- (djm) Fix pam sprintf fix

- (djm) Cleanup entropy collection code a little more. Split initialisation from seeding, perform intialisation immediatly at start, be careful with uids. Based on problem report from Jim Watt <jimw@peisj.pebio.com>
author: Damien Miller <djm@mindrot.org> 2000-07-09 22:42:32 +1000
committer: Damien Miller <djm@mindrot.org> 2000-07-09 22:42:32 +1000
commit: f9b625c36e3dea521c02919e90ac2ddcfd19b06a (patch)
tree: 6e8fa4e190383746877cc0a49b62de34e6d657bd /entropy.c
parent: b38ea865261491e7ef42eb72eb1466bfa8aeefc3 (diff)
1 files changed, 49 insertions, 40 deletions
diff --git a/entropy.c b/entropy.c
index d8eba6547..842760992 100644
--- a/entropy.c
+++ b/entropy.c
@@ -35,7 +35,7 @@
 #include <openssl/rand.h>
 #include <openssl/sha.h>
-RCSID("$Id: entropy.c,v 1.16 2000/06/26 03:55:31 djm Exp $");
+RCSID("$Id: entropy.c,v 1.17 2000/07/09 12:42:33 djm Exp $");
 #ifndef offsetof
 # define offsetof(type, member) ((size_t) &((type *)0)->member)
@@ -168,6 +168,9 @@ seed_rng(void)
        memset(buf, '\0', sizeof(buf));
 }
+/* No-op */
+void init_rng(void) {}
 #else /* defined(EGD_SOCKET) || defined(RANDOM_POOL) */
 /* 
@@ -180,9 +183,9 @@ seed_rng(void)
 /* static int entropy_timeout_default = ENTROPY_TIMEOUT_MSEC; */
 static int entropy_timeout_current = ENTROPY_TIMEOUT_MSEC;
-static int prng_seed_loaded = 0;
 static int prng_seed_saved = 0;
-static int prng_commands_loaded = 0;
+static int prng_initialised = 0;
+uid_t original_uid;
 typedef struct
 {
@@ -395,10 +398,10 @@ hash_output_from_command(entropy_source_t *src, char *hash)
                        close(p[1]);
                        close(devnull);
+                        setuid(original_uid);
                        execv(src->path, (char**)(src->args));
                        debug("(child) Couldn't exec '%s': %s", src->cmdstring,
                              strerror(errno));
-                        src->badness = src->sticky_badness = 128;
                        _exit(-1);
                default: /* Parent */
                        break;
@@ -432,38 +435,36 @@ hash_output_from_command(entropy_source_t *src, char *hash)
                ret = select(p[0]+1, &rdset, NULL, NULL, &tv);
+                RAND_add(&tv, sizeof(tv), 0.0);
                switch (ret) {
                case 0:
                        /* timer expired */
                        error_abort = 1;
                        break;
-                        
                case 1:
                        /* command input */
                        bytes_read = read(p[0], buf, sizeof(buf));
+                        RAND_add(&bytes_read, sizeof(&bytes_read), 0.0);
                        if (bytes_read == -1) {
                                error_abort = 1;
                                break;
-                        }
+                        } else if (bytes_read) {
-                        if (bytes_read) {
                                SHA1_Update(&sha, buf, bytes_read);
                                total_bytes_read += bytes_read;
-                                RAND_add(&bytes_read, sizeof(&bytes_read), 0.0);
+                        } else {
-                        } else
                                cmd_eof = 1;
+                        }
                        break;
                case -1:
                default:
+                        /* error */
