diff options
| author | Damien Miller <djm@mindrot.org> | 2001-03-04 00:29:20 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2001-03-04 00:29:20 +1100 |
| commit | d0ccb989c2ccb190bf81819c4b6418d63c682538 (patch) | |
| tree | eb7d3f8dde263b16b1d1b4e21d40bd7f8c1a4c85 /entropy.c | |
| parent | f85b4d76705035e495545c84a922f032447414bd (diff) | |
- Allow PRNGd entropy collection from localhost TCP socket. Replace
"--with-egd-pool" configure option with "--with-prngd-socket" and
"--with-prngd-port" options. Debugged and improved by Lutz Jaenicke
<Lutz.Jaenicke@aet.TU-Cottbus.DE>
Diffstat (limited to 'entropy.c')
| -rw-r--r-- | entropy.c | 75 |
1 files changed, 52 insertions, 23 deletions
| @@ -40,7 +40,7 @@ | |||
| 40 | #include "pathnames.h" | 40 | #include "pathnames.h" |
| 41 | #include "log.h" | 41 | #include "log.h" |
| 42 | 42 | ||
| 43 | RCSID("$Id: entropy.c,v 1.34 2001/02/27 00:00:52 djm Exp $"); | 43 | RCSID("$Id: entropy.c,v 1.35 2001/03/03 13:29:21 djm Exp $"); |
| 44 | 44 | ||
| 45 | #ifndef offsetof | 45 | #ifndef offsetof |
| 46 | # define offsetof(type, member) ((size_t) &((type *)0)->member) | 46 | # define offsetof(type, member) ((size_t) &((type *)0)->member) |
| @@ -75,47 +75,76 @@ void check_openssl_version(void) | |||
| 75 | "have %lx", OPENSSL_VERSION_NUMBER, SSLeay()); | 75 | "have %lx", OPENSSL_VERSION_NUMBER, SSLeay()); |
| 76 | } | 76 | } |
| 77 | 77 | ||
| 78 | #if defined(PRNGD_SOCKET) || defined(PRNGD_PORT) | ||
| 79 | # define USE_PRNGD | ||
| 80 | #endif | ||
| 78 | 81 | ||
| 79 | #if defined(EGD_SOCKET) || defined(RANDOM_POOL) | 82 | #if defined(USE_PRNGD) || defined(RANDOM_POOL) |
| 80 | 83 | ||
| 81 | #ifdef EGD_SOCKET | 84 | #ifdef USE_PRNGD |
| 82 | /* Collect entropy from EGD */ | 85 | /* Collect entropy from PRNGD/EGD */ |
| 83 | int get_random_bytes(unsigned char *buf, int len) | 86 | int get_random_bytes(unsigned char *buf, int len) |
| 84 | { | 87 | { |
| 85 | int fd; | 88 | int fd; |
| 86 | char msg[2]; | 89 | char msg[2]; |
| 90 | #ifdef PRNGD_PORT | ||
| 91 | struct sockaddr_in addr; | ||
| 92 | #else | ||
| 87 | struct sockaddr_un addr; | 93 | struct sockaddr_un addr; |
| 94 | #endif | ||
| 88 | int addr_len, rval, errors; | 95 | int addr_len, rval, errors; |
| 89 | mysig_t old_sigpipe; | 96 | mysig_t old_sigpipe; |
| 90 | 97 | ||
| 98 | memset(&addr, '\0', sizeof(addr)); | ||
| 99 | |||
| 100 | #ifdef PRNGD_PORT | ||
| 101 | addr.sin_family = AF_INET; | ||
| 102 | addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK); | ||
| 103 | addr.sin_port = htons(PRNGD_PORT); | ||
| 104 | addr_len = sizeof(struct sockaddr_in); | ||
| 105 | #else /* use IP socket PRNGD_SOCKET instead */ | ||
| 91 | /* Sanity checks */ | 106 | /* Sanity checks */ |
| 92 | if (sizeof(EGD_SOCKET) > sizeof(addr.sun_path)) | 107 | if (sizeof(PRNGD_SOCKET) > sizeof(addr.sun_path)) |
| 93 | fatal("Random pool path is too long"); | 108 | fatal("Random pool path is too long"); |
| 94 | if (len > 255) | 109 | if (len > 255) |
| 95 | fatal("Too many bytes to read from EGD"); | 110 | fatal("Too many bytes to read from PRNGD"); |
| 96 | 111 | ||
| 97 | memset(&addr, '\0', sizeof(addr)); | ||
| 98 | addr.sun_family = AF_UNIX; | 112 | addr.sun_family = AF_UNIX; |
| 99 | strlcpy(addr.sun_path, EGD_SOCKET, sizeof(addr.sun_path)); | 113 | strlcpy(addr.sun_path, PRNGD_SOCKET, sizeof(addr.sun_path)); |
| 100 | addr_len = offsetof(struct sockaddr_un, sun_path) + sizeof(EGD_SOCKET); | 114 | addr_len = offsetof(struct sockaddr_un, sun_path) + |
| 115 | sizeof(PRNGD_SOCKET); | ||
| 116 | #endif | ||
| 101 | 117 | ||
| 102 | old_sigpipe = mysignal(SIGPIPE, SIG_IGN); | 118 | old_sigpipe = mysignal(SIGPIPE, SIG_IGN); |
| 103 | 119 | ||
| 104 | errors = rval = 0; | 120 | errors = rval = 0; |
| 105 | reopen: | 121 | reopen: |
| 106 | fd = socket(AF_UNIX, SOCK_STREAM, 0); | 122 | #ifdef PRNGD_PORT |
| 123 | fd = socket(addr.sin_family, SOCK_STREAM, 0); | ||
| 124 | if (fd == -1) { | ||
| 125 | error("Couldn't create AF_INET socket: %s", strerror(errno)); | ||
| 126 | goto done; | ||
| 127 | } | ||
