diff options
author | Darren Tucker <dtucker@zip.com.au> | 2004-12-20 12:05:08 +1100 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2004-12-20 12:05:08 +1100 |
commit | 8686ed75081958714f5d7768b5b0b8bcdd86b0ff (patch) | |
tree | 7bd963a610a10662e80c654e50aa6b8337d12a78 /ssh-rand-helper.c | |
parent | 442a383418dc3eb1809e66c966933071034d5325 (diff) |
- (dtucker) [ssh-rand-helper.c] Fall back to command-based seeding if reading
from prngd is enabled at compile time but fails at run time, eg because
prngd is not running. Note that if you have prngd running when OpenSSH is
built, OpenSSL will consider itself internally seeded and rand-helper won't
be built at all unless explicitly enabled via --with-rand-helper. ok djm@
Diffstat (limited to 'ssh-rand-helper.c')
-rw-r--r-- | ssh-rand-helper.c | 43 |
1 files changed, 27 insertions, 16 deletions
diff --git a/ssh-rand-helper.c b/ssh-rand-helper.c index 8cad53fe6..7cd081fab 100644 --- a/ssh-rand-helper.c +++ b/ssh-rand-helper.c | |||
@@ -39,7 +39,7 @@ | |||
39 | #include "pathnames.h" | 39 | #include "pathnames.h" |
40 | #include "log.h" | 40 | #include "log.h" |
41 | 41 | ||
42 | RCSID("$Id: ssh-rand-helper.c,v 1.19 2004/08/23 11:52:09 djm Exp $"); | 42 | RCSID("$Id: ssh-rand-helper.c,v 1.20 2004/12/20 01:05:08 dtucker Exp $"); |
43 | 43 | ||
44 | /* Number of bytes we write out */ | 44 | /* Number of bytes we write out */ |
45 | #define OUTPUT_SEED_SIZE 48 | 45 | #define OUTPUT_SEED_SIZE 48 |
@@ -209,6 +209,22 @@ done: | |||
209 | return rval; | 209 | return rval; |
210 | } | 210 | } |
211 | 211 | ||
212 | static int | ||
213 | seed_from_prngd(unsigned char *buf, size_t bytes) | ||
214 | { | ||
215 | #ifdef PRNGD_PORT | ||
216 | debug("trying egd/prngd port %d", PRNGD_PORT); | ||
217 | if (get_random_bytes_prngd(buf, bytes, PRNGD_PORT, NULL) == 0) | ||
218 | return 0; | ||
219 | #endif | ||
220 | #ifdef PRNGD_SOCKET | ||
221 | debug("trying egd/prngd socket %s", PRNGD_SOCKET); | ||
222 | if (get_random_bytes_prngd(buf, bytes, 0, PRNGD_SOCKET) == 0) | ||
223 | return 0; | ||
224 | #endif | ||
225 | return -1; | ||
226 | } | ||
227 | |||
212 | double | 228 | double |
213 | stir_gettimeofday(double entropy_estimate) | 229 | stir_gettimeofday(double entropy_estimate) |
214 | { | 230 | { |
@@ -815,21 +831,16 @@ main(int argc, char **argv) | |||
815 | debug("Seeded RNG with %i bytes from system calls", | 831 | debug("Seeded RNG with %i bytes from system calls", |
816 | (int)stir_from_system()); | 832 | (int)stir_from_system()); |
817 | 833 | ||
818 | #ifdef PRNGD_PORT | 834 | /* try prngd, fall back to commands if prngd fails or not configured */ |
819 | if (get_random_bytes_prngd(buf, bytes, PRNGD_PORT, NULL) == -1) | 835 | if (seed_from_prngd(buf, bytes) == 0) { |
820 | fatal("Entropy collection failed"); | 836 | RAND_add(buf, bytes, bytes); |
821 | RAND_add(buf, bytes, bytes); | 837 | } else { |
822 | #elif defined(PRNGD_SOCKET) | 838 | /* Read in collection commands */ |
823 | if (get_random_bytes_prngd(buf, bytes, 0, PRNGD_SOCKET) == -1) | 839 | if (prng_read_commands(SSH_PRNG_COMMAND_FILE) == -1) |
824 | fatal("Entropy collection failed"); | 840 | fatal("PRNG initialisation failed -- exiting."); |
825 | RAND_add(buf, bytes, bytes); | 841 | debug("Seeded RNG with %i bytes from programs", |
826 | #else | 842 | (int)stir_from_programs()); |
827 | /* Read in collection commands */ | 843 | } |
828 | if (prng_read_commands(SSH_PRNG_COMMAND_FILE) == -1) | ||
829 | fatal("PRNG initialisation failed -- exiting."); | ||
830 | debug("Seeded RNG with %i bytes from programs", | ||
831 | (int)stir_from_programs()); | ||
832 | #endif | ||
833 | 844 | ||
834 | #ifdef USE_SEED_FILES | 845 | #ifdef USE_SEED_FILES |
835 | prng_write_seedfile(); | 846 | prng_write_seedfile(); |