vishalmishra434 / rpms / openssh

Forked from rpms/openssh 3 months ago
Clone
Jan F 8fe150
diff -up openssh-5.8p1/sshd.c.reseed openssh-5.8p1/sshd.c
Jan F 8fe150
--- openssh-5.8p1/sshd.c.reseed	2011-03-16 15:48:47.870648161 +0100
Jan F 8fe150
+++ openssh-5.8p1/sshd.c	2011-03-16 18:55:52.998648933 +0100
Jan F 8fe150
@@ -225,6 +225,8 @@ static volatile sig_atomic_t key_do_rege
Jan F 8fe150
 static volatile sig_atomic_t received_sighup = 0;
Jan F 8fe150
 static volatile sig_atomic_t received_sigterm = 0;
Jan F 8fe150
 
Jan F 8fe150
+static volatile int need_reseed = 0;
Jan F 8fe150
+
Jan F 8fe150
 /* session identifier, used by RSA-auth */
Jan F 8fe150
 u_char session_id[16];
Jan F 8fe150
 
Jan F 8fe150
@@ -396,6 +398,9 @@ generate_ephemeral_server_key(void)
Jan F 8fe150
 	arc4random_stir();
Jan F 8fe150
 }
Jan F 8fe150
 
Jan F 8fe150
+/*
Jan F 8fe150
+ * Signal handler for the alarm in the accept loop.
Jan F 8fe150
+ */
Jan F 8fe150
 /*ARGSUSED*/
Jan F 8fe150
 static void
Jan F 8fe150
 key_regeneration_alarm(int sig)
Jan F 8fe150
@@ -405,6 +410,7 @@ key_regeneration_alarm(int sig)
Jan F 8fe150
 	signal(SIGALRM, SIG_DFL);
Jan F 8fe150
 	errno = save_errno;
Jan F 8fe150
 	key_do_regen = 1;
Jan F 8fe150
+	need_reseed = 1;
Jan F 8fe150
 }
Jan F 8fe150
 
Jan F 8fe150
 static void
Jan F 8fe150
@@ -1277,6 +1285,12 @@ server_accept_loop(int *sock_in, int *so
Jan F 8fe150
 			 * the child process the connection. The
Jan F 8fe150
 			 * parent continues listening.
Jan F 8fe150
 			 */
Jan F 8fe150
+			if (need_reseed) {
Jan F 8fe150
+				seed_rng();
Jan F 8fe150
+				logit("random reseeded");
Jan F 8fe150
+				need_reseed = 0;
Jan F 8fe150
+				alarm(options.key_regeneration_time);
Jan F 8fe150
+			}
Jan F 8fe150
 			platform_pre_fork();
Jan F 8fe150
 			if ((pid = fork()) == 0) {
Jan F 8fe150
 				/*
Jan F 8fe150
@@ -1836,6 +1852,8 @@ main(int ac, char **av)
Jan F 8fe150
 		signal(SIGCHLD, main_sigchld_handler);
Jan F 8fe150
 		signal(SIGTERM, sigterm_handler);
Jan F 8fe150
 		signal(SIGQUIT, sigterm_handler);
Jan F 8fe150
+		signal(SIGALRM, key_regeneration_alarm);
Jan F 8fe150
+		alarm(options.key_regeneration_time);
Jan F 8fe150
 
Jan F 8fe150
 		/*
Jan F 8fe150
 		 * Write out the pid file after the sigterm handler