]> git.ipfire.org Git - thirdparty/openssh-portable.git/commitdiff
Remove seed passing over reexec.
authorDarren Tucker <dtucker@dtucker.net>
Thu, 10 Nov 2022 01:44:51 +0000 (12:44 +1100)
committerDarren Tucker <dtucker@dtucker.net>
Thu, 10 Nov 2022 01:44:51 +0000 (12:44 +1100)
This was added for the benefit of platforms using ssh-rand-helper to
prevent a delay on each connection as sshd reseeded itself.

ssh-random-helper is long gone, and since the re-exec happens before the
chroot the re-execed sshd can reseed itself normally. ok djm@

entropy.c
sshd.c

index a4088e43cdf8de7a6de918f4157db55c6e7885bd..842c66fd6d0f568b76a1cbffb9508befaf013c22 100644 (file)
--- a/entropy.c
+++ b/entropy.c
  * /dev/random), then collect RANDOM_SEED_SIZE bytes of randomness from
  * PRNGd.
  */
-#ifndef OPENSSL_PRNG_ONLY
-
-void
-rexec_send_rng_seed(struct sshbuf *m)
-{
-       u_char buf[RANDOM_SEED_SIZE];
-       size_t len = sizeof(buf);
-       int r;
-
-       if (RAND_bytes(buf, sizeof(buf)) <= 0) {
-               error("Couldn't obtain random bytes (error %ld)",
-                   ERR_get_error());
-               len = 0;
-       }
-       if ((r = sshbuf_put_string(m, buf, len)) != 0)
-               fatal("%s: buffer error: %s", __func__, ssh_err(r));
-       explicit_bzero(buf, sizeof(buf));
-}
-
-void
-rexec_recv_rng_seed(struct sshbuf *m)
-{
-       const u_char *buf = NULL;
-       size_t len = 0;
-       int r;
-
-       if ((r = sshbuf_get_string_direct(m, &buf, &len)) != 0)
-               fatal("%s: buffer error: %s", __func__, ssh_err(r));
-
-       debug3("rexec_recv_rng_seed: seeding rng with %lu bytes",
-           (unsigned long)len);
-       RAND_add(buf, len, len);
-}
-#endif /* OPENSSL_PRNG_ONLY */
 
 void
 seed_rng(void)
diff --git a/sshd.c b/sshd.c
index 808d91ef2ffaaae25f6c07aeb8738eb23887f671..d5e6a133c8ba1c8031ff3e8f995da7d69e1fdfd8 100644 (file)
--- a/sshd.c
+++ b/sshd.c
@@ -937,14 +937,10 @@ send_rexec_state(int fd, struct sshbuf *conf)
         *              string  filename
         *              string  contents
         *      }
-        *      string  rng_seed (if required)
         */
        if ((r = sshbuf_put_stringb(m, conf)) != 0 ||
            (r = sshbuf_put_stringb(m, inc)) != 0)
                fatal_fr(r, "compose config");
-#if defined(WITH_OPENSSL) && !defined(OPENSSL_PRNG_ONLY)
-       rexec_send_rng_seed(m);
-#endif
        if (ssh_msg_send(fd, 0, m) == -1)
                error_f("ssh_msg_send failed");
 
@@ -977,10 +973,6 @@ recv_rexec_state(int fd, struct sshbuf *conf)
            (r = sshbuf_get_stringb(m, inc)) != 0)
                fatal_fr(r, "parse config");
 
-#if defined(WITH_OPENSSL) && !defined(OPENSSL_PRNG_ONLY)
-       rexec_recv_rng_seed(m);
-#endif
-
        if (conf != NULL && (r = sshbuf_put(conf, cp, len)))
                fatal_fr(r, "sshbuf_put");