summaryrefslogtreecommitdiff
path: root/sbin
diff options
context:
space:
mode:
authorChad Loder <cloder@cvs.openbsd.org>2005-04-08 22:32:11 +0000
committerChad Loder <cloder@cvs.openbsd.org>2005-04-08 22:32:11 +0000
commitcb04993a6a5ad3e448426e96a948cdef66528031 (patch)
treef7ef29458cec34b4c4dc5b6aa0a0720a18846ad5 /sbin
parentf6e2c42a9faec3e926fc2d60e8cdc93729f7a211 (diff)
Make deterministic randomness (only ever used for testing) a compile-time
option. Reduces chances of somehow setting regrand when it's not supposed to be set. Remove "-r" option from man page. Also xref certpatch(8) while we are in there. And remove some include sysdep.h where it is no longer needed. OK hshoexer
Diffstat (limited to 'sbin')
-rw-r--r--sbin/isakmpd/attribute.c4
-rw-r--r--sbin/isakmpd/cert.c4
-rw-r--r--sbin/isakmpd/conf.c4
-rw-r--r--sbin/isakmpd/constants.c4
-rw-r--r--sbin/isakmpd/crypto.c4
-rw-r--r--sbin/isakmpd/dh.c4
-rw-r--r--sbin/isakmpd/dnssec.c4
-rw-r--r--sbin/isakmpd/doi.c4
-rw-r--r--sbin/isakmpd/exchange.c4
-rw-r--r--sbin/isakmpd/field.c4
-rw-r--r--sbin/isakmpd/hash.c4
-rw-r--r--sbin/isakmpd/if.c4
-rw-r--r--sbin/isakmpd/ike_aggressive.c4
-rw-r--r--sbin/isakmpd/ike_auth.c4
-rw-r--r--sbin/isakmpd/ike_main_mode.c4
-rw-r--r--sbin/isakmpd/ike_phase_1.c4
-rw-r--r--sbin/isakmpd/ike_quick_mode.c4
-rw-r--r--sbin/isakmpd/init.c6
-rw-r--r--sbin/isakmpd/isakmp_cfg.c4
-rw-r--r--sbin/isakmpd/isakmp_doi.c4
-rw-r--r--sbin/isakmpd/isakmpd.87
-rw-r--r--sbin/isakmpd/isakmpd.c11
-rw-r--r--sbin/isakmpd/key.c4
-rw-r--r--sbin/isakmpd/libcrypto.c3
-rw-r--r--sbin/isakmpd/math_2n.c4
-rw-r--r--sbin/isakmpd/math_ec2n.c4
-rw-r--r--sbin/isakmpd/math_group.c7
-rw-r--r--sbin/isakmpd/nat_traversal.c4
-rw-r--r--sbin/isakmpd/policy.c4
-rw-r--r--sbin/isakmpd/prf.c4
-rw-r--r--sbin/isakmpd/sa.c4
-rw-r--r--sbin/isakmpd/sysdep.h3
-rw-r--r--sbin/isakmpd/sysdep/openbsd/sysdep.c15
-rw-r--r--sbin/isakmpd/timer.c4
-rw-r--r--sbin/isakmpd/udp.c4
-rw-r--r--sbin/isakmpd/ui.c4
-rw-r--r--sbin/isakmpd/util.c25
-rw-r--r--sbin/isakmpd/util.h3
-rw-r--r--sbin/isakmpd/x509.c4
39 files changed, 72 insertions, 128 deletions
diff --git a/sbin/isakmpd/attribute.c b/sbin/isakmpd/attribute.c
index 362805b7a43..2bc60881aeb 100644
--- a/sbin/isakmpd/attribute.c
+++ b/sbin/isakmpd/attribute.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: attribute.c,v 1.11 2004/05/14 08:42:56 hshoexer Exp $ */
+/* $OpenBSD: attribute.c,v 1.12 2005/04/08 22:32:09 cloder Exp $ */
/* $EOM: attribute.c,v 1.10 2000/02/20 19:58:36 niklas Exp $ */
/*
@@ -32,8 +32,6 @@
#include <sys/types.h>
#include <string.h>
-#include "sysdep.h"
-
#include "attribute.h"
#include "conf.h"
#include "log.h"
diff --git a/sbin/isakmpd/cert.c b/sbin/isakmpd/cert.c
index 28ea639bfca..b3e263e8cf3 100644
--- a/sbin/isakmpd/cert.c