                        debug("Command '%s': select() failed: %s", src->cmdstring,
                              strerror(errno));
                        error_abort = 1;
                        break;
-                } /* switch ret */
+                }
+        }
-                RAND_add(&tv, sizeof(&tv), 0.0);
-        } /* while !error_abort && !cmd_eof */
        SHA1_Final(hash, &sha);
@@ -533,7 +534,7 @@ prng_check_seedfile(char *filename) {
                fatal("PRNG seedfile %.100s is not a regular file", filename);
        /* mode 0600, owned by root or the current user? */
-        if (((st.st_mode & 0177) != 0) || !(st.st_uid == getuid()))
+        if (((st.st_mode & 0177) != 0) || !(st.st_uid == original_uid))
                fatal("PRNG seedfile %.100s must be mode 0600, owned by uid %d",
                         filename, getuid());
@@ -551,12 +552,14 @@ prng_write_seedfile(void) {
        if (prng_seed_saved)
                return;
        
+        setuid(original_uid);
+        
        prng_seed_saved = 1;
        
-        pw = getpwuid(getuid());
+        pw = getpwuid(original_uid);
        if (pw == NULL)
                fatal("Couldn't get password entry for current user (%i): %s", 
-                        getuid(), strerror(errno));
+                        original_uid, strerror(errno));
                                
        /* Try to ensure that the parent directory is there */
        snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir, 
@@ -591,10 +594,10 @@ prng_read_seedfile(void) {
        char filename[1024];
        struct passwd *pw;
        
-        pw = getpwuid(getuid());
+        pw = getpwuid(original_uid);
        if (pw == NULL)
                fatal("Couldn't get password entry for current user (%i): %s", 
-                        getuid(), strerror(errno));
+                        original_uid, strerror(errno));
                        
        snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir, 
                SSH_PRNG_SEED_FILE);
@@ -755,7 +758,7 @@ prng_read_commands(char *cmdfilename)
        /* trim to size */
        entropy_sources = xrealloc(entcmd, (cur_cmd+1) * sizeof(entropy_source_t));
-        debug("loaded %d entropy commands from %.100s", cur_cmd, cmdfilename);
+        debug("Loaded %d entropy commands from %.100s", cur_cmd, cmdfilename);
        return (cur_cmd >= MIN_ENTROPY_SOURCES);
 }
@@ -777,35 +780,41 @@ void
 seed_rng(void)
 {
        void *old_sigchld_handler;
-        
-        if (!prng_commands_loaded) {
-                if (!prng_read_commands(SSH_PRNG_COMMAND_FILE))
-                        fatal("PRNG initialisation failed -- exiting.");
-                prng_commands_loaded = 1;
-        }
+        if (!prng_initialised)
+                fatal("RNG not initialised");
+        
        /* Make sure some other sigchld handler doesn't reap our entropy */
        /* commands */
        old_sigchld_handler = signal(SIGCHLD, SIG_DFL);
-        debug("Seeding random number generator.");
+        debug("Seeded RNG with %i bytes from programs", (int)stir_from_programs());
-        debug("OpenSSL random status is now %i\n", RAND_status());
+        debug("Seeded RNG with %i bytes from system calls", (int)stir_from_system());
-        debug("%i bytes from system calls", (int)stir_from_system());
