Skip to content

GitLab

Commit c0fb432a authored by Niels Möller's avatar Niels Möller
Browse files
Options

src/unix_random.c: Rewrote to use yarrow. Updated users. 

Rev: src/client.c:1.136
Rev: src/client.h:1.49
Rev: src/lsh-keygen.c:1.10
Rev: src/lsh-writekey.c:1.22
Rev: src/lsh.c:1.156
Rev: src/lsh_proxy.c:1.29
Rev: src/lshd.c:1.132
Rev: src/srp-gen.c:1.13
parent d1663859
Hide whitespace changes
Inline Side-by-side
Showing with 80 additions and 52 deletions
src/client.c
View file @ c0fb432a
......@@ -413,7 +413,7 @@ make_client_session(struct client_options *options);
void
init_client_options(struct client_options *self,
struct randomness_with_poll *random,
struct randomness *random,
struct exception_handler *handler,
int *exit_code)
{
......@@ -612,7 +612,7 @@ client_maybe_x11(struct client_options *options,
assert(options->random);
if (display)
request = make_forward_x11(display, &options->random->super);
request = make_forward_x11(display, options->random);
if (request)
{
......
src/client.h
View file @ c0fb432a
......@@ -117,7 +117,7 @@ make_client_x11_display(const char *display, struct lsh_string *fake);
(name client_options)
(vars
;; Used only by lsh, NULL for lshg.
(random object randomness_with_poll)
(random object randomness)
(tty object interact)
......@@ -166,7 +166,7 @@ make_client_x11_display(const char *display, struct lsh_string *fake);
void
init_client_options(struct client_options *options,
struct randomness_with_poll *random,
struct randomness *random,
struct exception_handler *handler,
int *exit_code);
......
src/lsh-keygen.c
View file @ c0fb432a
......@@ -40,6 +40,7 @@
#include "lsh_argp.h"
#include <assert.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
......@@ -179,6 +180,7 @@ main_argp =
NULL, NULL
};
#if 0
static void
do_lsh_keygen_handler(struct exception_handler *s UNUSED,
const struct exception *e)
......@@ -190,26 +192,37 @@ do_lsh_keygen_handler(struct exception_handler *s UNUSED,
static struct exception_handler handler =
STATIC_EXCEPTION_HANDLER(do_lsh_keygen_handler, NULL);
#endif
int main(int argc, char **argv)
int
main(int argc, char **argv)
{
struct lsh_keygen_options * options
= make_lsh_keygen_options();
struct sexp *key;
struct randomness_with_poll *r;
struct randomness *r;
struct lsh_string *out;
const struct exception *e;
argp_parse(&main_argp, argc, argv, 0, NULL, options);
r = make_default_random(NULL, &handler);
r = make_user_random(getenv("HOME"));
if (!r)
{
werror("Failed to initialize randomness generator.\n");
return EXIT_FAILURE;
}
/* FIXME: Optionally use interactive keyboard input to get some more
* entropy */
assert(r->quality == RANDOM_GOOD);
switch (options->algorithm)
{
case 'd':
key = dsa_generate_key(&r->super, options->level);
key = dsa_generate_key(r, options->level);
break;
case 'r':
{
......@@ -220,11 +233,11 @@ int main(int argc, char **argv)
{
/* Use a reasonably small random e, and make sure that at
* it is odd and has at most one more one bit. */
bignum_random_size(e, &r->super, 30);
bignum_random_size(e, r, 30);
mpz_setbit(e, 0);
mpz_setbit(e, 17);
key = rsa_generate_key(e, &r->super, options->level);
key = rsa_generate_key(e, r, options->level);
if (key)
break;
......
src/lsh-writekey.c
View file @ c0fb432a
......@@ -101,8 +101,8 @@ make_lsh_writekey_options(void)
self->signature_algorithms = all_signature_algorithms(NULL);
/* We use this only for salt and iv generation. */
self->r = make_bad_random();
self->r = make_user_random(getenv("HOME"));
/* A better default would be crypto_cbc(make_des3()) */
self->crypto = NULL;
......@@ -289,7 +289,7 @@ open_private_file(const struct lsh_string *file)
0600);
if (fd < 0)
werror("Failed to open `%z'for writing: %z\n"
werror("Failed to open `%S'for writing: %z\n"
"lsh-writekey doesn't overwrite existing key files.\n"
"If you *really* want to do that, you should delete\n"
"the existing files first\n",
......