+++ b/sbin/isakmpd/cert.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cert.c,v 1.30 2005/04/08 17:15:01 deraadt Exp $ */
+/* $OpenBSD: cert.c,v 1.31 2005/04/08 22:32:09 cloder Exp $ */
/* $EOM: cert.c,v 1.18 2000/09/28 12:53:27 niklas Exp $ */
/*
@@ -35,8 +35,6 @@
#include <stdlib.h>
#include <string.h>
-#include "sysdep.h"
-
#include "isakmp_num.h"
#include "log.h"
#include "cert.h"
diff --git a/sbin/isakmpd/conf.c b/sbin/isakmpd/conf.c
index 515e396f19c..c6ac27372f6 100644
--- a/sbin/isakmpd/conf.c
+++ b/sbin/isakmpd/conf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: conf.c,v 1.81 2005/04/08 17:15:01 deraadt Exp $ */
+/* $OpenBSD: conf.c,v 1.82 2005/04/08 22:32:09 cloder Exp $ */
/* $EOM: conf.c,v 1.48 2000/12/04 02:04:29 angelos Exp $ */
/*
@@ -45,8 +45,6 @@
#include <unistd.h>
#include <errno.h>
-#include "sysdep.h"
-
#include "app.h"
#include "conf.h"
#include "log.h"
diff --git a/sbin/isakmpd/constants.c b/sbin/isakmpd/constants.c
index ec0d0f4b7bd..7fe468adbe8 100644
--- a/sbin/isakmpd/constants.c
+++ b/sbin/isakmpd/constants.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: constants.c,v 1.9 2004/04/15 18:39:25 deraadt Exp $ */
+/* $OpenBSD: constants.c,v 1.10 2005/04/08 22:32:09 cloder Exp $ */
/* $EOM: constants.c,v 1.7 1999/04/02 00:57:31 niklas Exp $ */
/*
@@ -32,8 +32,6 @@
#include <stdio.h>
#include <string.h>
-#include "sysdep.h"
-
#include "constants.h"
int
diff --git a/sbin/isakmpd/crypto.c b/sbin/isakmpd/crypto.c
index 606ec20a40f..5a9361d17e7 100644
--- a/sbin/isakmpd/crypto.c
+++ b/sbin/isakmpd/crypto.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: crypto.c,v 1.27 2005/04/08 18:44:04 deraadt Exp $ */
+/* $OpenBSD: crypto.c,v 1.28 2005/04/08 22:32:09 cloder Exp $ */
/* $EOM: crypto.c,v 1.32 2000/03/07 20:08:51 niklas Exp $ */
/*
@@ -34,8 +34,6 @@
#include <stdlib.h>
#include <string.h>
-#include "sysdep.h"
-
#include "crypto.h"
#include "log.h"
diff --git a/sbin/isakmpd/dh.c b/sbin/isakmpd/dh.c
index afb41baf2c2..46519b905aa 100644
--- a/sbin/isakmpd/dh.c
+++ b/sbin/isakmpd/dh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh.c,v 1.9 2004/04/15 18:39:25 deraadt Exp $ */
+/* $OpenBSD: dh.c,v 1.10 2005/04/08 22:32:09 cloder Exp $ */
/* $EOM: dh.c,v 1.5 1999/04/17 23:20:22 niklas Exp $ */
/*
@@ -32,8 +32,6 @@
#include <sys/param.h>
-#include "sysdep.h"
-
#include "math_group.h"
#include "dh.h"
#include "log.h"
diff --git a/sbin/isakmpd/dnssec.c b/sbin/isakmpd/dnssec.c
index 7b2a7c1c332..01d4eba8706 100644
--- a/sbin/isakmpd/dnssec.c
+++ b/sbin/isakmpd/dnssec.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dnssec.c,v 1.22 2005/04/04 19:31:11 deraadt Exp $ */
+/* $OpenBSD: dnssec.c,v 1.23 2005/04/08 22:32:09 cloder Exp $ */
/*
* Copyright (c) 2001 Håkan Olsson. All rights reserved.
