diff options
author | Chad Loder <cloder@cvs.openbsd.org> | 2005-04-08 22:32:11 +0000 |
---|---|---|
committer | Chad Loder <cloder@cvs.openbsd.org> | 2005-04-08 22:32:11 +0000 |
commit | cb04993a6a5ad3e448426e96a948cdef66528031 (patch) | |
tree | f7ef29458cec34b4c4dc5b6aa0a0720a18846ad5 /sbin | |
parent | f6e2c42a9faec3e926fc2d60e8cdc93729f7a211 (diff) |
Make deterministic randomness (only ever used for testing) a compile-time
option. Reduces chances of somehow setting regrand when it's not supposed
to be set. Remove "-r" option from man page. Also xref certpatch(8) while
we are in there. And remove some include sysdep.h where it is no longer
needed.
OK hshoexer
Diffstat (limited to 'sbin')
39 files changed, 72 insertions, 128 deletions
diff --git a/sbin/isakmpd/attribute.c b/sbin/isakmpd/attribute.c index 362805b7a43..2bc60881aeb 100644 --- a/sbin/isakmpd/attribute.c +++ b/sbin/isakmpd/attribute.c @@ -1,4 +1,4 @@ -/* $OpenBSD: attribute.c,v 1.11 2004/05/14 08:42:56 hshoexer Exp $ */ +/* $OpenBSD: attribute.c,v 1.12 2005/04/08 22:32:09 cloder Exp $ */ /* $EOM: attribute.c,v 1.10 2000/02/20 19:58:36 niklas Exp $ */ /* @@ -32,8 +32,6 @@ #include <sys/types.h> #include <string.h> -#include "sysdep.h" - #include "attribute.h" #include "conf.h" #include "log.h" diff --git a/sbin/isakmpd/cert.c b/sbin/isakmpd/cert.c index 28ea639bfca..b3e263e8cf3 100644 --- a/sbin/isakmpd/cert.c +++ b/sbin/isakmpd/cert.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cert.c,v 1.30 2005/04/08 17:15:01 deraadt Exp $ */ +/* $OpenBSD: cert.c,v 1.31 2005/04/08 22:32:09 cloder Exp $ */ /* $EOM: cert.c,v 1.18 2000/09/28 12:53:27 niklas Exp $ */ /* @@ -35,8 +35,6 @@ #include <stdlib.h> #include <string.h> -#include "sysdep.h" - #include "isakmp_num.h" #include "log.h" #include "cert.h" diff --git a/sbin/isakmpd/conf.c b/sbin/isakmpd/conf.c index 515e396f19c..c6ac27372f6 100644 --- a/sbin/isakmpd/conf.c +++ b/sbin/isakmpd/conf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: conf.c,v 1.81 2005/04/08 17:15:01 deraadt Exp $ */ +/* $OpenBSD: conf.c,v 1.82 2005/04/08 22:32:09 cloder Exp $ */ /* $EOM: conf.c,v 1.48 2000/12/04 02:04:29 angelos Exp $ */ /* @@ -45,8 +45,6 @@ #include <unistd.h> #include <errno.h> -#include "sysdep.h" - #include "app.h" #include "conf.h" #include "log.h" diff --git a/sbin/isakmpd/constants.c b/sbin/isakmpd/constants.c index ec0d0f4b7bd..7fe468adbe8 100644 --- a/sbin/isakmpd/constants.c +++ b/sbin/isakmpd/constants.c @@ -1,4 +1,4 @@ -/* $OpenBSD: constants.c,v 1.9 2004/04/15 18:39:25 deraadt Exp $ */ +/* $OpenBSD: constants.c,v 1.10 2005/04/08 22:32:09 cloder Exp $ */ /* $EOM: constants.c,v 1.7 1999/04/02 00:57:31 niklas Exp $ */ /* @@ -32,8 +32,6 @@ #include <stdio.h> #include <string.h> -#include "sysdep.h" - #include "constants.h" int diff --git a/sbin/isakmpd/crypto.c b/sbin/isakmpd/crypto.c index 606ec20a40f..5a9361d17e7 100644 --- a/sbin/isakmpd/crypto.c +++ b/sbin/isakmpd/crypto.c @@ -1,4 +1,4 @@ -/* $OpenBSD: crypto.c,v 1.27 2005/04/08 18:44:04 deraadt Exp $ */ +/* $OpenBSD: crypto.c,v 1.28 2005/04/08 22:32:09 cloder Exp $ */ /* $EOM: crypto.c,v 1.32 2000/03/07 20:08:51 niklas Exp $ */ /* @@ -34,8 +34,6 @@ #include <stdlib.h> #include <string.h> -#include "sysdep.h" - #include "crypto.h" #include "log.h" diff --git a/sbin/isakmpd/dh.c b/sbin/isakmpd/dh.c index afb41baf2c2..46519b905aa 100644 --- a/sbin/isakmpd/dh.c +++ b/sbin/isakmpd/dh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dh.c,v 1.9 2004/04/15 18:39:25 deraadt Exp $ */ +/* $OpenBSD: dh.c,v 1.10 2005/04/08 22:32:09 cloder Exp $ */ /* $EOM: dh.c,v 1.5 1999/04/17 23:20:22 niklas Exp $ */ /* @@ -32,8 +32,6 @@ #include <sys/param.h> -#include "sysdep.h" - #include "math_group.h" #include "dh.h" #include "log.h" diff --git a/sbin/isakmpd/dnssec.c b/sbin/isakmpd/dnssec.c index 7b2a7c1c332..01d4eba8706 100644 --- a/sbin/isakmpd/dnssec.c +++ b/sbin/isakmpd/dnssec.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dnssec.c,v 1.22 2005/04/04 19:31:11 deraadt Exp $ */ +/* $OpenBSD: dnssec.c,v 1.23 2005/04/08 22:32:09 cloder Exp $ */ /* * Copyright (c) 2001 Håkan Olsson. All rights reserved. @@ -39,8 +39,6 @@ #include <netdb.h> #endif -#include "sysdep.h" - #include "dnssec.h" #include "exchange.h" #include "ipsec_num.h" diff --git a/sbin/isakmpd/doi.c b/sbin/isakmpd/doi.c index e9a50302db6..c1c6f45a6e3 100644 --- a/sbin/isakmpd/doi.c +++ b/sbin/isakmpd/doi.c @@ -1,4 +1,4 @@ -/* $OpenBSD: doi.c,v 1.9 2004/07/09 16:06:48 deraadt Exp $ */ +/* $OpenBSD: doi.c,v 1.10 2005/04/08 22:32:09 cloder Exp $ */ /* $EOM: doi.c,v 1.4 1999/04/02 00:57:36 niklas Exp $ */ /* @@ -31,8 +31,6 @@ #include <sys/param.h> -#include "sysdep.h" - #include "doi.h" static diff --git a/sbin/isakmpd/exchange.c b/sbin/isakmpd/exchange.c index 7977ed6f98b..5d8bb62e791 100644 --- a/sbin/isakmpd/exchange.c +++ b/sbin/isakmpd/exchange.c @@ -1,4 +1,4 @@ -/* $OpenBSD: exchange.c,v 1.118 2005/04/08 19:40:02 deraadt Exp $ */ +/* $OpenBSD: exchange.c,v 1.119 2005/04/08 22:32:09 cloder Exp $ */ /* $EOM: exchange.c,v 1.143 2000/12/04 00:02:25 angelos Exp $ */ /* @@ -40,8 +40,6 @@ #include <regex.h> #include <keynote.h> -#include "sysdep.h" - #include "cert.h" #include "conf.h" #include "connection.h" diff --git a/sbin/isakmpd/field.c b/sbin/isakmpd/field.c index 0cc96d2748d..1702645376c 100644 --- a/sbin/isakmpd/field.c +++ b/sbin/isakmpd/field.c @@ -1,4 +1,4 @@ -/* $OpenBSD: field.c,v 1.16 2004/06/14 09:55:41 ho Exp $ */ +/* $OpenBSD: field.c,v 1.17 2005/04/08 22:32:09 cloder Exp $ */ /* $EOM: field.c,v 1.11 2000/02/20 19:58:37 niklas Exp $ */ /* @@ -33,8 +33,6 @@ #include <stdlib.h> #include <string.h> -#include "sysdep.h" - #include "constants.h" #include "field.h" #include "log.h" diff --git a/sbin/isakmpd/hash.c b/sbin/isakmpd/hash.c index abf3597fef9..f2e0f5cc014 100644 --- a/sbin/isakmpd/hash.c +++ b/sbin/isakmpd/hash.