2 files changed, 35 insertions, 17 deletions

diff --git a/ChangeLog b/ChangeLog
index 469fa4954..c6cf7b386 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+20041220
+ - (dtucker) [ssh-rand-helper.c] Fall back to command-based seeding if reading
+   from prngd is enabled at compile time but fails at run time, eg because
+   prngd is not running.  Note that if you have prngd running when OpenSSH is
+   built, OpenSSL will consider itself internally seeded and rand-helper won't
+   be built at all unless explicitly enabled via --with-rand-helper.  ok djm@
+
 20041213
  - (dtucker) [contrib/findssh.sh] Clean up on interrupt; from
    amarendra.godbole at ge com.
@@ -1950,4 +1957,4 @@
    - (djm) Trim deprecated options from INSTALL. Mention UsePAM
    - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
 
-$Id: ChangeLog,v 1.3604 2004/12/13 07:08:32 dtucker Exp $
+$Id: ChangeLog,v 1.3605 2004/12/20 01:05:08 dtucker Exp $
diff --git a/ssh-rand-helper.c b/ssh-rand-helper.c
index 8cad53fe6..7cd081fab 100644
--- a/ssh-rand-helper.c
+++ b/ssh-rand-helper.c
@@ -39,7 +39,7 @@
 #include "pathnames.h"
 #include "log.h"
 
-RCSID("$Id: ssh-rand-helper.c,v 1.19 2004/08/23 11:52:09 djm Exp $");
+RCSID("$Id: ssh-rand-helper.c,v 1.20 2004/12/20 01:05:08 dtucker Exp $");
 
 /* Number of bytes we write out */
 #define OUTPUT_SEED_SIZE        48
@@ -209,6 +209,22 @@ done:
         return rval;
 }
 
+static int
+seed_from_prngd(unsigned char *buf, size_t bytes)
+{
+#ifdef PRNGD_PORT
+        debug("trying egd/prngd port %d", PRNGD_PORT);
+        if (get_random_bytes_prngd(buf, bytes, PRNGD_PORT, NULL) == 0)
+                return 0;
+#endif
+#ifdef PRNGD_SOCKET
+        debug("trying egd/prngd socket %s", PRNGD_SOCKET);
+        if (get_random_bytes_prngd(buf, bytes, 0, PRNGD_SOCKET) == 0)
+                return 0;
+#endif
+        return -1;
+}
+
 double
 stir_gettimeofday(double entropy_estimate)
 {
@@ -815,21 +831,16 @@ main(int argc, char **argv)
         debug("Seeded RNG with %i bytes from system calls",
             (int)stir_from_system());
 
-#ifdef PRNGD_PORT
-        if (get_random_bytes_prngd(buf, bytes, PRNGD_PORT, NULL) == -1)
-                fatal("Entropy collection failed");
-        RAND_add(buf, bytes, bytes);
-#elif defined(PRNGD_SOCKET)
-        if (get_random_bytes_prngd(buf, bytes, 0, PRNGD_SOCKET) == -1)
-                fatal("Entropy collection failed");
-        RAND_add(buf, bytes, bytes);
-#else
-        /* Read in collection commands */
-        if (prng_read_commands(SSH_PRNG_COMMAND_FILE) == -1)
-                fatal("PRNG initialisation failed -- exiting.");
-        debug("Seeded RNG with %i bytes from programs",
-            (int)stir_from_programs());
-#endif
+        /* try prngd, fall back to commands if prngd fails or not configured */
+        if (seed_from_prngd(buf, bytes) == 0) {
+                RAND_add(buf, bytes, bytes);
+        } else {
+                /* Read in collection commands */
+                if (prng_read_commands(SSH_PRNG_COMMAND_FILE) == -1)
+                        fatal("PRNG initialisation failed -- exiting.");
+                debug("Seeded RNG with %i bytes from programs",
+                    (int)stir_from_programs());
+        }
 
 #ifdef USE_SEED_FILES
         prng_write_seedfile();