Quantcast

skeylogin.c: use arc4random_buf instead of /var/db/host.random

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

skeylogin.c: use arc4random_buf instead of /var/db/host.random

Theo Buehler
libskey reads directly from /var/db/host.random and falls back to the
ctime of /dev/mem or / for generating the fake prompt for the user.
This could be simplified a bit:

Index: skeylogin.c
===================================================================
RCS file: /var/cvs/src/lib/libskey/skeylogin.c,v
retrieving revision 1.59
diff -u -p -r1.59 skeylogin.c
--- skeylogin.c 20 Mar 2017 18:34:52 -0000 1.59
+++ skeylogin.c 20 Mar 2017 19:25:33 -0000
@@ -419,9 +419,8 @@ hash_collapse(u_char *s)
 static void
 skey_fakeprompt(char *username, char *skeyprompt)
 {
- char hseed[SKEY_MAX_SEED_LEN], *secret, pbuf[SKEY_MAX_PW_LEN+1], *p, *u;
- u_char flg = 1, *up;
- size_t secretlen;
+ char secret[SKEY_MAX_SEED_LEN], pbuf[SKEY_MAX_PW_LEN+1], *p, *u;
+ u_char *up;
  SHA1_CTX ctx;
  u_int ptr;
  int i;
@@ -443,46 +442,21 @@ skey_fakeprompt(char *username, char *sk
 
  /* Hash the username if possible */
  if ((up = SHA1Data(username, strlen(username), NULL)) != NULL) {
- struct stat sb;
- time_t t;
- int fd;
-
  /* Collapse the hash */
  ptr = hash_collapse(up);
  explicit_bzero(up, strlen(up));
 
- /* See if the random file's there, else use ctime */
- if ((fd = open(_SKEY_RAND_FILE_PATH_, O_RDONLY)) != -1 &&
-    fstat(fd, &sb) == 0 &&
-    sb.st_size > (off_t)SKEY_MAX_SEED_LEN &&
-    lseek(fd, ptr % (sb.st_size - SKEY_MAX_SEED_LEN),
-    SEEK_SET) != -1 && read(fd, hseed,
-    SKEY_MAX_SEED_LEN) == SKEY_MAX_SEED_LEN) {
- close(fd);
- fd = -1;
- secret = hseed;
- secretlen = SKEY_MAX_SEED_LEN;
- flg = 0;
- } else if (!stat(_PATH_MEM, &sb) || !stat("/", &sb)) {
- t = sb.st_ctime;
- secret = ctime(&t);
- secretlen = strlen(secret);
- flg = 0;
- }
- if (fd != -1)
- close(fd);
- }
+ /* Put that in your pipe and smoke it */
+ arc4random_buf(secret, sizeof(secret));
 
- /* Put that in your pipe and smoke it */
- if (flg == 0) {
  /* Hash secret value with username */
  SHA1Init(&ctx);
- SHA1Update(&ctx, secret, secretlen);
+ SHA1Update(&ctx, secret, sizeof(secret));
  SHA1Update(&ctx, username, strlen(username));
  SHA1End(&ctx, up);
 
  /* Zero out */
- explicit_bzero(secret, secretlen);
+ explicit_bzero(secret, sizeof(secret));
 
  /* Now hash the hash */
  SHA1Init(&ctx);

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: skeylogin.c: use arc4random_buf instead of /var/db/host.random

Todd C. Miller
On Mon, 20 Mar 2017 21:06:23 +0100, Theo Buehler wrote:

> libskey reads directly from /var/db/host.random and falls back to the
> ctime of /dev/mem or / for generating the fake prompt for the user.

You should also remove SKEY_RAND_FILE_PATH from skey.h.
OK millert@ with that removed.

 - todd

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: skeylogin.c: use arc4random_buf instead of /var/db/host.random

Ricardo Mestre-2
likewise, as we spoke earlier OK mestre@. With the define removed as per
Todd's sugestion.

On 14:16 Mon 20 Mar     , Todd C. Miller wrote:

> On Mon, 20 Mar 2017 21:06:23 +0100, Theo Buehler wrote:
>
> > libskey reads directly from /var/db/host.random and falls back to the
> > ctime of /dev/mem or / for generating the fake prompt for the user.
>
> You should also remove SKEY_RAND_FILE_PATH from skey.h.
> OK millert@ with that removed.
>
>  - todd
>

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: skeylogin.c: use arc4random_buf instead of /var/db/host.random

Ted Unangst-6
In reply to this post by Theo Buehler
Theo Buehler wrote:
> libskey reads directly from /var/db/host.random and falls back to the
> ctime of /dev/mem or / for generating the fake prompt for the user.
> This could be simplified a bit:

yeesh, that's very silly. ok

Loading...