-        debug("%i bytes from programs", (int)stir_from_programs());
+        if (!RAND_status())
-        debug("OpenSSL random status is now %i\n", RAND_status());
+                fatal("Not enough entropy in RNG");
        signal(SIGCHLD, old_sigchld_handler);
        if (!RAND_status())
                fatal("Couldn't initialise builtin random number generator -- exiting.");
+}
-        if (!prng_seed_loaded)
+void init_rng(void) 
-        {
+{
-                prng_seed_loaded = 1;
+        original_uid = getuid();
-                prng_seed_saved = 0;            
-                prng_read_seedfile();
+        /* Read in collection commands */
-                fatal_add_cleanup(prng_seed_cleanup, NULL);
+        if (!prng_read_commands(SSH_PRNG_COMMAND_FILE))
-                atexit(prng_write_seedfile);
+                fatal("PRNG initialisation failed -- exiting.");
-        }
+        /* Set ourselves up to save a seed upon exit */
+        prng_seed_saved = 0;            
+        prng_read_seedfile();
+        fatal_add_cleanup(prng_seed_cleanup, NULL);
+        atexit(prng_write_seedfile);
+        prng_initialised = 1;
 }
 #endif /* defined(EGD_SOCKET) || defined(RANDOM_POOL) */
author	Damien Miller <djm@mindrot.org>	2000-07-09 22:42:32 +1000
committer	Damien Miller <djm@mindrot.org>	2000-07-09 22:42:32 +1000
commit	f9b625c36e3dea521c02919e90ac2ddcfd19b06a (patch)
tree	6e8fa4e190383746877cc0a49b62de34e6d657bd /entropy.c
parent	b38ea865261491e7ef42eb72eb1466bfa8aeefc3 (diff)

diff --git a/entropy.c b/entropy.c index d8eba6547..842760992 100644 --- a/entropy.c +++ b/entropy.c
@@ -35,7 +35,7 @@
35	#include <openssl/rand.h>	35	#include <openssl/rand.h>
36	#include <openssl/sha.h>	36	#include <openssl/sha.h>
37		37
38	RCSID("$Id: entropy.c,v 1.16 2000/06/26 03:55:31 djm Exp $");	38	RCSID("$Id: entropy.c,v 1.17 2000/07/09 12:42:33 djm Exp $");
39		39
40	#ifndef offsetof	40	#ifndef offsetof
41	# define offsetof(type, member) ((size_t) &((type *)0)->member)	41	# define offsetof(type, member) ((size_t) &((type *)0)->member)
@@ -168,6 +168,9 @@ seed_rng(void)
168	memset(buf, '\0', sizeof(buf));	168	memset(buf, '\0', sizeof(buf));
169	}	169	}
170		170
		171	/* No-op */
		172	void init_rng(void) {}
		173
171	#else /* defined(EGD_SOCKET) \|\| defined(RANDOM_POOL) */	174	#else /* defined(EGD_SOCKET) \|\| defined(RANDOM_POOL) */
172		175
173	/*	176	/*
@@ -180,9 +183,9 @@ seed_rng(void)
180	/* static int entropy_timeout_default = ENTROPY_TIMEOUT_MSEC; */	183	/* static int entropy_timeout_default = ENTROPY_TIMEOUT_MSEC; */
181	static int entropy_timeout_current = ENTROPY_TIMEOUT_MSEC;	184	static int entropy_timeout_current = ENTROPY_TIMEOUT_MSEC;
182		185
183	static int prng_seed_loaded = 0;
184	static int prng_seed_saved = 0;	186	static int prng_seed_saved = 0;
185	static int prng_commands_loaded = 0;	187	static int prng_initialised = 0;
		188	uid_t original_uid;
186		189
187	typedef struct	190	typedef struct
188	{	191	{
@@ -395,10 +398,10 @@ hash_output_from_command(entropy_source_t src, char hash)
395	close(p[1]);	398	close(p[1]);
396	close(devnull);	399	close(devnull);
397		400
		401	setuid(original_uid);
398	execv(src->path, (char**)(src->args));	402	execv(src->path, (char**)(src->args));
399	debug("(child) Couldn't exec '%s': %s", src->cmdstring,	403	debug("(child) Couldn't exec '%s': %s", src->cmdstring,
