Mercurial > dropbear
diff dbrandom.c @ 1916:3f4cdf839a1a
Make SHA1 optional, implement SHA256 fingerprints
SHA256 is always compiled and only enable SHA1 when needed. Fingerprints
are always SHA256: base64 format, md5 and sha1 are removed. dbrandom now
uses sha256 its hash function.
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Wed, 30 Mar 2022 11:44:04 +0800 |
| parents | 833bf9947603 |
| children |
line wrap: on
line diff
--- a/dbrandom.c Wed Mar 30 10:23:39 2022 +0800 +++ b/dbrandom.c Wed Mar 30 11:44:04 2022 +0800 @@ -34,7 +34,7 @@ /* the max value for the counter, so it won't integer overflow */ #define MAX_COUNTER (1<<30) -static unsigned char hashpool[SHA1_HASH_SIZE] = {0}; +static unsigned char hashpool[SHA256_HASH_SIZE] = {0}; static int donerandinit = 0; #define INIT_SEED_SIZE 32 /* 256 bits */ @@ -100,7 +100,7 @@ } goto out; } - sha1_process(hs, readbuf, readlen); + sha256_process(hs, readbuf, readlen); readcount += readlen; } ret = DROPBEAR_SUCCESS; @@ -120,13 +120,13 @@ #endif /* hash in the new seed data */ - sha1_init(&hs); + sha256_init(&hs); /* existing state (zeroes on startup) */ - sha1_process(&hs, (void*)hashpool, sizeof(hashpool)); + sha256_process(&hs, (void*)hashpool, sizeof(hashpool)); /* new */ - sha1_process(&hs, buf, len); - sha1_done(&hs, hashpool); + sha256_process(&hs, buf, len); + sha256_done(&hs, hashpool); } static void write_urandom() @@ -152,10 +152,10 @@ #if DROPBEAR_FUZZ void fuzz_seed(const unsigned char* dat, unsigned int len) { hash_state hs; - sha1_init(&hs); - sha1_process(&hs, "fuzzfuzzfuzz", strlen("fuzzfuzzfuzz")); - sha1_process(&hs, dat, len); - sha1_done(&hs, hashpool); + sha256_init(&hs); + sha256_process(&hs, "fuzzfuzzfuzz", strlen("fuzzfuzzfuzz")); + sha256_process(&hs, dat, len); + sha256_done(&hs, hashpool); counter = 0; donerandinit = 1; } @@ -209,7 +209,7 @@ if (ret == sizeof(buf)) { /* Success, stir in the entropy */ - sha1_process(hs, (void*)buf, sizeof(buf)); + sha256_process(hs, (void*)buf, sizeof(buf)); return DROPBEAR_SUCCESS; } @@ -221,7 +221,6 @@ /* Initialise the prng from /dev/urandom or prngd. This function can * be called multiple times */ void seedrandom() { - hash_state hs; pid_t pid; @@ -236,10 +235,10 @@ #endif /* hash in the new seed data */ - sha1_init(&hs); + sha256_init(&hs); /* existing state */ - sha1_process(&hs, (void*)hashpool, sizeof(hashpool)); + sha256_process(&hs, (void*)hashpool, sizeof(hashpool)); #ifdef HAVE_GETRANDOM if (process_getrandom(&hs) == DROPBEAR_SUCCESS) { @@ -289,21 +288,21 @@ #endif pid = getpid(); - sha1_process(&hs, (void*)&pid, sizeof(pid)); + sha256_process(&hs, (void*)&pid, sizeof(pid)); /* gettimeofday() doesn't completely fill out struct timeval on OS X (10.8.3), avoid valgrind warnings by clearing it first */ memset(&tv, 0x0, sizeof(tv)); gettimeofday(&tv, NULL); - sha1_process(&hs, (void*)&tv, sizeof(tv)); + sha256_process(&hs, (void*)&tv, sizeof(tv)); clockval = clock(); - sha1_process(&hs, (void*)&clockval, sizeof(clockval)); + sha256_process(&hs, (void*)&clockval, sizeof(clockval)); /* When a private key is read by the client or server it will * be added to the hashpool - see runopts.c */ - sha1_done(&hs, hashpool); + sha256_done(&hs, hashpool); counter = 0; donerandinit = 1; @@ -317,7 +316,7 @@ void genrandom(unsigned char* buf, unsigned int len) { hash_state hs; - unsigned char hash[SHA1_HASH_SIZE]; + unsigned char hash[SHA256_HASH_SIZE]; unsigned int copylen; if (!donerandinit) { @@ -325,17 +324,17 @@ } while (len > 0) { - sha1_init(&hs); - sha1_process(&hs, (void*)hashpool, sizeof(hashpool)); - sha1_process(&hs, (void*)&counter, sizeof(counter)); - sha1_done(&hs, hash); + sha256_init(&hs); + sha256_process(&hs, (void*)hashpool, sizeof(hashpool)); + sha256_process(&hs, (void*)&counter, sizeof(counter)); + sha256_done(&hs, hash); counter++; if (counter > MAX_COUNTER) { seedrandom(); } - copylen = MIN(len, SHA1_HASH_SIZE); + copylen = MIN(len, SHA256_HASH_SIZE); memcpy(buf, hash, copylen); len -= copylen; buf += copylen;