@@ -39,8 +39,6 @@
#include <netdb.h>
#endif
-#include "sysdep.h"
-
#include "dnssec.h"
#include "exchange.h"
#include "ipsec_num.h"
diff --git a/sbin/isakmpd/doi.c b/sbin/isakmpd/doi.c
index e9a50302db6..c1c6f45a6e3 100644
--- a/sbin/isakmpd/doi.c
+++ b/sbin/isakmpd/doi.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: doi.c,v 1.9 2004/07/09 16:06:48 deraadt Exp $ */
+/* $OpenBSD: doi.c,v 1.10 2005/04/08 22:32:09 cloder Exp $ */
/* $EOM: doi.c,v 1.4 1999/04/02 00:57:36 niklas Exp $ */
/*
@@ -31,8 +31,6 @@
#include <sys/param.h>
-#include "sysdep.h"
-
#include "doi.h"
static
diff --git a/sbin/isakmpd/exchange.c b/sbin/isakmpd/exchange.c
index 7977ed6f98b..5d8bb62e791 100644
--- a/sbin/isakmpd/exchange.c
+++ b/sbin/isakmpd/exchange.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: exchange.c,v 1.118 2005/04/08 19:40:02 deraadt Exp $ */
+/* $OpenBSD: exchange.c,v 1.119 2005/04/08 22:32:09 cloder Exp $ */
/* $EOM: exchange.c,v 1.143 2000/12/04 00:02:25 angelos Exp $ */
/*
@@ -40,8 +40,6 @@
#include <regex.h>
#include <keynote.h>
-#include "sysdep.h"
-
#include "cert.h"
#include "conf.h"
#include "connection.h"
diff --git a/sbin/isakmpd/field.c b/sbin/isakmpd/field.c
index 0cc96d2748d..1702645376c 100644
--- a/sbin/isakmpd/field.c
+++ b/sbin/isakmpd/field.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: field.c,v 1.16 2004/06/14 09:55:41 ho Exp $ */
+/* $OpenBSD: field.c,v 1.17 2005/04/08 22:32:09 cloder Exp $ */
/* $EOM: field.c,v 1.11 2000/02/20 19:58:37 niklas Exp $ */
/*
@@ -33,8 +33,6 @@
#include <stdlib.h>
#include <string.h>
-#include "sysdep.h"
-
#include "constants.h"
#include "field.h"
#include "log.h"
diff --git a/sbin/isakmpd/hash.c b/sbin/isakmpd/hash.c
index abf3597fef9..f2e0f5cc014 100644
--- a/sbin/isakmpd/hash.c
+++ b/sbin/isakmpd/hash.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: hash.c,v 1.19 2005/04/08 18:39:12 deraadt Exp $ */
+/* $OpenBSD: hash.c,v 1.20 2005/04/08 22:32:10 cloder Exp $ */
/* $EOM: hash.c,v 1.10 1999/04/17 23:20:34 niklas Exp $ */
/*
@@ -35,8 +35,6 @@
#include <md5.h>
#include <sha1.h>
-#include "sysdep.h"
-
#include "hash.h"
#include "log.h"
diff --git a/sbin/isakmpd/if.c b/sbin/isakmpd/if.c
index ea9af7e9c16..e30cbffd41f 100644
--- a/sbin/isakmpd/if.c
+++ b/sbin/isakmpd/if.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: if.c,v 1.24 2005/04/08 16:11:11 deraadt Exp $ */
+/* $OpenBSD: if.c,v 1.25 2005/04/08 22:32:10 cloder Exp $ */
/* $EOM: if.c,v 1.12 1999/10/01 13:45:20 niklas Exp $ */
/*
@@ -37,8 +37,6 @@
#include <unistd.h>
#include <ifaddrs.h>
-#include "sysdep.h"
-
#include "log.h"
#include "monitor.h"
#include "if.h"
diff --git a/sbin/isakmpd/ike_aggressive.c b/sbin/isakmpd/ike_aggressive.c
index 5a851c4064b..4d18534ab42 100644
--- a/sbin/isakmpd/ike_aggressive.c
+++ b/sbin/isakmpd/ike_aggressive.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ike_aggressive.c,v 1.9 2005/04/08 16:37:14 deraadt Exp $ */
+/* $OpenBSD: ike_aggressive.c,v 1.10 2005/04/08 22:32:10 cloder Exp $ */
/* $EOM: ike_aggressive.c,v 1.4 2000/01/31 22:33:45 niklas Exp $ */
/*
@@ -35,8 +35,6 @@
#include <stdlib.h>
#include <string.h>
-#include "sysdep.h"
-
#include "attribute.h"
#include "conf.h"
#include "constants.h"
diff --git a/sbin/isakmpd/ike_auth.c b/sbin/isakmpd/ike_auth.c
index b8f4b934a8c..0f91069b616 100644