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hash.c,v 1.19 2005/04/08 18:39:12 deraadt Exp $ */ +/* $OpenBSD: hash.c,v 1.20 2005/04/08 22:32:10 cloder Exp $ */ /* $EOM: hash.c,v 1.10 1999/04/17 23:20:34 niklas Exp $ */ /* @@ -35,8 +35,6 @@ #include <md5.h> #include <sha1.h> -#include "sysdep.h" - #include "hash.h" #include "log.h" diff --git a/sbin/isakmpd/if.c b/sbin/isakmpd/if.c index ea9af7e9c16..e30cbffd41f 100644 --- a/sbin/isakmpd/if.c +++ b/sbin/isakmpd/if.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if.c,v 1.24 2005/04/08 16:11:11 deraadt Exp $ */ +/* $OpenBSD: if.c,v 1.25 2005/04/08 22:32:10 cloder Exp $ */ /* $EOM: if.c,v 1.12 1999/10/01 13:45:20 niklas Exp $ */ /* @@ -37,8 +37,6 @@ #include <unistd.h> #include <ifaddrs.h> -#include "sysdep.h" - #include "log.h" #include "monitor.h" #include "if.h" diff --git a/sbin/isakmpd/ike_aggressive.c b/sbin/isakmpd/ike_aggressive.c index 5a851c4064b..4d18534ab42 100644 --- a/sbin/isakmpd/ike_aggressive.c +++ b/sbin/isakmpd/ike_aggressive.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ike_aggressive.c,v 1.9 2005/04/08 16:37:14 deraadt Exp $ */ +/* $OpenBSD: ike_aggressive.c,v 1.10 2005/04/08 22:32:10 cloder Exp $ */ /* $EOM: ike_aggressive.c,v 1.4 2000/01/31 22:33:45 niklas Exp $ */ /* @@ -35,8 +35,6 @@ #include <stdlib.h> #include <string.h> -#include "sysdep.h" - #include "attribute.h" #include "conf.h" #include "constants.h" diff --git a/sbin/isakmpd/ike_auth.c b/sbin/isakmpd/ike_auth.c index b8f4b934a8c..0f91069b616 100644 --- a/sbin/isakmpd/ike_auth.c +++ b/sbin/isakmpd/ike_auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ike_auth.c,v 1.101 2005/04/08 20:04:57 hshoexer Exp $ */ +/* $OpenBSD: ike_auth.c,v 1.102 2005/04/08 22:32:10 cloder Exp $ */ /* $EOM: ike_auth.c,v 1.59 2000/11/21 00:21:31 angelos Exp $ */ /* @@ -46,8 +46,6 @@ #include <keynote.h> #include <policy.h> -#include "sysdep.h" - #include "cert.h" #include "conf.h" #include "constants.h" diff --git a/sbin/isakmpd/ike_main_mode.c b/sbin/isakmpd/ike_main_mode.c index 1308564b47b..9bc55babca1 100644 --- a/sbin/isakmpd/ike_main_mode.c +++ b/sbin/isakmpd/ike_main_mode.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ike_main_mode.c,v 1.15 2004/06/14 09:55:41 ho Exp $ */ +/* $OpenBSD: ike_main_mode.c,v 1.16 2005/04/08 22:32:10 cloder Exp $ */ /* $EOM: ike_main_mode.c,v 1.77 1999/04/25 22:12:34 niklas Exp $ */ /* @@ -34,8 +34,6 @@ #include <stdlib.h> #include <string.h> -#include "sysdep.h" - #include "attribute.h" #include "conf.h" #include "constants.h" diff --git a/sbin/isakmpd/ike_phase_1.c b/sbin/isakmpd/ike_phase_1.c index 937e4c386fd..88335a5ccb9 100644 --- a/sbin/isakmpd/ike_phase_1.c +++ b/sbin/isakmpd/ike_phase_1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ike_phase_1.c,v 1.61 2005/04/08 16:52:41 deraadt Exp $ */ +/* $OpenBSD: ike_phase_1.c,v 1.62 2005/04/08 22:32:10 cloder Exp $ */ /* $EOM: ike_phase_1.c,v 1.31 2000/12/11 23:47:56 niklas Exp $ */ /* @@ -37,8 +37,6 @@ #include <stdlib.h> #include <string.h> -#include "sysdep.h" - #include "attribute.h" #include "conf.h" #include "constants.h" diff --git a/sbin/isakmpd/ike_quick_mode.c b/sbin/isakmpd/ike_quick_mode.c index b8e3d640f27..4ddbf55c223 100644 --- a/sbin/isakmpd/ike_quick_mode.c +++ b/sbin/isakmpd/ike_quick_mode.