819,10 @@ main(int ac, char **av) @@ -1813,6 +1823,10 @@ main(int ac, char **av)
/* Initialize the random number generator. */ /* Initialize the random number generator. */
arc4random_stir(); arc4random_stir();
@ -487,7 +501,7 @@ diff -up openssh-5.8p1/sshd.c.fips openssh-5.8p1/sshd.c
/* Chdir to the root directory so that the current disk can be /* Chdir to the root directory so that the current disk can be
unmounted if desired. */ unmounted if desired. */
chdir("/"); chdir("/");
@@ -2350,6 +2364,9 @@ do_ssh2_kex(void) @@ -2355,6 +2369,9 @@ do_ssh2_kex(void)
if (options.ciphers != NULL) { if (options.ciphers != NULL) {
myproposal[PROPOSAL_ENC_ALGS_CTOS] = myproposal[PROPOSAL_ENC_ALGS_CTOS] =
myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers; myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
@ -497,7 +511,7 @@ diff -up openssh-5.8p1/sshd.c.fips openssh-5.8p1/sshd.c
} }
myproposal[PROPOSAL_ENC_ALGS_CTOS] = myproposal[PROPOSAL_ENC_ALGS_CTOS] =
compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]); compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]);
@@ -2359,6 +2376,9 @@ do_ssh2_kex(void) @@ -2364,6 +2381,9 @@ do_ssh2_kex(void)
if (options.macs != NULL) { if (options.macs != NULL) {
myproposal[PROPOSAL_MAC_ALGS_CTOS] = myproposal[PROPOSAL_MAC_ALGS_CTOS] =
myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;

View File

@ -6,7 +6,7 @@ diff -up openssh-5.8p1/session.c.pwchange openssh-5.8p1/session.c
fprintf(stderr, fprintf(stderr,
"You must change your password now and login again!\n"); "You must change your password now and login again!\n");
+#ifdef __linux__ +#ifdef __linux__
+ execl("/bin/sh", "sh", "-c", "passwd", s->pw->pw_name, + execl("/bin/sh", "sh", "-c", _PATH_PASSWD_PROG, s->pw->pw_name,
+ (char *)NULL); + (char *)NULL);
+#else +#else
#ifdef PASSWD_NEEDS_USERNAME #ifdef PASSWD_NEEDS_USERNAME

View File

@ -7,11 +7,12 @@
patch -sp0 << EOF patch -sp0 << EOF
--- cipher.c.orig 2005-07-17 09:02:10.000000000 +0200 --- cipher.c.orig 2005-07-17 09:02:10.000000000 +0200
+++ cipher.c 2005-09-06 14:52:06.000000000 +0200 +++ cipher.c 2005-09-06 14:52:06.000000000 +0200
@@ -45,6 +45,8 @@ @@ -45,6 +45,9 @@
/* compatibility with old or broken OpenSSL versions */ /* compatibility with old or broken OpenSSL versions */
#include "openbsd-compat/openssl-compat.h" #include "openbsd-compat/openssl-compat.h"
+#undef USE_CIPHER_ACSS +#undef USE_CIPHER_ACSS
+#undef EVP_acss
+#define EVP_acss NULL +#define EVP_acss NULL
extern const EVP_CIPHER *evp_ssh1_bf(void); extern const EVP_CIPHER *evp_ssh1_bf(void);