--- a/sbin/isakmpd/ike_auth.c
+++ b/sbin/isakmpd/ike_auth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ike_auth.c,v 1.101 2005/04/08 20:04:57 hshoexer Exp $ */
+/* $OpenBSD: ike_auth.c,v 1.102 2005/04/08 22:32:10 cloder Exp $ */
/* $EOM: ike_auth.c,v 1.59 2000/11/21 00:21:31 angelos Exp $ */
/*
@@ -46,8 +46,6 @@
#include <keynote.h>
#include <policy.h>
-#include "sysdep.h"
-
#include "cert.h"
#include "conf.h"
#include "constants.h"
diff --git a/sbin/isakmpd/ike_main_mode.c b/sbin/isakmpd/ike_main_mode.c
index 1308564b47b..9bc55babca1 100644
--- a/sbin/isakmpd/ike_main_mode.c
+++ b/sbin/isakmpd/ike_main_mode.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ike_main_mode.c,v 1.15 2004/06/14 09:55:41 ho Exp $ */
+/* $OpenBSD: ike_main_mode.c,v 1.16 2005/04/08 22:32:10 cloder Exp $ */
/* $EOM: ike_main_mode.c,v 1.77 1999/04/25 22:12:34 niklas Exp $ */
/*
@@ -34,8 +34,6 @@
#include <stdlib.h>
#include <string.h>
-#include "sysdep.h"
-
#include "attribute.h"
#include "conf.h"
#include "constants.h"
diff --git a/sbin/isakmpd/ike_phase_1.c b/sbin/isakmpd/ike_phase_1.c
index 937e4c386fd..88335a5ccb9 100644
--- a/sbin/isakmpd/ike_phase_1.c
+++ b/sbin/isakmpd/ike_phase_1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ike_phase_1.c,v 1.61 2005/04/08 16:52:41 deraadt Exp $ */
+/* $OpenBSD: ike_phase_1.c,v 1.62 2005/04/08 22:32:10 cloder Exp $ */
/* $EOM: ike_phase_1.c,v 1.31 2000/12/11 23:47:56 niklas Exp $ */
/*
@@ -37,8 +37,6 @@
#include <stdlib.h>
#include <string.h>
-#include "sysdep.h"
-
#include "attribute.h"
#include "conf.h"
#include "constants.h"
diff --git a/sbin/isakmpd/ike_quick_mode.c b/sbin/isakmpd/ike_quick_mode.c
index b8e3d640f27..4ddbf55c223 100644
--- a/sbin/isakmpd/ike_quick_mode.c
+++ b/sbin/isakmpd/ike_quick_mode.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ike_quick_mode.c,v 1.94 2005/04/08 17:15:01 deraadt Exp $ */
+/* $OpenBSD: ike_quick_mode.c,v 1.95 2005/04/08 22:32:10 cloder Exp $ */
/* $EOM: ike_quick_mode.c,v 1.139 2001/01/26 10:43:17 niklas Exp $ */
/*
@@ -38,8 +38,6 @@
#include <regex.h>
#include <keynote.h>
-#include "sysdep.h"
-
#include "attribute.h"
#include "conf.h"
#include "connection.h"
diff --git a/sbin/isakmpd/init.c b/sbin/isakmpd/init.c
index 07e6e21550b..dbacdcc4d86 100644
--- a/sbin/isakmpd/init.c
+++ b/sbin/isakmpd/init.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: init.c,v 1.35 2005/04/08 17:15:01 deraadt Exp $ */
+/* $OpenBSD: init.c,v 1.36 2005/04/08 22:32:10 cloder Exp $ */
/* $EOM: init.c,v 1.25 2000/03/30 14:27:24 ho Exp $ */
/*
@@ -35,8 +35,6 @@
#include <stdlib.h>
-#include "sysdep.h"
-
#include "app.h"
#include "cert.h"
#include "conf.h"
@@ -114,9 +112,11 @@ reinit(void)
* XXX This means we discard exchange->last_msg, is this really ok?
*/
+#if defined(INSECURE_RAND)
/* Reinitialize PRNG if we are in deterministic mode. */
if (regrand)
srandom(seed);
+#endif
/* Reread config file. */
conf_reinit();
diff --git a/sbin/isakmpd/isakmp_cfg.c b/sbin/isakmpd/isakmp_cfg.c
index 01730095bda..ca2baa6a16c 100644
--- a/sbin/isakmpd/isakmp_cfg.c
+++ b/sbin/isakmpd/isakmp_cfg.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: isakmp_cfg.c,v 1.36 2005/04/06 16:00:20 deraadt Exp $ */
+/* $OpenBSD: isakmp_cfg.c,v 1.37 2005/04/08 22:32:10 cloder Exp $ */
/*
* Copyright (c) 2001 Niklas Hallqvist. All rights reserved.
