Bugzilla – Attachment 1828 Details for
Bug 1701
FIPS-140-2 requires call to RAND_cleanup() before the program using RAND exits
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Alternate patch using cleanup_exit
openssh-5.3p1-randclean.patch (text/plain), 4.90 KB, created by
jchadima
on 2010-04-06 19:35:17 AEST
(
hide
)
Description:
Alternate patch using cleanup_exit
Filename:
MIME Type:
Creator:
jchadima
Created:
2010-04-06 19:35:17 AEST
Size:
4.90 KB
patch
obsolete
>diff -up openssh-5.4p1/clean_rand.c.randclean openssh-5.4p1/clean_rand.c >--- openssh-5.4p1/clean_rand.c.randclean 2010-04-02 12:15:30.000000000 +0200 >+++ openssh-5.4p1/clean_rand.c 2010-04-02 12:17:14.000000000 +0200 >@@ -0,0 +1,35 @@ >+/* >+ * Copyright (c) 2010 Jan F. Chadima. All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * 1. Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * 2. Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in the >+ * documentation and/or other materials provided with the distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR >+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES >+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. >+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, >+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT >+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, >+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY >+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT >+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF >+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. >+ */ >+ >+#include "includes.h" >+ >+int do_cleanup_rand = 0; >+ >+void >+cleanup_random_prng(void) >+{ >+ if (do_cleanup_rand) >+ RAND_cleanup (); >+} >+ >diff -up openssh-5.4p1/cleanup.c.randclean openssh-5.4p1/cleanup.c >--- openssh-5.4p1/cleanup.c.randclean 2006-08-05 06:07:20.000000000 +0200 >+++ openssh-5.4p1/cleanup.c 2010-04-02 11:57:18.000000000 +0200 >@@ -28,5 +28,6 @@ > void > cleanup_exit(int i) > { >+ cleanup_random_prng(); > _exit(i); > } >diff -up openssh-5.4p1/clientloop.c.randclean openssh-5.4p1/clientloop.c >--- openssh-5.4p1/clientloop.c.randclean 2010-04-02 11:57:14.000000000 +0200 >+++ openssh-5.4p1/clientloop.c 2010-04-02 11:57:18.000000000 +0200 >@@ -2070,5 +2070,6 @@ cleanup_exit(int i) > leave_non_blocking(); > if (options.control_path != NULL && muxserver_sock != -1) > unlink(options.control_path); >+ cleanup_random_prng(); > _exit(i); > } >diff -up openssh-5.4p1/entropy.c.randclean openssh-5.4p1/entropy.c >--- openssh-5.4p1/entropy.c.randclean 2007-03-12 21:35:38.000000000 +0100 >+++ openssh-5.4p1/entropy.c 2010-04-02 12:14:16.000000000 +0200 >@@ -163,6 +163,7 @@ init_rng(void) > original_uid = getuid(); > original_euid = geteuid(); > #endif >+ do_cleanup_rand = 1; > } > > #ifndef OPENSSL_PRNG_ONLY >diff -up openssh-5.4p1/entropy.h.randclean openssh-5.4p1/entropy.h >--- openssh-5.4p1/entropy.h.randclean 2010-04-02 12:18:39.000000000 +0200 >+++ openssh-5.4p1/entropy.h 2010-04-02 12:19:15.000000000 +0200 >@@ -29,10 +29,14 @@ > > #include "buffer.h" > >+extern int do_cleanup_rand; >+ > void seed_rng(void); > void init_rng(void); > > void rexec_send_rng_seed(Buffer *); > void rexec_recv_rng_seed(Buffer *); > >+void cleanup_random_prng(void); >+ > #endif /* _RANDOMS_H */ >diff -up openssh-5.4p1/Makefile.in.randclean openssh-5.4p1/Makefile.in >--- openssh-5.4p1/Makefile.in.randclean 2010-04-02 12:19:31.000000000 +0200 >+++ openssh-5.4p1/Makefile.in 2010-04-02 12:20:15.000000000 +0200 >@@ -66,7 +66,7 @@ TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-a > > LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o bufbn.o buffer.o \ > canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \ >- cipher-bf1.o cipher-ctr.o cipher-3des1.o cleanup.o \ >+ cipher-bf1.o cipher-ctr.o cipher-3des1.o cleanup.o clean_rand.o \ > compat.o compress.o crc32.o deattack.o fatal.o hostfile.o \ > log.o match.o md-sha256.o moduli.o nchan.o packet.o \ > readpass.o rsa.o ttymodes.o xmalloc.o addrmatch.o \ >diff -up openssh-5.4p1/ssh-agent.c.randclean openssh-5.4p1/ssh-agent.c >--- openssh-5.4p1/ssh-agent.c.randclean 2010-04-02 11:57:10.000000000 +0200 >+++ openssh-5.4p1/ssh-agent.c 2010-04-02 11:57:18.000000000 +0200 >@@ -1019,6 +1019,7 @@ void > cleanup_exit(int i) > { > cleanup_socket(); >+ cleanup_random_prng(); > _exit(i); > } > >diff -up openssh-5.4p1/sshd.c.randclean openssh-5.4p1/sshd.c >--- openssh-5.4p1/sshd.c.randclean 2010-04-02 11:57:17.000000000 +0200 >+++ openssh-5.4p1/sshd.c 2010-04-02 11:57:18.000000000 +0200 >@@ -2466,5 +2466,6 @@ cleanup_exit(int i) > if (!use_privsep || mm_is_monitor()) > audit_event(SSH_CONNECTION_ABANDON); > #endif >+ cleanup_random_prng(); > _exit(i); > } >diff -up openssh-5.4p1/ssh-rand-helper.c.randclean openssh-5.4p1/ssh-rand-helper.c >--- openssh-5.4p1/ssh-rand-helper.c.randclean 2010-03-05 01:40:19.000000000 +0100 >+++ openssh-5.4p1/ssh-rand-helper.c 2010-04-02 12:14:52.000000000 +0200 >@@ -865,6 +865,7 @@ main(int argc, char **argv) > exit(1); > } > >+ do_cleanup_rand = 1; > #ifdef USE_SEED_FILES > prng_read_seedfile(); > #endif
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1828">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1701
:
1781
| 1828