rpms / openssh

Clone
Source Code
GIT

Files

  1.   3657adf0baa6224cf76d3b478f5bf65890423e07
  2.   openssh-5.8p1-reseed.patch
Blob Blame History Raw 
diff -up openssh-5.8p1/sshd.c.reseed openssh-5.8p1/sshd.c
--- openssh-5.8p1/sshd.c.reseed	2011-03-16 15:48:47.870648161 +0100
+++ openssh-5.8p1/sshd.c	2011-03-16 18:55:52.998648933 +0100
@@ -225,6 +225,8 @@ static volatile sig_atomic_t key_do_rege
 static volatile sig_atomic_t received_sighup = 0;
 static volatile sig_atomic_t received_sigterm = 0;
 
+static volatile int need_reseed = 0;
+
 /* session identifier, used by RSA-auth */
 u_char session_id[16];
 
@@ -396,6 +398,9 @@ generate_ephemeral_server_key(void)
 	arc4random_stir();
 }
 
+/*
+ * Signal handler for the alarm in the accept loop.
+ */
 /*ARGSUSED*/
 static void
 key_regeneration_alarm(int sig)
@@ -405,6 +410,7 @@ key_regeneration_alarm(int sig)
 	signal(SIGALRM, SIG_DFL);
 	errno = save_errno;
 	key_do_regen = 1;
+	need_reseed = 1;
 }
 
 static void
@@ -1277,6 +1285,12 @@ server_accept_loop(int *sock_in, int *so
 			 * the child process the connection. The
 			 * parent continues listening.
 			 */
+			if (need_reseed) {
+				seed_rng();
+				logit("random reseeded");
+				need_reseed = 0;
+				alarm(options.key_regeneration_time);
+			}
 			platform_pre_fork();
 			if ((pid = fork()) == 0) {
 				/*
@@ -1836,6 +1852,8 @@ main(int ac, char **av)
 		signal(SIGCHLD, main_sigchld_handler);
 		signal(SIGTERM, sigterm_handler);
 		signal(SIGQUIT, sigterm_handler);
+		signal(SIGALRM, key_regeneration_alarm);
+		alarm(options.key_regeneration_time);
 
 		/*
 		 * Write out the pid file after the sigterm handler
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.