diff options
author | Damien Miller <djm@mindrot.org> | 2016-11-30 13:51:49 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2016-11-30 13:51:49 +1100 |
commit | c9f880c195c65f1dddcbc4ce9d6bfea7747debcc (patch) | |
tree | cab69c04041fa6ba8affe42d289ce9a9261b64fd | |
parent | 79e4829ec81dead1b30999e1626eca589319a47f (diff) |
factor out common PRNG reseed before privdrop
Add a call to RAND_poll() to ensure than more than pid+time gets
stirred into child processes states. Prompted by analysis from Jann
Horn at Project Zero. ok dtucker@
-rw-r--r-- | sshd.c | 42 |
1 files changed, 23 insertions, 19 deletions
@@ -499,9 +499,29 @@ demote_sensitive_data(void) } static void -privsep_preauth_child(void) +reseed_prngs(void) { u_int32_t rnd[256]; + +#ifdef WITH_OPENSSL + RAND_poll(); +#endif + arc4random_stir(); /* noop on recent arc4random() implementations */ + arc4random_buf(rnd, sizeof(rnd)); /* let arc4random notice PID change */ + +#ifdef WITH_OPENSSL + RAND_seed(rnd, sizeof(rnd)); + /* give libcrypto a chance to notice the PID change */ + if ((RAND_bytes((u_char *)rnd, 1)) != 1) + fatal("%s: RAND_bytes failed", __func__); +#endif + + explicit_bzero(rnd, sizeof(rnd)); +} + +static void +privsep_preauth_child(void) +{ gid_t gidset[1]; /* Enable challenge-response authentication for privilege separation */ @@ -513,14 +533,7 @@ privsep_preauth_child(void) ssh_gssapi_prepare_supported_oids(); #endif - arc4random_stir(); - arc4random_buf(rnd, sizeof(rnd)); -#ifdef WITH_OPENSSL - RAND_seed(rnd, sizeof(rnd)); - if ((RAND_bytes((u_char *)rnd, 1)) != 1) - fatal("%s: RAND_bytes failed", __func__); -#endif - explicit_bzero(rnd, sizeof(rnd)); + reseed_prngs(); /* Demote the private keys to public keys. */ demote_sensitive_data(); @@ -616,8 +629,6 @@ privsep_preauth(Authctxt *authctxt) static void privsep_postauth(Authctxt *authctxt) { - u_int32_t rnd[256]; - #ifdef DISABLE_FD_PASSING if (1) { #else @@ -651,14 +662,7 @@ privsep_postauth(Authctxt *authctxt) /* Demote the private keys to public keys. */ demote_sensitive_data(); - arc4random_stir(); - arc4random_buf(rnd, sizeof(rnd)); -#ifdef WITH_OPENSSL - RAND_seed(rnd, sizeof(rnd)); - if ((RAND_bytes((u_char *)rnd, 1)) != 1) - fatal("%s: RAND_bytes failed", __func__); -#endif - explicit_bzero(rnd, sizeof(rnd)); + reseed_prngs(); /* Drop privileges */ do_setusercontext(authctxt->pw); |