- (dtucker) [ssh-rand-helper.c] Fall back to command-based seeding if reading

   from prngd is enabled at compile time but fails at run time, eg because
   prngd is not running.  Note that if you have prngd running when OpenSSH is
   built, OpenSSL will consider itself internally seeded and rand-helper won't
   be built at all unless explicitly enabled via --with-rand-helper.  ok djm@

2 files changed, 35 insertions, 17 deletions

diff --git a/ChangeLog b/ChangeLog
index 469fa4954..c6cf7b386 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+20041220
+ - (dtucker) [ssh-rand-helper.c] Fall back to command-based seeding if reading
+   from prngd is enabled at compile time but fails at run time, eg because
+   prngd is not running.  Note that if you have prngd running when OpenSSH is
+   built, OpenSSL will consider itself internally seeded and rand-helper won't
+   be built at all unless explicitly enabled via --with-rand-helper.  ok djm@
+
 20041213
  - (dtucker) [contrib/findssh.sh] Clean up on interrupt; from
    amarendra.godbole at ge com.
@@ -1950,4 +1957,4 @@
    - (djm) Trim deprecated options from INSTALL. Mention UsePAM
    - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
 
-$Id: ChangeLog,v 1.3604 2004/12/13 07:08:32 dtucker Exp $
+$Id: ChangeLog,v 1.3605 2004/12/20 01:05:08 dtucker Exp $
diff --git a/ssh-rand-helper.c b/ssh-rand-helper.c
index 8cad53fe6..7cd081fab 100644
--- a/ssh-rand-helper.c
+++ b/ssh-rand-helper.c
@@ -39,7 +39,7 @@
 #include "pathnames.h"
 #include "log.h"
 
-RCSID("$Id: ssh-rand-helper.c,v 1.19 2004/08/23 11:52:09 djm Exp $");
+RCSID("$Id: ssh-rand-helper.c,v 1.20 2004/12/20 01:05:08 dtucker Exp $");
 
 /* Number of bytes we write out */
 #define OUTPUT_SEED_SIZE        48
@@ -209,6 +209,22 @@ done:
         return rval;
 }
 
+static int
+seed_from_prngd(unsigned char *buf, size_t bytes)
+{
+#ifdef PRNGD_PORT
+        debug("trying egd/prngd port %d", PRNGD_PORT);
+        if (get_random_bytes_prngd(buf, bytes, PRNGD_PORT, NULL) == 0)
+                return 0;
+#endif
+#ifdef PRNGD_SOCKET
+        debug("trying egd/prngd socket %s", PRNGD_SOCKET);
+        if (get_random_bytes_prngd(buf, bytes, 0, PRNGD_SOCKET) == 0)
+                return 0;
+#endif
+        return -1;
+}
+
 double
 stir_gettimeofday(double entropy_estimate)
 {
@@ -815,21 +831,16 @@ main(int argc, char **argv)
         debug("Seeded RNG with %i bytes from system calls",
             (int)stir_from_system());
 
-#ifdef PRNGD_PORT
-        if (get_random_bytes_prngd(buf, bytes, PRNGD_PORT, NULL) == -1)
-                fatal("Entropy collection failed");
-        RAND_add(buf, bytes, bytes);
-#elif defined(PRNGD_SOCKET)
-        if (get_random_bytes_prngd(buf, bytes, 0, PRNGD_SOCKET) == -1)
-                fatal("Entropy collection failed");
-        RAND_add(buf, bytes, bytes);
-#else
-        /* Read in collection commands */
-        if (prng_read_commands(SSH_PRNG_COMMAND_FILE) == -1)
-                fatal("PRNG initialisation failed -- exiting.");
-        debug("Seeded RNG with %i bytes from programs",
-            (int)stir_from_programs());
-#endif
+        /* try prngd, fall back to commands if prngd fails or not configured */
+        if (seed_from_prngd(buf, bytes) == 0) {
+                RAND_add(buf, bytes, bytes);
+        } else {
+                /* Read in collection commands */
+                if (prng_read_commands(SSH_PRNG_COMMAND_FILE) == -1)
+                        fatal("PRNG initialisation failed -- exiting.");
+                debug("Seeded RNG with %i bytes from programs",
+                    (int)stir_from_programs());
+        }
 
 #ifdef USE_SEED_FILES
         prng_write_seedfile();