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ike_quick_mode.c,v 1.94 2005/04/08 17:15:01 deraadt Exp $ */ +/* $OpenBSD: ike_quick_mode.c,v 1.95 2005/04/08 22:32:10 cloder Exp $ */ /* $EOM: ike_quick_mode.c,v 1.139 2001/01/26 10:43:17 niklas Exp $ */ /* @@ -38,8 +38,6 @@ #include <regex.h> #include <keynote.h> -#include "sysdep.h" - #include "attribute.h" #include "conf.h" #include "connection.h" diff --git a/sbin/isakmpd/init.c b/sbin/isakmpd/init.c index 07e6e21550b..dbacdcc4d86 100644 --- a/sbin/isakmpd/init.c +++ b/sbin/isakmpd/init.c @@ -1,4 +1,4 @@ -/* $OpenBSD: init.c,v 1.35 2005/04/08 17:15:01 deraadt Exp $ */ +/* $OpenBSD: init.c,v 1.36 2005/04/08 22:32:10 cloder Exp $ */ /* $EOM: init.c,v 1.25 2000/03/30 14:27:24 ho Exp $ */ /* @@ -35,8 +35,6 @@ #include <stdlib.h> -#include "sysdep.h" - #include "app.h" #include "cert.h" #include "conf.h" @@ -114,9 +112,11 @@ reinit(void) * XXX This means we discard exchange->last_msg, is this really ok? */ +#if defined(INSECURE_RAND) /* Reinitialize PRNG if we are in deterministic mode. */ if (regrand) srandom(seed); +#endif /* Reread config file. */ conf_reinit(); diff --git a/sbin/isakmpd/isakmp_cfg.c b/sbin/isakmpd/isakmp_cfg.c index 01730095bda..ca2baa6a16c 100644 --- a/sbin/isakmpd/isakmp_cfg.c +++ b/sbin/isakmpd/isakmp_cfg.c @@ -1,4 +1,4 @@ -/* $OpenBSD: isakmp_cfg.c,v 1.36 2005/04/06 16:00:20 deraadt Exp $ */ +/* $OpenBSD: isakmp_cfg.c,v 1.37 2005/04/08 22:32:10 cloder Exp $ */ /* * Copyright (c) 2001 Niklas Hallqvist. All rights reserved. @@ -37,8 +37,6 @@ #include <string.h> #include <bitstring.h> -#include "sysdep.h" - #include "attribute.h" #include "conf.h" #include "exchange.h" diff --git a/sbin/isakmpd/isakmp_doi.c b/sbin/isakmpd/isakmp_doi.c index ed24fce11bd..f4dfbf9b95d 100644 --- a/sbin/isakmpd/isakmp_doi.c +++ b/sbin/isakmpd/isakmp_doi.c @@ -1,4 +1,4 @@ -/* $OpenBSD: isakmp_doi.c,v 1.24 2005/04/08 19:40:03 deraadt Exp $ */ +/* $OpenBSD: isakmp_doi.c,v 1.25 2005/04/08 22:32:10 cloder Exp $ */ /* $EOM: isakmp_doi.c,v 1.42 2000/09/12 16:29:41 ho Exp $ */ /* @@ -37,8 +37,6 @@ #include <sys/types.h> -#include "sysdep.h" - #include "doi.h" #include "exchange.h" #include "isakmp.h" diff --git a/sbin/isakmpd/isakmpd.8 b/sbin/isakmpd/isakmpd.8 index 6003b6de39f..16ab849746f 100644 --- a/sbin/isakmpd/isakmpd.8 +++ b/sbin/isakmpd/isakmpd.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: isakmpd.8,v 1.69 2005/04/05 21:32:13 jmc Exp $ +.\" $OpenBSD: isakmpd.8,v 1.70 2005/04/08 22:32:10 cloder Exp $ .\" $EOM: isakmpd.8,v 1.23 2000/05/02 00:30:23 niklas Exp $ .\" .