Up to [cvs.NetBSD.org] / src / crypto / external / bsd / openssh / dist
Request diff between arbitrary revisions
Default branch: MAIN
Current tag: matt-nb6-plus-base
Revision 1.8.4.1 / (download) - annotate - [select for diffs], Mon Apr 2 18:28:12 2012 UTC (12 years ago) by riz
Branch: netbsd-6
CVS Tags: netbsd-6-1-RELEASE,
netbsd-6-1-RC4,
netbsd-6-1-RC3,
netbsd-6-1-RC2,
netbsd-6-1-RC1,
netbsd-6-1-5-RELEASE,
netbsd-6-1-4-RELEASE,
netbsd-6-1-3-RELEASE,
netbsd-6-1-2-RELEASE,
netbsd-6-1-1-RELEASE,
netbsd-6-0-RELEASE,
netbsd-6-0-RC2,
netbsd-6-0-RC1,
netbsd-6-0-6-RELEASE,
netbsd-6-0-5-RELEASE,
netbsd-6-0-4-RELEASE,
netbsd-6-0-3-RELEASE,
netbsd-6-0-2-RELEASE,
netbsd-6-0-1-RELEASE,
matt-nb6-plus-nbase,
matt-nb6-plus-base,
matt-nb6-plus
Branch point for: netbsd-6-1,
netbsd-6-0
Changes since 1.8: +56 -10
lines
Diff to previous 1.8 (colored)
Pull up following revision(s) (requested by tls in ticket #146): crypto/external/bsd/openssl/dist/crypto/rand/md_rand.c: revision 1.2 crypto/external/bsd/openssl/dist/crypto/rand/md_rand.c: revision 1.3 crypto/external/bsd/openssh/dist/sshd.c: revision 1.9 crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c: revision 1.3 crypto/external/bsd/openssh/dist/random.c: file removal Patch OpenSSL RNG to allow explicit initial seeding. Patch OpenSSH to explicitly seed the OpenSSL RNG in each new process rather than letting it repeatedly open /dev/urandom to reseed, which depletes entropy severely. Note that the OpenSSH part of this fix works better on NetBSD than it would on many other platforms because on NetBSD, if you don't reopen /dev/urandom, repeated reads don't deplete entropy. On other platforms, some other approach might be required. Note also that this problem does not arise on OpenBSD because OpenBSD seems to have patched OpenSSL to seed the RAND functions from arc4random()! That seems dangerous, so I am not taking that approach here. Fix applications that call RAND_bytes() before any other RAND function. Last change was...a bit too simple.