400	strerror(errno));	404	strerror(errno));
401	src->badness = src->sticky_badness = 128;
402	_exit(-1);	405	_exit(-1);
403	default: /* Parent */	406	default: /* Parent */
404	break;	407	break;
@@ -432,38 +435,36 @@ hash_output_from_command(entropy_source_t src, char hash)
432		435
433	ret = select(p[0]+1, &rdset, NULL, NULL, &tv);	436	ret = select(p[0]+1, &rdset, NULL, NULL, &tv);
434		437
		438	RAND_add(&tv, sizeof(tv), 0.0);
		439
435	switch (ret) {	440	switch (ret) {
436	case 0:	441	case 0:
437	/* timer expired */	442	/* timer expired */
438	error_abort = 1;	443	error_abort = 1;
439	break;	444	break;
440
441	case 1:	445	case 1:
442	/* command input */	446	/* command input */
443	bytes_read = read(p[0], buf, sizeof(buf));	447	bytes_read = read(p[0], buf, sizeof(buf));
		448	RAND_add(&bytes_read, sizeof(&bytes_read), 0.0);
444	if (bytes_read == -1) {	449	if (bytes_read == -1) {
445	error_abort = 1;	450	error_abort = 1;
446	break;	451	break;
447	}	452	} else if (bytes_read) {
448	if (bytes_read) {
449	SHA1_Update(&sha, buf, bytes_read);	453	SHA1_Update(&sha, buf, bytes_read);
450	total_bytes_read += bytes_read;	454	total_bytes_read += bytes_read;
451	RAND_add(&bytes_read, sizeof(&bytes_read), 0.0);	455	} else {
452	} else
453	cmd_eof = 1;	456	cmd_eof = 1;
454		457	}
455	break;	458	break;
456
457	case -1:	459	case -1:
458	default:	460	default:
		461	/* error */
459	debug("Command '%s': select() failed: %s", src->cmdstring,	462	debug("Command '%s': select() failed: %s", src->cmdstring,
460	strerror(errno));	463	strerror(errno));
461	error_abort = 1;	464	error_abort = 1;
462	break;	465	break;
463	} /* switch ret */	466	}
464		467	}
465	RAND_add(&tv, sizeof(&tv), 0.0);
466	} /* while !error_abort && !cmd_eof */
467		468
468	SHA1_Final(hash, &sha);	469	SHA1_Final(hash, &sha);
469		470
@@ -533,7 +534,7 @@ prng_check_seedfile(char *filename) {
533	fatal("PRNG seedfile %.100s is not a regular file", filename);	534	fatal("PRNG seedfile %.100s is not a regular file", filename);
534		535
535	/* mode 0600, owned by root or the current user? */	536	/* mode 0600, owned by root or the current user? */
536	if (((st.st_mode & 0177) != 0) \|\| !(st.st_uid == getuid()))	537	if (((st.st_mode & 0177) != 0) \|\| !(st.st_uid == original_uid))
537	fatal("PRNG seedfile %.100s must be mode 0600, owned by uid %d",	538	fatal("PRNG seedfile %.100s must be mode 0600, owned by uid %d",
538	filename, getuid());	539	filename, getuid());
539		540
@@ -551,12 +552,14 @@ prng_write_seedfile(void) {
551	if (prng_seed_saved)	552	if (prng_seed_saved)
552	return;	553	return;
553		554
		555	setuid(original_uid);
		556
554	prng_seed_saved = 1;	557	prng_seed_saved = 1;
555		558
556	pw = getpwuid(getuid());	559	pw = getpwuid(original_uid);
557	if (pw == NULL)	560	if (pw == NULL)
558	fatal("Couldn't get password entry for current user (%i): %s",	561	fatal("Couldn't get password entry for current user (%i): %s",
559	getuid(), strerror(errno));	562	original_uid, strerror(errno));
560		563
561	/* Try to ensure that the parent directory is there */	564	/* Try to ensure that the parent directory is there */
562	snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir,	565	snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir,
@@ -591,10 +594,10 @@ prng_read_seedfile(void) {
591	char filename[1024];	594	char filename[1024];
592	struct passwd *pw;	595	struct passwd *pw;