\" Copyright (c) 1998, 1999, 2000, 2001 Niklas Hallqvist. @@ -53,7 +53,6 @@ .Op Fl K .Op Fl L .Op Fl l Ar packetlog-file -.Op Fl r Ar seed .Op Fl R Ar report-file .Op Fl T .Op Fl v @@ -254,9 +253,6 @@ and other utilities using As option .Fl L above, but capture to a specified file. -.It Fl r Ar seed -If given, a deterministic random number sequence will be used internally. -This is useful for setting up regression tests. .It Fl R Ar report-file When you signal .Nm @@ -576,6 +572,7 @@ and keynote policy configuration files. .Xr ipsec 4 , .Xr isakmpd.conf 5 , .Xr isakmpd.policy 5 , +.Xr certpatch 8 , .Xr ssl 8 , .Xr tcpdump 8 , .Xr vpn 8 diff --git a/sbin/isakmpd/isakmpd.c b/sbin/isakmpd/isakmpd.c index 3b761076aa9..e2203adaffd 100644 --- a/sbin/isakmpd/isakmpd.c +++ b/sbin/isakmpd/isakmpd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: isakmpd.c,v 1.83 2005/04/08 19:40:03 deraadt Exp $ */ +/* $OpenBSD: isakmpd.c,v 1.84 2005/04/08 22:32:10 cloder Exp $ */ /* $EOM: isakmpd.c,v 1.54 2000/10/05 09:28:22 niklas Exp $ */ /* @@ -44,8 +44,6 @@ #include <unistd.h> #include <fcntl.h> -#include "sysdep.h" - #include "app.h" #include "conf.h" #include "connection.h" @@ -130,7 +128,9 @@ static void parse_args(int argc, char *argv[]) { int ch; +#if defined(INSECURE_RAND) char *ep; +#endif int cls, level; int do_packetlog = 0; @@ -202,14 +202,17 @@ parse_args(int argc, char *argv[]) break; case 'r': +#if defined(INSECURE_RAND) seed = strtoul(optarg, &ep, 0); srandom(seed); if (*ep != '\0') log_fatal("parse_args: invalid numeric arg " "to -r (%s)", optarg); regrand = 1; +#else + usage(); break; - +#endif case 'R': report_file = optarg; break; diff --git a/sbin/isakmpd/key.c b/sbin/isakmpd/key.c index 71ea551bd99..fcc9d7e2bee 100644 --- a/sbin/isakmpd/key.c +++ b/sbin/isakmpd/key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: key.c,v 1.21 2005/04/05 20:46:20 cloder Exp $ */ +/* $OpenBSD: key.c,v 1.22 2005/04/08 22:32:10 cloder Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) * @@ -23,8 +23,6 @@ #include <string.h> #include <stdlib.h> -#include "sysdep.h" - #include "key.h" #include "libcrypto.h" #include "log.h" diff --git a/sbin/isakmpd/libcrypto.c b/sbin/isakmpd/libcrypto.c index 5191750abbd..d66d0fbb4b7 100644 --- a/sbin/isakmpd/libcrypto.c +++ b/sbin/isakmpd/libcrypto.c @@ -1,4 +1,4 @@ -/* $OpenBSD: libcrypto.c,v 1.18 2005/04/08 17:15:01 deraadt Exp $ */ +/* $OpenBSD: libcrypto.c,v 1.19 2005/04/08 22:32:10 cloder Exp $ */ /* $EOM: libcrypto.c,v 1.14 2000/09/28 12:53:27 niklas Exp $ */ /* @@ -30,7 +30,6 @@ * This code was written under funding by Ericsson Radio Systems. */ -#include "sysdep.h" #include "libcrypto.h" void diff --git a/sbin/isakmpd/math_2n.c b/sbin/isakmpd/math_2n.c index db534142341..a1fd7cbefcb 100644 --- a/sbin/isakmpd/math_2n.c +++ b/sbin/isakmpd/math_2n.c @@ -1,4 +1,4 @@ -/* $OpenBSD: math_2n.c,v 1.19 2005/04/06 16:00:20 deraadt Exp $ */ +/* $OpenBSD: math_2n.c,v 1.20 2005/04/08 22:32:10 cloder Exp $ */ /* $EOM: math_2n.c,v 1.15 1999/04/20 09:23:30 niklas Exp $ */ /* @@ -43,8 +43,6 @@ #include <string.h> #include <stdio.h> -#include "sysdep.h" - #include "math_2n.h" #include "util.h" diff --git a/sbin/isakmpd/math_ec2n.c b/sbin/isakmpd/math_ec2n.c index 49cea129b92..dfb25a596e8 100644 --- a/sbin/isakmpd/math_ec2n.c +++ b/sbin/isakmpd/math_ec2n.c @@ -1,4 +1,4 @@ -/* $OpenBSD: math_ec2n.c,v 1.12 