@@ -37,8 +37,6 @@
#include <string.h>
#include <bitstring.h>
-#include "sysdep.h"
-
#include "attribute.h"
#include "conf.h"
#include "exchange.h"
diff --git a/sbin/isakmpd/isakmp_doi.c b/sbin/isakmpd/isakmp_doi.c
index ed24fce11bd..f4dfbf9b95d 100644
--- a/sbin/isakmpd/isakmp_doi.c
+++ b/sbin/isakmpd/isakmp_doi.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: isakmp_doi.c,v 1.24 2005/04/08 19:40:03 deraadt Exp $ */
+/* $OpenBSD: isakmp_doi.c,v 1.25 2005/04/08 22:32:10 cloder Exp $ */
/* $EOM: isakmp_doi.c,v 1.42 2000/09/12 16:29:41 ho Exp $ */
/*
@@ -37,8 +37,6 @@
#include <sys/types.h>
-#include "sysdep.h"
-
#include "doi.h"
#include "exchange.h"
#include "isakmp.h"
diff --git a/sbin/isakmpd/isakmpd.8 b/sbin/isakmpd/isakmpd.8
index 6003b6de39f..16ab849746f 100644
--- a/sbin/isakmpd/isakmpd.8
+++ b/sbin/isakmpd/isakmpd.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: isakmpd.8,v 1.69 2005/04/05 21:32:13 jmc Exp $
+.\" $OpenBSD: isakmpd.8,v 1.70 2005/04/08 22:32:10 cloder Exp $
.\" $EOM: isakmpd.8,v 1.23 2000/05/02 00:30:23 niklas Exp $
.\"
.\" Copyright (c) 1998, 1999, 2000, 2001 Niklas Hallqvist.
@@ -53,7 +53,6 @@
.Op Fl K
.Op Fl L
.Op Fl l Ar packetlog-file
-.Op Fl r Ar seed
.Op Fl R Ar report-file
.Op Fl T
.Op Fl v
@@ -254,9 +253,6 @@ and other utilities using
As option
.Fl L
above, but capture to a specified file.
-.It Fl r Ar seed
-If given, a deterministic random number sequence will be used internally.
-This is useful for setting up regression tests.
.It Fl R Ar report-file
When you signal
.Nm
@@ -576,6 +572,7 @@ and keynote policy configuration files.
.Xr ipsec 4 ,
.Xr isakmpd.conf 5 ,
.Xr isakmpd.policy 5 ,
+.Xr certpatch 8 ,
.Xr ssl 8 ,
.Xr tcpdump 8 ,
.Xr vpn 8
diff --git a/sbin/isakmpd/isakmpd.c b/sbin/isakmpd/isakmpd.c
index 3b761076aa9..e2203adaffd 100644
--- a/sbin/isakmpd/isakmpd.c
+++ b/sbin/isakmpd/isakmpd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: isakmpd.c,v 1.83 2005/04/08 19:40:03 deraadt Exp $ */
+/* $OpenBSD: isakmpd.c,v 1.84 2005/04/08 22:32:10 cloder Exp $ */
/* $EOM: isakmpd.c,v 1.54 2000/10/05 09:28:22 niklas Exp $ */
/*
@@ -44,8 +44,6 @@
#include <unistd.h>
#include <fcntl.h>
-#include "sysdep.h"
-
#include "app.h"
#include "conf.h"
#include "connection.h"
@@ -130,7 +128,9 @@ static void
parse_args(int argc, char *argv[])
{
int ch;
+#if defined(INSECURE_RAND)
char *ep;
+#endif
int cls, level;
int do_packetlog = 0;
@@ -202,14 +202,17 @@ parse_args(int argc, char *argv[])
break;
case 'r':
+#if defined(INSECURE_RAND)
seed = strtoul(optarg, &ep, 0);
srandom(seed);
if (*ep != '\0')
log_fatal("parse_args: invalid numeric arg "
"to -r (%s)", optarg);
regrand = 1;
+#else
+ usage();
break;
-
+#endif
case 'R':
report_file = optarg;
break;
diff --git a/sbin/isakmpd/key.c b/sbin/isakmpd/key.c
index 71ea551bd99..fcc9d7e2bee 100644
--- a/sbin/isakmpd/key.c
+++ b/sbin/isakmpd/key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: key.c,v 1.21 2005/04/05 20:46:20 cloder Exp $ */
+/* $OpenBSD: key.c,v 1.22 2005/04/08 22:32:10 cloder Exp $ */
/*
* The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
*
@@ -23,8 +23,6 @@
#include <string.h>
#include <stdlib.h>
-#include "sysdep.h"
-
#include "key.h"
#include "libcrypto.h"
#include "log.h"
diff --git a/sbin/isakmpd/libcrypto.c b/sbin/isakmpd/libcrypto.c
index 5191750abbd..d66d0fbb4b7 100644
--- a/sbin/isakmpd/libcrypto.c
+++ b/sbin/isakmpd/libcrypto.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: libcrypto.c,v 1.18 2005/04/08 17:15:01 deraadt Exp $ */
+/* $OpenBSD: libcrypto.c,v 1.19 2005/04/08 22:32:10 cloder Exp $ */
/* $EOM: libcrypto.c,v 1.14 2000/09/28 12:53:27 niklas Exp $ */
/*
@@ -30,7 +30,6 @@
* This code was written under funding by Ericsson Radio Systems.