593		596
594	pw = getpwuid(getuid());	597	pw = getpwuid(original_uid);
595	if (pw == NULL)	598	if (pw == NULL)
596	fatal("Couldn't get password entry for current user (%i): %s",	599	fatal("Couldn't get password entry for current user (%i): %s",
597	getuid(), strerror(errno));	600	original_uid, strerror(errno));
598		601
599	snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir,	602	snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir,
600	SSH_PRNG_SEED_FILE);	603	SSH_PRNG_SEED_FILE);
@@ -755,7 +758,7 @@ prng_read_commands(char *cmdfilename)
755	/* trim to size */	758	/* trim to size */
756	entropy_sources = xrealloc(entcmd, (cur_cmd+1) * sizeof(entropy_source_t));	759	entropy_sources = xrealloc(entcmd, (cur_cmd+1) * sizeof(entropy_source_t));
757		760
758	debug("loaded %d entropy commands from %.100s", cur_cmd, cmdfilename);	761	debug("Loaded %d entropy commands from %.100s", cur_cmd, cmdfilename);
759		762
760	return (cur_cmd >= MIN_ENTROPY_SOURCES);	763	return (cur_cmd >= MIN_ENTROPY_SOURCES);
761	}	764	}
@@ -777,35 +780,41 @@ void
777	seed_rng(void)	780	seed_rng(void)
778	{	781	{
779	void *old_sigchld_handler;	782	void *old_sigchld_handler;
780
781	if (!prng_commands_loaded) {
782	if (!prng_read_commands(SSH_PRNG_COMMAND_FILE))
783	fatal("PRNG initialisation failed -- exiting.");
784	prng_commands_loaded = 1;
785	}
786		783
		784	if (!prng_initialised)
		785	fatal("RNG not initialised");
		786
787	/* Make sure some other sigchld handler doesn't reap our entropy */	787	/* Make sure some other sigchld handler doesn't reap our entropy */
788	/* commands */	788	/* commands */
789	old_sigchld_handler = signal(SIGCHLD, SIG_DFL);	789	old_sigchld_handler = signal(SIGCHLD, SIG_DFL);
790		790
791	debug("Seeding random number generator.");	791	debug("Seeded RNG with %i bytes from programs", (int)stir_from_programs());
792	debug("OpenSSL random status is now %i\n", RAND_status());	792	debug("Seeded RNG with %i bytes from system calls", (int)stir_from_system());
793	debug("%i bytes from system calls", (int)stir_from_system());	793
794	debug("%i bytes from programs", (int)stir_from_programs());	794	if (!RAND_status())
795	debug("OpenSSL random status is now %i\n", RAND_status());	795	fatal("Not enough entropy in RNG");
796		796
797	signal(SIGCHLD, old_sigchld_handler);	797	signal(SIGCHLD, old_sigchld_handler);
798		798
799	if (!RAND_status())	799	if (!RAND_status())
800	fatal("Couldn't initialise builtin random number generator -- exiting.");	800	fatal("Couldn't initialise builtin random number generator -- exiting.");
		801	}
801		802
802	if (!prng_seed_loaded)	803	void init_rng(void)
803	{	804	{
804	prng_seed_loaded = 1;	805	original_uid = getuid();
805	prng_seed_saved = 0;	806
806	prng_read_seedfile();	807	/* Read in collection commands */
807	fatal_add_cleanup(prng_seed_cleanup, NULL);	808	if (!prng_read_commands(SSH_PRNG_COMMAND_FILE))
808	atexit(prng_write_seedfile);	809	fatal("PRNG initialisation failed -- exiting.");
809	}	810
		811	/* Set ourselves up to save a seed upon exit */
		812	prng_seed_saved = 0;
		813	prng_read_seedfile();
		814	fatal_add_cleanup(prng_seed_cleanup, NULL);
		815	atexit(prng_write_seedfile);
		816
		817	prng_initialised = 1;
810	}	818	}
		819
811	#endif /* defined(EGD_SOCKET) \|\| defined(RANDOM_POOL) */	820	#endif /* defined(EGD_SOCKET) \|\| defined(RANDOM_POOL) */