2005/04/06 16:00:20 deraadt Exp $ */ +/* $OpenBSD: math_ec2n.c,v 1.13 2005/04/08 22:32:10 cloder Exp $ */ /* $EOM: math_ec2n.c,v 1.9 1999/04/20 09:23:31 niklas Exp $ */ /* @@ -33,8 +33,6 @@ #include <sys/param.h> #include <stdio.h> -#include "sysdep.h" - #include "math_2n.h" #include "math_ec2n.h" diff --git a/sbin/isakmpd/math_group.c b/sbin/isakmpd/math_group.c index 2a2964bebaf..d7ff68aaf20 100644 --- a/sbin/isakmpd/math_group.c +++ b/sbin/isakmpd/math_group.c @@ -1,4 +1,4 @@ -/* $OpenBSD: math_group.c,v 1.26 2005/04/08 20:04:57 hshoexer Exp $ */ +/* $OpenBSD: math_group.c,v 1.27 2005/04/08 22:32:10 cloder Exp $ */ /* $EOM: math_group.c,v 1.25 2000/04/07 19:53:26 niklas Exp $ */ /* @@ -34,13 +34,12 @@ #include <stdlib.h> #include <string.h> -#include "sysdep.h" - #include "log.h" #include "math_2n.h" #include "math_ec2n.h" #include "math_group.h" #include "math_mp.h" +#include "util.h" /* We do not want to export these definitions. */ int modp_getlen(struct group *); @@ -721,7 +720,7 @@ modp_setrandom(struct group *grp, math_mp_t d) for (i = 0; i < l; i++) { if (i % 4) - tmp = sysdep_random(); + tmp = rand_32(); BN_lshift(d, d, 8); BN_add_word(d, tmp & 0xFF); diff --git a/sbin/isakmpd/nat_traversal.c b/sbin/isakmpd/nat_traversal.c index 3862e1c5101..9fc341a0305 100644 --- a/sbin/isakmpd/nat_traversal.c +++ b/sbin/isakmpd/nat_traversal.c @@ -1,4 +1,4 @@ -/* $OpenBSD: nat_traversal.c,v 1.12 2005/04/05 18:06:06 cloder Exp $ */ +/* $OpenBSD: nat_traversal.c,v 1.13 2005/04/08 22:32:10 cloder Exp $ */ /* * Copyright (c) 2004 Håkan Olsson. All rights reserved. @@ -28,8 +28,6 @@ #include <stdlib.h> #include <string.h> -#include "sysdep.h" - #include "conf.h" #include "exchange.h" #include "hash.h" diff --git a/sbin/isakmpd/policy.c b/sbin/isakmpd/policy.c index b6d8a55efee..c1efa7121b6 100644 --- a/sbin/isakmpd/policy.c +++ b/sbin/isakmpd/policy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: policy.c,v 1.84 2005/04/08 18:39:04 deraadt Exp $ */ +/* $OpenBSD: policy.c,v 1.85 2005/04/08 22:32:10 cloder Exp $ */ /* $EOM: policy.c,v 1.49 2000/10/24 13:33:39 niklas Exp $ */ /* @@ -51,8 +51,6 @@ #include <openssl/ssl.h> #include <netdb.h> -#include "sysdep.h" - #include "conf.h" #include "exchange.h" #include "ipsec.h" diff --git a/sbin/isakmpd/prf.c b/sbin/isakmpd/prf.c index fdb91fe9adc..ba23568d2c7 100644 --- a/sbin/isakmpd/prf.c +++ b/sbin/isakmpd/prf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: prf.c,v 1.14 2004/05/23 18:17:56 hshoexer Exp $ */ +/* $OpenBSD: prf.c,v 1.15 2005/04/08 22:32:10 cloder Exp $ */ /* $EOM: prf.c,v 1.7 1999/05/02 12:50:29 niklas Exp $ */ /* @@ -34,8 +34,6 @@ #include <stdlib.h> #include <string.h> -#include "sysdep.h" - #include "hash.h" #include "log.h" #include "prf.h" diff --git a/sbin/isakmpd/sa.c b/sbin/isakmpd/sa.c index bfefefe52c2..ae6323b0206 100644 --- a/sbin/isakmpd/sa.c +++ b/sbin/isakmpd/sa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sa.c,v 1.96 2005/04/08 17:15:01 deraadt Exp $ */ +/* $OpenBSD: sa.c,v 1.97 