*/
-#include "sysdep.h"
#include "libcrypto.h"
void
diff --git a/sbin/isakmpd/math_2n.c b/sbin/isakmpd/math_2n.c
index db534142341..a1fd7cbefcb 100644
--- a/sbin/isakmpd/math_2n.c
+++ b/sbin/isakmpd/math_2n.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: math_2n.c,v 1.19 2005/04/06 16:00:20 deraadt Exp $ */
+/* $OpenBSD: math_2n.c,v 1.20 2005/04/08 22:32:10 cloder Exp $ */
/* $EOM: math_2n.c,v 1.15 1999/04/20 09:23:30 niklas Exp $ */
/*
@@ -43,8 +43,6 @@
#include <string.h>
#include <stdio.h>
-#include "sysdep.h"
-
#include "math_2n.h"
#include "util.h"
diff --git a/sbin/isakmpd/math_ec2n.c b/sbin/isakmpd/math_ec2n.c
index 49cea129b92..dfb25a596e8 100644
--- a/sbin/isakmpd/math_ec2n.c
+++ b/sbin/isakmpd/math_ec2n.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: math_ec2n.c,v 1.12 2005/04/06 16:00:20 deraadt Exp $ */
+/* $OpenBSD: math_ec2n.c,v 1.13 2005/04/08 22:32:10 cloder Exp $ */
/* $EOM: math_ec2n.c,v 1.9 1999/04/20 09:23:31 niklas Exp $ */
/*
@@ -33,8 +33,6 @@
#include <sys/param.h>
#include <stdio.h>
-#include "sysdep.h"
-
#include "math_2n.h"
#include "math_ec2n.h"
diff --git a/sbin/isakmpd/math_group.c b/sbin/isakmpd/math_group.c
index 2a2964bebaf..d7ff68aaf20 100644
--- a/sbin/isakmpd/math_group.c
+++ b/sbin/isakmpd/math_group.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: math_group.c,v 1.26 2005/04/08 20:04:57 hshoexer Exp $ */
+/* $OpenBSD: math_group.c,v 1.27 2005/04/08 22:32:10 cloder Exp $ */
/* $EOM: math_group.c,v 1.25 2000/04/07 19:53:26 niklas Exp $ */
/*
@@ -34,13 +34,12 @@
#include <stdlib.h>
#include <string.h>
-#include "sysdep.h"
-
#include "log.h"
#include "math_2n.h"
#include "math_ec2n.h"
#include "math_group.h"
#include "math_mp.h"
+#include "util.h"
/* We do not want to export these definitions. */
int modp_getlen(struct group *);
@@ -721,7 +720,7 @@ modp_setrandom(struct group *grp, math_mp_t d)
for (i = 0; i < l; i++) {
if (i % 4)
- tmp = sysdep_random();
+ tmp = rand_32();
BN_lshift(d, d, 8);
BN_add_word(d, tmp & 0xFF);
diff --git a/sbin/isakmpd/nat_traversal.c b/sbin/isakmpd/nat_traversal.c
index 3862e1c5101..9fc341a0305 100644
--- a/sbin/isakmpd/nat_traversal.c
+++ b/sbin/isakmpd/nat_traversal.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: nat_traversal.c,v 1.12 2005/04/05 18:06:06 cloder Exp $ */
+/* $OpenBSD: nat_traversal.c,v 1.13 2005/04/08 22:32:10 cloder Exp $ */
/*
* Copyright (c) 2004 Håkan Olsson. All rights reserved.
@@ -28,8 +28,6 @@
#include <stdlib.h>
#include <string.h>
-#include "sysdep.h"
-
#include "conf.h"
#include "exchange.h"
#include "hash.h"
diff --git a/sbin/isakmpd/policy.c b/sbin/isakmpd/policy.c
index b6d8a55efee..c1efa7121b6 100644
--- a/sbin/isakmpd/policy.c
+++ b/sbin/isakmpd/policy.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: policy.c,v 1.84 2005/04/08 18:39:04 deraadt Exp $ */
+/* $OpenBSD: policy.c,v 1.85 2005/04/08 22:32:10 cloder Exp $ */
/* $EOM: policy.c,v 1.49 2000/10/24 13:33:39 niklas Exp $ */
/*
@@ -51,8 +51,6 @@
#include <openssl/ssl.h>
#include <netdb.h>
-#include "sysdep.h"
-
#include "conf.h"
#include "exchange.h"
#include "ipsec.h"
diff --git a/sbin/isakmpd/prf.c b/sbin/isakmpd/prf.c
index fdb91fe9adc..ba23568d2c7 100644
--- a/sbin/isakmpd/prf.c
+++ b/sbin/isakmpd/prf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: prf.c,v 1.14 2004/05/23 18:17:56 hshoexer Exp $ */
+/* $OpenBSD: prf.c,v 1.15 2005/04/08 22:32:10 cloder Exp $ */
/* $EOM: prf.c,v 1.7 1999/05/02 12:50:29 niklas Exp $ */
/*
@@ -34,8 +34,6 @@
#include <stdlib.h>
#include <string.h>
-#include "sysdep.h"
-
#include "hash.h"
#include "log.h"
#include "prf.h"
diff --git a/sbin/isakmpd/sa.c b/sbin/isakmpd/sa.c
index bfefefe52c2..ae6323b0206 100644
--- a/sbin/isakmpd/sa.c
+++ b/sbin/isakmpd/sa.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sa.c,v 1.96 2005/04/08 17:15:01 deraadt Exp $ */
+/* $OpenBSD: sa.c,v 1.97 2005/04/08 22:32:10 cloder Exp $ */
/* $EOM: sa.c,v 1.112 2000/12/12 00:22:52 niklas Exp $ */
/*
@@ -1212,7 +1212,7 @@ sa_setup_expirations(struct sa *sa)
* XXX This should probably be configuration controlled
* somehow.
