|
Jan F |
8fe150 |
diff -up openssh-5.8p1/sshd.c.reseed openssh-5.8p1/sshd.c
|
|
Jan F |
8fe150 |
--- openssh-5.8p1/sshd.c.reseed 2011-03-16 15:48:47.870648161 +0100
|
|
Jan F |
8fe150 |
+++ openssh-5.8p1/sshd.c 2011-03-16 18:55:52.998648933 +0100
|
|
Jan F |
8fe150 |
@@ -225,6 +225,8 @@ static volatile sig_atomic_t key_do_rege
|
|
Jan F |
8fe150 |
static volatile sig_atomic_t received_sighup = 0;
|
|
Jan F |
8fe150 |
static volatile sig_atomic_t received_sigterm = 0;
|
|
Jan F |
8fe150 |
|
|
Jan F |
8fe150 |
+static volatile int need_reseed = 0;
|
|
Jan F |
8fe150 |
+
|
|
Jan F |
8fe150 |
/* session identifier, used by RSA-auth */
|
|
Jan F |
8fe150 |
u_char session_id[16];
|
|
Jan F |
8fe150 |
|
|
Jan F |
8fe150 |
@@ -396,6 +398,9 @@ generate_ephemeral_server_key(void)
|
|
Jan F |
8fe150 |
arc4random_stir();
|
|
Jan F |
8fe150 |
}
|
|
Jan F |
8fe150 |
|
|
Jan F |
8fe150 |
+/*
|
|
Jan F |
8fe150 |
+ * Signal handler for the alarm in the accept loop.
|
|
Jan F |
8fe150 |
+ */
|
|
Jan F |
8fe150 |
/*ARGSUSED*/
|
|
Jan F |
8fe150 |
static void
|
|
Jan F |
8fe150 |
key_regeneration_alarm(int sig)
|
|
Jan F |
8fe150 |
@@ -405,6 +410,7 @@ key_regeneration_alarm(int sig)
|
|
Jan F |
8fe150 |
signal(SIGALRM, SIG_DFL);
|
|
Jan F |
8fe150 |
errno = save_errno;
|
|
Jan F |
8fe150 |
key_do_regen = 1;
|
|
Jan F |
8fe150 |
+ need_reseed = 1;
|
|
Jan F |
8fe150 |
}
|
|
Jan F |
8fe150 |
|
|
Jan F |
8fe150 |
static void
|
|
Jan F |
39c7b0 |
@@ -1277,6 +1285,13 @@ server_accept_loop(int *sock_in, int *so
|
|
Jan F |
8fe150 |
* the child process the connection. The
|
|
Jan F |
8fe150 |
* parent continues listening.
|
|
Jan F |
8fe150 |
*/
|
|
Jan F |
8fe150 |
+ if (need_reseed) {
|
|
Jan F |
8fe150 |
+ seed_rng();
|
|
Jan F |
8fe150 |
+ logit("random reseeded");
|
|
Jan F |
8fe150 |
+ need_reseed = 0;
|
|
Jan F |
39c7b0 |
+ signal(SIGALRM, key_regeneration_alarm);
|
|
Jan F |
8fe150 |
+ alarm(options.key_regeneration_time);
|
|
Jan F |
8fe150 |
+ }
|
|
Jan F |
8fe150 |
platform_pre_fork();
|
|
Jan F |
8fe150 |
if ((pid = fork()) == 0) {
|
|
Jan F |
8fe150 |
/*
|
|
Jan F |
8fe150 |
@@ -1836,6 +1852,8 @@ main(int ac, char **av)
|
|
Jan F |
8fe150 |
signal(SIGCHLD, main_sigchld_handler);
|
|
Jan F |
8fe150 |
signal(SIGTERM, sigterm_handler);
|
|
Jan F |
8fe150 |
signal(SIGQUIT, sigterm_handler);
|
|
Jan F |
8fe150 |
+ signal(SIGALRM, key_regeneration_alarm);
|
|
Jan F |
8fe150 |
+ alarm(options.key_regeneration_time);
|
|
Jan F |
8fe150 |
|
|
Jan F |
8fe150 |
/*
|
|
Jan F |
8fe150 |
* Write out the pid file after the sigterm handler
|