src/lsh.c
View file @ c0fb432a
......@@ -132,16 +132,25 @@ make_options(struct exception_handler *handler,
int *exit_code)
{
NEW(lsh_options, self);
const char *home = getenv("HOME");
struct randomness *r = make_user_random(home);
if (!r)
{
werror("Failed to initialize randomness generator.\n");
return NULL;
}
init_client_options(&self->super,
make_default_random(NULL, handler),
r,
handler, exit_code);
self->algorithms
= make_algorithms_options(all_symmetric_algorithms());
self->home = getenv("HOME");
self->home = home;
self->signature_algorithms = all_signature_algorithms(&self->super.random->super);
self->signature_algorithms = all_signature_algorithms(r);
self->sloppy = 0;
self->capture = NULL;
......@@ -822,7 +831,7 @@ main_argp_parser(int key, char *arg, struct argp_state *state)
LIST(self->kex_algorithms)[i++] = ATOM_SRP_RING1_SHA1_LOCAL;
ALIST_SET(self->algorithms->algorithms,
ATOM_SRP_RING1_SHA1_LOCAL,
&make_srp_client(make_srp1(&self->super.random->super),
&make_srp_client(make_srp1(self->super.random),
self->super.tty,
ssh_format("%lz", self->super.user))
->super);
......@@ -833,7 +842,7 @@ main_argp_parser(int key, char *arg, struct argp_state *state)
LIST(self->kex_algorithms)[i++] = ATOM_DIFFIE_HELLMAN_GROUP1_SHA1;
ALIST_SET(self->algorithms->algorithms,
ATOM_DIFFIE_HELLMAN_GROUP1_SHA1,
&make_dh_client(make_dh1(&self->super.random->super))
&make_dh_client(make_dh1(self->super.random))
->super);
}
}
......@@ -911,10 +920,7 @@ main_argp_parser(int key, char *arg, struct argp_state *state)
argp_error(state, "No actions given.");
break;
}
/* Start background poll */
RANDOM_POLL_BACKGROUND(self->super.random->poller);
break;
case 'i':
......@@ -1060,7 +1066,9 @@ int main(int argc, char **argv)
set_local_charset(CHARSET_LATIN1);
options = make_options(handler, &lsh_exit_code);
if (!options)
return EXIT_FAILURE;
argp_parse(&main_argp, argc, argv, ARGP_IN_ORDER, NULL, options);
spki = read_known_hosts(options);
......@@ -1071,10 +1079,10 @@ int main(int argc, char **argv)
make_handshake_info(CONNECTION_CLIENT,
"lsh - a free ssh", NULL,
SSH_MAX_PACKET,
&options->super.random->super,
options->super.random,
options->algorithms->algorithms,
NULL),
make_simple_kexinit(&options->super.random->super,
make_simple_kexinit(options->super.random,
options->kex_algorithms,
options->algorithms->hostkey_algorithms,
options->algorithms->crypto_algorithms,
......
src/lsh_proxy.c
View file @ c0fb432a
......@@ -140,7 +140,7 @@ const char *argp_program_bug_address = BUG_ADDRESS;
*/
static struct lsh_proxy_options *
make_lsh_proxy_options(struct randomness_with_poll *random,
make_lsh_proxy_options(struct randomness *random,
struct alist *algorithms)
{
NEW(lsh_proxy_options, self);
......@@ -148,7 +148,7 @@ make_lsh_proxy_options(struct randomness_with_poll *random,
init_algorithms_options(&self->super, algorithms);
self->signature_algorithms
= make_alist(1,
ATOM_DSA, make_dsa_algorithm(&random->super), -1);
ATOM_DSA, make_dsa_algorithm(random), -1);
self->random = random;
self->style = SEXP_TRANSPORT;
......@@ -310,9 +310,6 @@ main_argp_parser(int key, char *arg, struct argp_state *state)
if (self->use_pid_file < 0)
self->use_pid_file = self->daemonic;
/* Start background poll */
RANDOM_POLL_BACKGROUND(self->random->poller);
break;
case 'p':
......@@ -555,7 +552,7 @@ int main(int argc, char **argv)
struct reap *reaper;
struct randomness_with_poll *r;
struct randomness *r;
struct alist *algorithms_server, *algorithms_client;
struct alist *signature_algorithms;
......@@ -580,13 +577,19 @@ int main(int argc, char **argv)
&default_exception_handler,
HANDLER_CONTEXT);
reaper = make_reaper();
r = make_default_random(reaper, handler);
r = make_system_random();
if (!r)
{
werror("Failed to initialize randomness generator.\n");
return EXIT_FAILURE;
}
algorithms_server = all_symmetric_algorithms();
/* FIXME: copy algorithms_server */
algorithms_client = all_symmetric_algorithms();
signature_algorithms = all_signature_algorithms(&r->super);
signature_algorithms = all_signature_algorithms(r);
options = make_lsh_proxy_options(r, algorithms_server);
......@@ -654,13 +657,13 @@ int main(int argc, char **argv)
ALIST_SET(algorithms_server,
ATOM_DIFFIE_HELLMAN_GROUP1_SHA1,
&make_dh_server(make_dh1(&r->super))->super);
&make_dh_server(make_dh1(r))->super);
ALIST_SET(algorithms_client,
ATOM_DIFFIE_HELLMAN_GROUP1_SHA1,
&make_dh_client(make_dh1(&r->super))->super);
&make_dh_client(make_dh1(r))->super);
make_kexinit
= make_simple_kexinit(&r->super,
= make_simple_kexinit(r,
make_int_list(1, ATOM_DIFFIE_HELLMAN_GROUP1_SHA1,
-1),
options->super.hostkey_algorithms,
......@@ -772,7 +775,7 @@ int main(int argc, char **argv)
"lsh_proxy_client - a free ssh",
"proxy client",
SSH_MAX_PACKET,
&r->super,
r,
algorithms_client,
NULL),
make_kexinit),
......@@ -781,7 +784,7 @@ int main(int argc, char **argv)
"lsh_proxy_server - a free ssh",
"proxy server",
SSH_MAX_PACKET,
&r->super,
r,
algorithms_server,
NULL),
make_kexinit));
......