*/
- seconds = sa->seconds * (850 + sysdep_random() % 100) / 1000;
+ seconds = sa->seconds * (850 + rand_32() % 100) / 1000;
LOG_DBG((LOG_TIMER, 95,
"sa_setup_expirations: SA %p soft timeout in %llu seconds",
sa, seconds));
diff --git a/sbin/isakmpd/sysdep.h b/sbin/isakmpd/sysdep.h
index e0f49377b76..7b09b0adc9c 100644
--- a/sbin/isakmpd/sysdep.h
+++ b/sbin/isakmpd/sysdep.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: sysdep.h,v 1.22 2005/04/08 19:08:23 deraadt Exp $ */
+/* $OpenBSD: sysdep.h,v 1.23 2005/04/08 22:32:10 cloder Exp $ */
/* $EOM: sysdep.h,v 1.17 2000/12/04 04:46:35 angelos Exp $ */
/*
@@ -55,7 +55,6 @@ extern int sysdep_ipsec_group_spis(struct sa *, struct proto *,
struct proto *, int);
extern int sysdep_ipsec_set_spi(struct sa *, struct proto *, int,
struct sa *);
-extern u_int32_t sysdep_random(void);
extern u_int8_t sysdep_sa_len(struct sockaddr *);
#if defined (USE_BOEHM_GC)
diff --git a/sbin/isakmpd/sysdep/openbsd/sysdep.c b/sbin/isakmpd/sysdep/openbsd/sysdep.c
index 11f052600f1..d9f5264c20b 100644
--- a/sbin/isakmpd/sysdep/openbsd/sysdep.c
+++ b/sbin/isakmpd/sysdep/openbsd/sysdep.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sysdep.c,v 1.31 2005/04/08 19:05:15 deraadt Exp $ */
+/* $OpenBSD: sysdep.c,v 1.32 2005/04/08 22:32:10 cloder Exp $ */
/* $EOM: sysdep.c,v 1.9 2000/12/04 04:46:35 angelos Exp $ */
/*
@@ -51,19 +51,6 @@
#include "log.h"
-/*
- * An as strong as possible random number generator, reverting to a
- * deterministic pseudo-random one if regrand is set.
- */
-u_int32_t
-sysdep_random()
-{
- if (!regrand)
- return arc4random();
- else
- return random();
-}
-
/* Return the length of the sockaddr struct. */
u_int8_t
sysdep_sa_len(struct sockaddr *sa)
diff --git a/sbin/isakmpd/timer.c b/sbin/isakmpd/timer.c
index 45bcc49e4ae..07210bf4a96 100644
--- a/sbin/isakmpd/timer.c
+++ b/sbin/isakmpd/timer.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: timer.c,v 1.14 2004/06/14 09:55:42 ho Exp $ */
+/* $OpenBSD: timer.c,v 1.15 2005/04/08 22:32:10 cloder Exp $ */
/* $EOM: timer.c,v 1.13 2000/02/20 19:58:42 niklas Exp $ */
/*
@@ -33,8 +33,6 @@
#include <stdlib.h>
#include <string.h>
-#include "sysdep.h"
-
#include "log.h"
#include "timer.h"
diff --git a/sbin/isakmpd/udp.c b/sbin/isakmpd/udp.c
index 5378f26e168..dfd0ea42cf1 100644
--- a/sbin/isakmpd/udp.c
+++ b/sbin/isakmpd/udp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: udp.c,v 1.86 2005/04/08 16:07:22 cloder Exp $ */
+/* $OpenBSD: udp.c,v 1.87 2005/04/08 22:32:10 cloder Exp $ */
/* $EOM: udp.c,v 1.57 2001/01/26 10:09:57 niklas Exp $ */
/*
@@ -45,8 +45,6 @@
#include <string.h>
#include <unistd.h>
-#include "sysdep.h"
-
#include "conf.h"
#include "if.h"
#include "isakmp.h"
diff --git a/sbin/isakmpd/ui.c b/sbin/isakmpd/ui.c
index b16c02fca78..b199c6da1a6 100644
--- a/sbin/isakmpd/ui.c
+++ b/sbin/isakmpd/ui.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ui.c,v 1.44 2005/04/08 19:40:03 deraadt Exp $ */
