openssh bugs - Aug 2022 - [Bug 3467] New: [upstream] arc4random: make rekey interval less predictable

https://bugzilla.mindrot.org/show_bug.cgi?id=3467

            Bug ID: 3467
           Summary: [upstream] arc4random: make rekey interval less
                    predictable
           Product: Portable OpenSSH
           Version: -current
          Hardware: Other
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: Build system
          Assignee: unassigned-bugs at mindrot.org
          Reporter: logan at cyberstorm.mu

Created attachment 3605
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3605&action=edit
Make rekey interval less predictable.

This patch sync's OpenSSH compat arc4random with the one in OpenBSD.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3467

Loganaden Velvindron <logan at cyberstorm.mu> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #3605|0                           |1
        is obsolete|                            |

--- Comment #1 from Loganaden Velvindron <logan at cyberstorm.mu> ---
Created attachment 3606
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3606&action=edit
Make rekey interval less predictable.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3467

Darren Tucker <dtucker at dtucker.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dtucker at dtucker.net
             Blocks|                            |3418

--- Comment #2 from Darren Tucker <dtucker at dtucker.net> ---
We should probably resync all of the changes from OpenBSD, but it'll
need to be done carefully.


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=3418
[Bug 3418] tracking bug for openssh-9.1
-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3467

Darren Tucker <dtucker at dtucker.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org
   Attachment #3607|                            |ok?(djm at mindrot.org)
              Flags|                            |

--- Comment #3 from Darren Tucker <dtucker at dtucker.net> ---
Created attachment 3607
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3607&action=edit
Factor out getrnd() into its own file and rename to getentropy()

Step 1: factor out getentropy equivalent code into its own file.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3467

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #3607|ok?(djm at mindrot.org)        |ok+
              Flags|                            |

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3467

Darren Tucker <dtucker at dtucker.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #3608|                            |ok?(djm at mindrot.org)
              Flags|                            |

--- Comment #4 from Darren Tucker <dtucker at dtucker.net> ---
Created attachment 3608
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3608&action=edit
Split arc4random_uniform out into its own file.

This matches the file currently in OpenBSD.  It also changes the types
from u_int32_t to uint32_t which happened in OpenBSD's arc4random.c rev
1.40.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3467

Darren Tucker <dtucker at dtucker.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #3607|0                           |1
        is obsolete|                            |
   Attachment #3609|                            |ok?(djm at mindrot.org)
              Flags|                            |

--- Comment #5 from Darren Tucker <dtucker at dtucker.net> ---
Created attachment 3609
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3609&action=edit
Resync arc4random with OpenBSD rev 1.58

Step 3: resync remaining changes.  The arc4random.h is taken from
LibreSSL with some simplifications (most of the platform specific code
is the same with the exception of  thread support, however we don't
support that.)

(Also marking patch 3607 as obsolete as it's gone in.)

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3467

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #3608|ok?(djm at mindrot.org)        |ok+
              Flags|                            |

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3467

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #3609|ok?(djm at mindrot.org)        |ok+
              Flags|                            |

--- Comment #6 from Damien Miller <djm at mindrot.org> ---
Comment on attachment 3609
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3609
Resync arc4random with OpenBSD rev 1.58
>--- a/openbsd-compat/arc4random.c
>+++ b/openbsd-compat/arc4random.c
...
> /*
>  * If we are providing arc4random, then we can provide a more efficient 
whitespace at EOL here

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3467

Darren Tucker <dtucker at dtucker.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|NEW                         |RESOLVED

--- Comment #7 from Darren Tucker <dtucker at dtucker.net> ---
The full resync of arc4random went is as
https://github.com/openssh/openssh-portable/commit/ce39e7d8b70c4726defde5d3bc4cb7d40d131153

This greatly reduces the diff of portable vs openbsd.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3467

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #8 from Damien Miller <djm at mindrot.org> ---
Closing bugs from openssh-9.1 release cycle

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.