2005/04/08 22:32:10 cloder Exp $ */ /* $EOM: sa.c,v 1.112 2000/12/12 00:22:52 niklas Exp $ */ /* @@ -1212,7 +1212,7 @@ sa_setup_expirations(struct sa *sa) * XXX This should probably be configuration controlled * somehow. */ - seconds = sa->seconds * (850 + sysdep_random() % 100) / 1000; + seconds = sa->seconds * (850 + rand_32() % 100) / 1000; LOG_DBG((LOG_TIMER, 95, "sa_setup_expirations: SA %p soft timeout in %llu seconds", sa, seconds)); diff --git a/sbin/isakmpd/sysdep.h b/sbin/isakmpd/sysdep.h index e0f49377b76..7b09b0adc9c 100644 --- a/sbin/isakmpd/sysdep.h +++ b/sbin/isakmpd/sysdep.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sysdep.h,v 1.22 2005/04/08 19:08:23 deraadt Exp $ */ +/* $OpenBSD: sysdep.h,v 1.23 2005/04/08 22:32:10 cloder Exp $ */ /* $EOM: sysdep.h,v 1.17 2000/12/04 04:46:35 angelos Exp $ */ /* @@ -55,7 +55,6 @@ extern int sysdep_ipsec_group_spis(struct sa *, struct proto *, struct proto *, int); extern int sysdep_ipsec_set_spi(struct sa *, struct proto *, int, struct sa *); -extern u_int32_t sysdep_random(void); extern u_int8_t sysdep_sa_len(struct sockaddr *); #if defined (USE_BOEHM_GC) diff --git a/sbin/isakmpd/sysdep/openbsd/sysdep.c b/sbin/isakmpd/sysdep/openbsd/sysdep.c index 11f052600f1..d9f5264c20b 100644 --- a/sbin/isakmpd/sysdep/openbsd/sysdep.c +++ b/sbin/isakmpd/sysdep/openbsd/sysdep.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sysdep.c,v 1.31 2005/04/08 19:05:15 deraadt Exp $ */ +/* $OpenBSD: sysdep.c,v 1.32 2005/04/08 22:32:10 cloder Exp $ */ /* $EOM: sysdep.c,v 1.9 2000/12/04 04:46:35 angelos Exp $ */ /* @@ -51,19 +51,6 @@ #include "log.h" -/* - * An as strong as possible random number generator, reverting to a - * deterministic pseudo-random one if regrand is set. - */ -u_int32_t -sysdep_random() -{ - if (!regrand) - return arc4random(); - else - return random(); -} - /* Return the length of the sockaddr struct. */ u_int8_t sysdep_sa_len(struct sockaddr *sa) diff --git a/sbin/isakmpd/timer.c b/sbin/isakmpd/timer.c index 45bcc49e4ae..07210bf4a96 100644 --- a/sbin/isakmpd/timer.c +++ b/sbin/isakmpd/timer.c @@ -1,4 +1,4 @@ -/* $OpenBSD: timer.c,v 1.14 2004/06/14 09:55:42 ho Exp $ */ +/* $OpenBSD: timer.c,v 1.15 2005/04/08 22:32:10 cloder Exp $ */ /* $EOM: timer.c,v 1.13 2000/02/20 19:58:42 niklas Exp $ */ /* @@ -33,8 +33,6 @@ #include <stdlib.h> #include <string.h> -#include "sysdep.h" - #include "log.h" #include "timer.h" diff --git a/sbin/isakmpd/udp.c b/sbin/isakmpd/udp.c index 5378f26e168..dfd0ea42cf1 100644 --- a/sbin/isakmpd/udp.c +++ b/sbin/isakmpd/udp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: udp.c,v 1.86 2005/04/08 16:07:22 cloder Exp $ */ +/* $OpenBSD: udp.c,v 1.87 2005/04/08 22:32:10 cloder Exp $ */ /* $EOM: udp.c,v 1.57 2001/01/26 10:09:57 niklas Exp $ */ /* @@ -45,8 +45,6 @@ #include <string.h> #include <unistd.h> -#include "sysdep.h" - #include "conf.h" #include "if.h" #include "isakmp.h" diff --git a/sbin/isakmpd/ui.c b/sbin/isakmpd/ui.c index b16c02fca78..b199c6da1a6 100644 --- a/sbin/isakmpd/ui.c +++ b/sbin/isakmpd/ui.