+/* $OpenBSD: ui.c,v 1.45 2005/04/08 22:32:10 cloder Exp $ */
/* $EOM: ui.c,v 1.43 2000/10/05 09:25:12 niklas Exp $ */
/*
@@ -38,8 +38,6 @@
#include <unistd.h>
#include <errno.h>
-#include "sysdep.h"
-
#include "conf.h"
#include "connection.h"
#include "doi.h"
diff --git a/sbin/isakmpd/util.c b/sbin/isakmpd/util.c
index 43e25a107a6..7582396072d 100644
--- a/sbin/isakmpd/util.c
+++ b/sbin/isakmpd/util.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: util.c,v 1.55 2005/04/08 18:52:23 hshoexer Exp $ */
+/* $OpenBSD: util.c,v 1.56 2005/04/08 22:32:10 cloder Exp $ */
/* $EOM: util.c,v 1.23 2000/11/23 12:22:08 niklas Exp $ */
/*
@@ -45,8 +45,6 @@
#include <net/route.h>
#include <net/if.h>
-#include "sysdep.h"
-
#include "log.h"
#include "message.h"
#include "monitor.h"
@@ -60,11 +58,13 @@
*/
int allow_name_lookups = 0;
+#if defined(INSECURE_RAND)
/*
* This is set to true in case of regression-test mode, when it will
* cause predictable random numbers be generated.
*/
int regrand = 0;
+#endif
/*
* If in regression-test mode, this is the seed used.
@@ -145,6 +145,23 @@ ones_test(const u_int8_t *p, size_t sz)
}
/*
+ * Generate 32 bits of random data. If compiled with INSECURE_RAND
+ * and -r option is specified, then return deterministic data.
+ */
+u_int32_t
+rand_32(void)
+{
+#if !defined(INSECURE_RAND)
+ return arc4random();
+#else
+ if (regrand)
+ return random();
+ else
+ return arc4random();
+#endif
+}
+
+/*
* Generate a random data, len bytes long.
*/
u_int8_t *
@@ -155,7 +172,7 @@ getrandom(u_int8_t *buf, size_t len)
for (i = 0; i < len; i++) {
if (i % sizeof tmp == 0)
- tmp = sysdep_random();
+ tmp = rand_32();
buf[i] = tmp & 0xff;
tmp >>= 8;
diff --git a/sbin/isakmpd/util.h b/sbin/isakmpd/util.h
index fe3da5b0eda..7cd0fc491d5 100644
--- a/sbin/isakmpd/util.h
+++ b/sbin/isakmpd/util.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: util.h,v 1.24 2005/03/10 21:39:21 hshoexer Exp $ */
+/* $OpenBSD: util.h,v 1.25 2005/04/08 22:32:10 cloder Exp $ */
/* $EOM: util.h,v 1.10 2000/10/24 13:33:39 niklas Exp $ */
/*
@@ -49,6 +49,7 @@ extern u_int64_t decode_64(u_int8_t *);
extern void encode_16(u_int8_t *, u_int16_t);
extern void encode_32(u_int8_t *, u_int32_t);
extern void encode_64(u_int8_t *, u_int64_t);
+extern u_int32_t rand_32(void);
extern u_int8_t *getrandom(u_int8_t *, size_t);
extern int hex2raw(char *, u_int8_t *, size_t);
extern int ones_test(const u_int8_t *, size_t);
diff --git a/sbin/isakmpd/x509.c b/sbin/isakmpd/x509.c
index 8442643039e..c0d43c5e91e 100644
--- a/sbin/isakmpd/x509.c
+++ b/sbin/isakmpd/x509.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509.c,v 1.100 2005/04/08 17:15:01 deraadt Exp $ */
+/* $OpenBSD: x509.c,v 1.101 2005/04/08 22:32:10 cloder Exp $ */
/* $EOM: x509.c,v 1.54 2001/01/16 18:42:16 ho Exp $ */
/*
@@ -46,8 +46,6 @@
#include <regex.h>
#include <keynote.h>
-#include "sysdep.h"
-
#include "cert.h"
#include "conf.h"
#include "exchange.h"