| 128 | #else | ||
| 129 | fd = socket(addr.sun_family, SOCK_STREAM, 0); | ||
| 107 | if (fd == -1) { | 130 | if (fd == -1) { |
| 108 | error("Couldn't create AF_UNIX socket: %s", strerror(errno)); | 131 | error("Couldn't create AF_UNIX socket: %s", strerror(errno)); |
| 109 | goto done; | 132 | goto done; |
| 110 | } | 133 | } |
| 134 | #endif | ||
| 111 | 135 | ||
| 112 | if (connect(fd, (struct sockaddr*)&addr, addr_len) == -1) { | 136 | if (connect(fd, (struct sockaddr*)&addr, addr_len) == -1) { |
| 113 | error("Couldn't connect to EGD socket \"%s\": %s", | 137 | #ifdef PRNGD_PORT |
| 114 | addr.sun_path, strerror(errno)); | 138 | error("Couldn't connect to PRNGD port %d: %s", |
| 139 | PRNGD_PORT, strerror(errno)); | ||
| 140 | #else | ||
| 141 | error("Couldn't connect to PRNGD socket \"%s\": %s", | ||
| 142 | addr.sun_path, strerror(errno)); | ||
| 143 | #endif | ||
| 115 | goto done; | 144 | goto done; |
| 116 | } | 145 | } |
| 117 | 146 | ||
| 118 | /* Send blocking read request to EGD */ | 147 | /* Send blocking read request to PRNGD */ |
| 119 | msg[0] = 0x02; | 148 | msg[0] = 0x02; |
| 120 | msg[1] = len; | 149 | msg[1] = len; |
| 121 | 150 | ||
| @@ -125,8 +154,8 @@ reopen: | |||
| 125 | errors++; | 154 | errors++; |
| 126 | goto reopen; | 155 | goto reopen; |
| 127 | } | 156 | } |
| 128 | error("Couldn't write to EGD socket \"%s\": %s", | 157 | error("Couldn't write to PRNGD socket: %s", |
| 129 | EGD_SOCKET, strerror(errno)); | 158 | strerror(errno)); |
| 130 | goto done; | 159 | goto done; |
| 131 | } | 160 | } |
| 132 | 161 | ||
| @@ -136,8 +165,8 @@ reopen: | |||
| 136 | errors++; | 165 | errors++; |
| 137 | goto reopen; | 166 | goto reopen; |
| 138 | } | 167 | } |
| 139 | error("Couldn't read from EGD socket \"%s\": %s", | 168 | error("Couldn't read from PRNGD socket: %s", |
| 140 | EGD_SOCKET, strerror(errno)); | 169 | strerror(errno)); |
| 141 | goto done; | 170 | goto done; |
| 142 | } | 171 | } |
| 143 | 172 | ||
| @@ -148,7 +177,7 @@ done: | |||
| 148 | close(fd); | 177 | close(fd); |
| 149 | return(rval); | 178 | return(rval); |
| 150 | } | 179 | } |
| 151 | #else /* !EGD_SOCKET */ | 180 | #else /* !USE_PRNGD */ |
| 152 | #ifdef RANDOM_POOL | 181 | #ifdef RANDOM_POOL |
| 153 | /* Collect entropy from /dev/urandom or pipe */ | 182 | /* Collect entropy from /dev/urandom or pipe */ |
| 154 | int get_random_bytes(unsigned char *buf, int len) | 183 | int get_random_bytes(unsigned char *buf, int len) |
| @@ -174,16 +203,16 @@ int get_random_bytes(unsigned char *buf, int len) | |||
| 174 | return(1); | 203 | return(1); |
| 175 | } | 204 | } |
| 176 | #endif /* RANDOM_POOL */ | 205 | #endif /* RANDOM_POOL */ |
| 177 | #endif /* EGD_SOCKET */ | 206 | #endif /* USE_PRNGD */ |
| 178 | 207 | ||
| 179 | /* | 208 | /* |
| 180 | * Seed OpenSSL's random number pool from Kernel random number generator | 209 | * Seed OpenSSL's random number pool from Kernel random number generator |
| 181 | * or EGD | 210 | * or PRNGD/EGD |
| 182 | */ | 211 | */ |
| 183 | void | 212 | void |
| 184 | seed_rng(void) | 213 | seed_rng(void) |
| 185 | { | 214 | { |
| 186 | char buf[32]; | 215 | unsigned char buf[32]; |
| 187 | 216 | ||
| 188 | debug("Seeding random number generator"); | 217 | debug("Seeding random number generator"); |
| 189 | 218 | ||
| @@ -202,7 +231,7 @@ void init_rng(void) | |||
| 202 | check_openssl_version(); | 231 | check_openssl_version(); |
| 203 | } | 232 | } |
| 204 | 233 | ||
| 205 | #else /* defined(EGD_SOCKET) || defined(RANDOM_POOL) */ | 234 | #else /* defined(USE_PRNGD) || defined(RANDOM_POOL) */ |
| 206 | 235 | ||
| 207 | /* | 236 | /* |
| 208 | * FIXME: proper entropy estimations. All current values are guesses | 237 | * FIXME: proper entropy estimations. All current values are guesses |
| @@ -877,4 +906,4 @@ void init_rng(void) | |||
| 877 | prng_initialised = 1; | 906 | prng_initialised = 1; |
| 878 | } | 907 | } |
| 879 | 908 | ||
| 880 | #endif /* defined(EGD_SOCKET) || defined(RANDOM_POOL) */ | 909 | #endif /* defined(USE_PRNGD) || defined(RANDOM_POOL) */ |