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ui.c,v 1.44 2005/04/08 19:40:03 deraadt Exp $ */ +/* $OpenBSD: ui.c,v 1.45 2005/04/08 22:32:10 cloder Exp $ */ /* $EOM: ui.c,v 1.43 2000/10/05 09:25:12 niklas Exp $ */ /* @@ -38,8 +38,6 @@ #include <unistd.h> #include <errno.h> -#include "sysdep.h" - #include "conf.h" #include "connection.h" #include "doi.h" diff --git a/sbin/isakmpd/util.c b/sbin/isakmpd/util.c index 43e25a107a6..7582396072d 100644 --- a/sbin/isakmpd/util.c +++ b/sbin/isakmpd/util.c @@ -1,4 +1,4 @@ -/* $OpenBSD: util.c,v 1.55 2005/04/08 18:52:23 hshoexer Exp $ */ +/* $OpenBSD: util.c,v 1.56 2005/04/08 22:32:10 cloder Exp $ */ /* $EOM: util.c,v 1.23 2000/11/23 12:22:08 niklas Exp $ */ /* @@ -45,8 +45,6 @@ #include <net/route.h> #include <net/if.h> -#include "sysdep.h" - #include "log.h" #include "message.h" #include "monitor.h" @@ -60,11 +58,13 @@ */ int allow_name_lookups = 0; +#if defined(INSECURE_RAND) /* * This is set to true in case of regression-test mode, when it will * cause predictable random numbers be generated. */ int regrand = 0; +#endif /* * If in regression-test mode, this is the seed used. @@ -145,6 +145,23 @@ ones_test(const u_int8_t *p, size_t sz) } /* + * Generate 32 bits of random data. If compiled with INSECURE_RAND + * and -r option is specified, then return deterministic data. + */ +u_int32_t +rand_32(void) +{ +#if !defined(INSECURE_RAND) + return arc4random(); +#else + if (regrand) + return random(); + else + return arc4random(); +#endif +} + +/* * Generate a random data, len bytes long. */ u_int8_t * @@ -155,7 +172,7 @@ getrandom(u_int8_t *buf, size_t len) for (i = 0; i < len; i++) { if (i % sizeof tmp == 0) - tmp = sysdep_random(); + tmp = rand_32(); buf[i] = tmp & 0xff; tmp >>= 8; diff --git a/sbin/isakmpd/util.h b/sbin/isakmpd/util.h index fe3da5b0eda..7cd0fc491d5 100644 --- a/sbin/isakmpd/util.h +++ b/sbin/isakmpd/util.h @@ -1,4 +1,4 @@ -/* $OpenBSD: util.h,v 1.24 2005/03/10 21:39:21 hshoexer Exp $ */ +/* $OpenBSD: util.h,v 1.25 2005/04/08 22:32:10 cloder Exp $ */ /* $EOM: util.h,v 1.10 2000/10/24 13:33:39 niklas Exp $ */ /* @@ -49,6 +49,7 @@ extern u_int64_t decode_64(u_int8_t *); extern void encode_16(u_int8_t *, u_int16_t); extern void encode_32(u_int8_t *, u_int32_t); extern void encode_64(u_int8_t *, u_int64_t); +extern u_int32_t rand_32(void); extern u_int8_t *getrandom(u_int8_t *, size_t); extern int hex2raw(char *, u_int8_t *, size_t); extern int ones_test(const u_int8_t *, size_t); diff --git a/sbin/isakmpd/x509.c b/sbin/isakmpd/x509.c index 8442643039e..c0d43c5e91e 100644 --- a/sbin/isakmpd/x509.c +++ b/sbin/isakmpd/x509.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509.c,v 1.100 2005/04/08 17:15:01 deraadt Exp $ */ +/* $OpenBSD: x509.c,v 1.101 2005/04/08 22:32:10 cloder Exp $ */ /* $EOM: x509.c,v 1.54 2001/01/16 18:42:16 ho Exp $ */ /* @@ -46,8 +46,6 @@ #include <regex.h> #include <keynote.h> -#include "sysdep.h" - #include "cert.h" #include "conf.h" #include "exchange.h" |