src/lshd.c
View file @ c0fb432a
......@@ -150,7 +150,7 @@ const char *argp_program_bug_address = BUG_ADDRESS;
(e object exception_handler)
(reaper object reap)
(random object randomness_with_poll)
(random object randomness)
(signature_algorithms object alist)
(style . sexp_argp_state)
......@@ -221,9 +221,15 @@ make_lshd_options(void)
self->e = make_lshd_exception_handler(&default_exception_handler,
HANDLER_CONTEXT);
self->reaper = make_reaper();
self->random = make_default_random(self->reaper, self->e);
self->random = make_system_random();
self->signature_algorithms = all_signature_algorithms(&self->random->super);
if (!self->random)
{
werror("Failed to initialize randomness generator.\n");
return NULL;
}
self->signature_algorithms = all_signature_algorithms(self->random);
self->style = SEXP_TRANSPORT;
self->interface = NULL;
......@@ -472,7 +478,7 @@ main_argp_parser(int key, char *arg, struct argp_state *state)
LIST(self->kex_algorithms)[i++] = ATOM_DIFFIE_HELLMAN_GROUP1_SHA1;
ALIST_SET(self->super.algorithms,
ATOM_DIFFIE_HELLMAN_GROUP1_SHA1,
&make_dh_server(make_dh1(&self->random->super))
&make_dh_server(make_dh1(self->random))
->super);
}
#if WITH_SRP
......@@ -482,7 +488,7 @@ main_argp_parser(int key, char *arg, struct argp_state *state)
LIST(self->kex_algorithms)[i++] = ATOM_SRP_RING1_SHA1_LOCAL;
ALIST_SET(self->super.algorithms,
ATOM_SRP_RING1_SHA1_LOCAL,
&make_srp_server(make_srp1(&self->random->super),
&make_srp_server(make_srp1(self->random),
user_db)
->super);
}
......@@ -762,6 +768,9 @@ int main(int argc, char **argv)
set_local_charset(CHARSET_LATIN1);
options = make_lshd_options();
if (!options)
return EXIT_FAILURE;
trace("Parsing options...\n");
argp_parse(&main_argp, argc, argv, 0, NULL, options);
......@@ -830,13 +839,6 @@ int main(int argc, char **argv)
return EXIT_FAILURE;
}
/* NOTE: We have to do this *after* forking into the background,
* because otherwise we won't be able to waitpid() on the background
* process. */
/* Start background poll */
RANDOM_POLL_BACKGROUND(options->random->poller);
{
/* Commands to be invoked on the connection */
struct object_list *connection_hooks;
......@@ -890,7 +892,7 @@ int main(int argc, char **argv)
"lsh - a free ssh",
NULL,
SSH_MAX_PACKET,
&options->random->super,
options->random,
options->super.algorithms,
options->sshd1),
make_simple_kexinit
......
src/srp-gen.c
View file @ c0fb432a
......@@ -100,7 +100,7 @@ make_srp_gen_options(struct exception_handler *e)
self->passwd = NULL;
/* We use this only for generating the salt. */
self->r = make_bad_random();
self->r = make_user_random(getenv("HOME"));
return self;
}
......@@ -217,7 +217,9 @@ srp_gen(struct srp_gen_options *options)
struct lsh_string *name;
struct sexp *e;
/* NOTE: Allows random to be of bad quality */
salt = lsh_string_alloc(SALT_SIZE);
RANDOM(options->r, salt->length, salt->data);
name = ssh_format("%lz", options->name);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment