9 files changed, 66 insertions, 42 deletions
diff --git a/ChangeLog b/ChangeLog
index 20831f2e3..88ae8b4ad 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -7,6 +7,10 @@
   builds. Problem report from Gregory Leblanc <GLeblanc@cu-portland.edu>
 - (djm) Replace ut_name with ut_user. Patch from Jim Watt
   <jimw@peisj.pebio.com>
+ - (djm) Fix pam sprintf fix
+ - (djm) Cleanup entropy collection code a little more. Split initialisation
+   from seeding, perform intialisation immediatly at start, be careful with
+   uids. Based on problem report from Jim Watt <jimw@peisj.pebio.com>
 20000708
 - (djm) Fix bad fprintf format handling in auth-pam.c. Patch from 
diff --git a/auth-pam.c b/auth-pam.c
index a3067d619..852dbdc21 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -34,7 +34,7 @@
 #include "xmalloc.h"
 #include "servconf.h"
-RCSID("$Id: auth-pam.c,v 1.10 2000/07/09 11:21:52 djm Exp $");
+RCSID("$Id: auth-pam.c,v 1.11 2000/07/09 12:42:33 djm Exp $");
 #define NEW_AUTHTOK_MSG \
        "Warning: You password has expired, please change it now"
@@ -279,7 +279,7 @@ char **fetch_pam_environment(void)
 void print_pam_messages(void)
 {
        if (pam_msg != NULL)
-                fputs(stderr, pam_msg);
+                fputs(pam_msg, stderr);
 }
 /* Append a message to the PAM message buffer */
diff --git a/entropy.c b/entropy.c
index d8eba6547..842760992 100644
--- a/entropy.c
+++ b/entropy.c
@@ -35,7 +35,7 @@
 #include <openssl/rand.h>
 #include <openssl/sha.h>
-RCSID("$Id: entropy.c,v 1.16 2000/06/26 03:55:31 djm Exp $");
+RCSID("$Id: entropy.c,v 1.17 2000/07/09 12:42:33 djm Exp $");
 #ifndef offsetof
 # define offsetof(type, member) ((size_t) &((type *)0)->member)
@@ -168,6 +168,9 @@ seed_rng(void)
        memset(buf, '\0', sizeof(buf));
 }
+/* No-op */
+void init_rng(void) {}
 #else /* defined(EGD_SOCKET) || defined(RANDOM_POOL) */
 /* 
@@ -180,9 +183,9 @@ seed_rng(void)
 /* static int entropy_timeout_default = ENTROPY_TIMEOUT_MSEC; */
 static int entropy_timeout_current = ENTROPY_TIMEOUT_MSEC;
-static int prng_seed_loaded = 0;
 static int prng_seed_saved = 0;
-static int prng_commands_loaded = 0;
+static int prng_initialised = 0;
+uid_t original_uid;
 typedef struct
 {
@@ -395,10 +398,10 @@ hash_output_from_command(entropy_source_t *src, char *hash)
                        close(p[1]);
                        close(devnull);
+                        setuid(original_uid);
                        execv(src->path, (char**)(src->args));
                        debug("(child) Couldn't exec '%s': %s", src->cmdstring,
                              strerror(errno));
-                        src->badness = src->sticky_badness = 128;
                        _exit(-1);
                default: /* Parent */
                        break;
@@ -432,38 +435,36 @@ hash_output_from_command(entropy_source_t *src, char *hash)
                ret = select(p[0]+1, &rdset, NULL, NULL, &tv);
+                RAND_add(&tv, sizeof(tv), 0.0);
                switch (ret) {
                case 0:
                        /* timer expired */
                        error_abort = 1;
                        break;
-                        
                case 1:
                        /* command input */
                        bytes_read = read(p[0], buf, sizeof(buf));
+                        RAND_add(&bytes_read, sizeof(&bytes_read), 0.0);
                        if (bytes_read == -1) {
                                error_abort = 1;
                                break;
-                        }
+                        } else if (bytes_read) {
-                        if (bytes_read) {
                                SHA1_Update(&sha, buf, bytes_read);
                                total_bytes_read += bytes_read;
-                                RAND_add(&bytes_read, sizeof(&bytes_read), 0.0);
+                        } else {
-                        } else
                                cmd_eof = 1;
+                        }
                        break;
                case -1:
                default:
+                        /* error */
                        debug("Command '%s': select() failed: %s", src->cmdstring,
                              strerror(errno));
                        error_abort = 1;
                        break;
-                } /* switch ret */
+                }
+        }
-                RAND_add(&tv, sizeof(&tv), 0.0);
-        } /* while !error_abort && !cmd_eof */
        SHA1_Final(hash, &sha);
@@ -533,7 +534,7 @@ prng_check_seedfile(char *filename) {
                fatal("PRNG seedfile %.100s is not a regular file", filename);
        /* mode 0600, owned by root or the current user? */
-        if (((st.st_mode & 0177) != 0) || !(st.st_uid == getuid()))
+        if (((st.st_mode & 0177) != 0) || !(st.st_uid == original_uid))
                fatal("PRNG seedfile %.100s must be mode 0600, owned by uid %d",
                         filename, getuid());
@@ -551,12 +552,14 @@ prng_write_seedfile(void) {
        if (prng_seed_saved)
                return;
        
+        setuid(original_uid);
+        
        prng_seed_saved = 1;
        
-        pw = getpwuid(getuid());
+        pw = getpwuid(original_uid);
        if (pw == NULL)
                fatal("Couldn't get password entry for current user (%i): %s", 
-                        getuid(), strerror(errno));
+                        original_uid, strerror(errno));
                                
        /* Try to ensure that the parent directory is there */
        snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir, 
@@ -591,10 +594,10 @@ prng_read_seedfile(void) {
        char filename[1024];
        struct passwd *pw;
        
-        pw = getpwuid(getuid());
+        pw = getpwuid(original_uid);
        if (pw == NULL)
                fatal("Couldn't get password entry for current user (%i): %s", 
-                        getuid(), strerror(errno));
+                        original_uid, strerror(errno));
                        
        snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir, 
                SSH_PRNG_SEED_FILE);
@@ -755,7 +758,7 @@ prng_read_commands(char *cmdfilename)
        /* trim to size */
        entropy_sources = xrealloc(entcmd, (cur_cmd+1) * sizeof(entropy_source_t));
-        debug("loaded %d entropy commands from %.100s", cur_cmd, cmdfilename);
+        debug("Loaded %d entropy commands from %.100s", cur_cmd, cmdfilename);
        return (cur_cmd >= MIN_ENTROPY_SOURCES);
 }
@@ -777,35 +780,41 @@ void
 seed_rng(void)
 {
        void *old_sigchld_handler;
-        
-        if (!prng_commands_loaded) {
-                if (!prng_read_commands(SSH_PRNG_COMMAND_FILE))
-                        fatal("PRNG initialisation failed -- exiting.");
-                prng_commands_loaded = 1;
-        }
+        if (!prng_initialised)
+                fatal("RNG not initialised");
+        
        /* Make sure some other sigchld handler doesn't reap our entropy */
        /* commands */
        old_sigchld_handler = signal(SIGCHLD, SIG_DFL);
-        debug("Seeding random number generator.");
+        debug("Seeded RNG with %i bytes from programs", (int)stir_from_programs());
-        debug("OpenSSL random status is now %i\n", RAND_status());
+        debug("Seeded RNG with %i bytes from system calls", (int)stir_from_system());
-        debug("%i bytes from system calls", (int)stir_from_system());
-        debug("%i bytes from programs", (int)stir_from_programs());
+        if (!RAND_status())
-        debug("OpenSSL random status is now %i\n", RAND_status());
+                fatal("Not enough entropy in RNG");
        signal(SIGCHLD, old_sigchld_handler);
        if (!RAND_status())
                fatal("Couldn't initialise builtin random number generator -- exiting.");
+}
-        if (!prng_seed_loaded)
+void init_rng(void) 
-        {
+{
-                prng_seed_loaded = 1;
+        original_uid = getuid();
-                prng_seed_saved = 0;            
-                prng_read_seedfile();
+        /* Read in collection commands */
-                fatal_add_cleanup(prng_seed_cleanup, NULL);
+        if (!prng_read_commands(SSH_PRNG_COMMAND_FILE))
-                atexit(prng_write_seedfile);
+                fatal("PRNG initialisation failed -- exiting.");
-        }
+        /* Set ourselves up to save a seed upon exit */
+        prng_seed_saved = 0;            
+        prng_read_seedfile();
+        fatal_add_cleanup(prng_seed_cleanup, NULL);
+        atexit(prng_write_seedfile);
+        prng_initialised = 1;
 }
 #endif /* defined(EGD_SOCKET) || defined(RANDOM_POOL) */
diff --git a/entropy.h b/entropy.h
index ec425a0cb..a6f7bfc60 100644
--- a/entropy.h
+++ b/entropy.h
@@ -31,5 +31,6 @@
 #define _RANDOMS_H
 void seed_rng(void);
+void init_rng(void);
 #endif /* _RANDOMS_H */
diff --git a/ssh-add.c b/ssh-add.c
index 661e1ffa9..a5d785ce7 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -210,6 +210,8 @@ main(int argc, char **argv)
        int i;
        int deleting = 0;
+        init_rng();
        /* check if RSA support exists */
        if (rsa_alive() == 0) {
                fprintf(stderr,
diff --git a/ssh-agent.c b/ssh-agent.c
index 7bfa29042..148bcff6e 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -509,6 +509,8 @@ main(int ac, char **av)
        char *shell, *format, *pidstr, pidstrbuf[1 + 3 * sizeof pid];
        extern int optind;
+        init_rng();
        /* check if RSA support exists */
        if (rsa_alive() == 0) {
                fprintf(stderr,
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 4b89c15e1..dbd0443fc 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -520,6 +520,8 @@ main(int ac, char **av)
        extern int optind;
        extern char *optarg;
+        init_rng();
        SSLeay_add_all_algorithms();
        /* we need this for the home * directory.  */
diff --git a/ssh.c b/ssh.c
index f9742dc8d..be2ba4469 100644
--- a/ssh.c
+++ b/ssh.c
@@ -206,6 +206,8 @@ main(int ac, char **av)
        int dummy;
        uid_t original_effective_uid;
+        init_rng();
        /*
         * Save the original real uid.  It will be needed later (uid-swapping
         * may clobber the real uid).
diff --git a/sshd.c b/sshd.c
index a4749fbe4..93d68404f 100644
--- a/sshd.c
+++ b/sshd.c
@@ -422,6 +422,8 @@ main(int ac, char **av)
        char ntop[NI_MAXHOST], strport[NI_MAXSERV];
        int listen_sock, maxfd;
+        init_rng();
        /* Save argv[0]. */
        saved_argc = ac;
        saved_argv = av;

diff --git a/ChangeLog b/ChangeLog index 20831f2e3..88ae8b4ad 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -7,6 +7,10 @@
7	builds. Problem report from Gregory Leblanc <GLeblanc@cu-portland.edu>	7	builds. Problem report from Gregory Leblanc <GLeblanc@cu-portland.edu>
8	- (djm) Replace ut_name with ut_user. Patch from Jim Watt	8	- (djm) Replace ut_name with ut_user. Patch from Jim Watt
9	<jimw@peisj.pebio.com>	9	<jimw@peisj.pebio.com>
		10	- (djm) Fix pam sprintf fix
		11	- (djm) Cleanup entropy collection code a little more. Split initialisation
		12	from seeding, perform intialisation immediatly at start, be careful with
		13	uids. Based on problem report from Jim Watt <jimw@peisj.pebio.com>
10		14
11	20000708	15	20000708
12	- (djm) Fix bad fprintf format handling in auth-pam.c. Patch from	16	- (djm) Fix bad fprintf format handling in auth-pam.c. Patch from


diff --git a/auth-pam.c b/auth-pam.c index a3067d619..852dbdc21 100644 --- a/auth-pam.c +++ b/auth-pam.c
@@ -34,7 +34,7 @@
34	#include "xmalloc.h"	34	#include "xmalloc.h"
35	#include "servconf.h"	35	#include "servconf.h"
36		36
37	RCSID("$Id: auth-pam.c,v 1.10 2000/07/09 11:21:52 djm Exp $");	37	RCSID("$Id: auth-pam.c,v 1.11 2000/07/09 12:42:33 djm Exp $");
38		38
39	#define NEW_AUTHTOK_MSG \	39	#define NEW_AUTHTOK_MSG \
40	"Warning: You password has expired, please change it now"	40	"Warning: You password has expired, please change it now"
@@ -279,7 +279,7 @@ char **fetch_pam_environment(void)
279	void print_pam_messages(void)	279	void print_pam_messages(void)
280	{	280	{
281	if (pam_msg != NULL)	281	if (pam_msg != NULL)
282	fputs(stderr, pam_msg);	282	fputs(pam_msg, stderr);
283	}	283	}
284		284
285	/* Append a message to the PAM message buffer */	285	/* Append a message to the PAM message buffer */


diff --git a/entropy.c b/entropy.c index d8eba6547..842760992 100644 --- a/entropy.c +++ b/entropy.c
@@ -35,7 +35,7 @@
35	#include <openssl/rand.h>	35	#include <openssl/rand.h>
36	#include <openssl/sha.h>	36	#include <openssl/sha.h>
37		37
38	RCSID("$Id: entropy.c,v 1.16 2000/06/26 03:55:31 djm Exp $");	38	RCSID("$Id: entropy.c,v 1.17 2000/07/09 12:42:33 djm Exp $");
39		39
40	#ifndef offsetof	40	#ifndef offsetof
41	# define offsetof(type, member) ((size_t) &((type *)0)->member)	41	# define offsetof(type, member) ((size_t) &((type *)0)->member)
@@ -168,6 +168,9 @@ seed_rng(void)
168	memset(buf, '\0', sizeof(buf));	168	memset(buf, '\0', sizeof(buf));
169	}	169	}
170		170
		171	/* No-op */
		172	void init_rng(void) {}
		173
171	#else /* defined(EGD_SOCKET) \|\| defined(RANDOM_POOL) */	174	#else /* defined(EGD_SOCKET) \|\| defined(RANDOM_POOL) */
172		175
173	/*	176	/*
@@ -180,9 +183,9 @@ seed_rng(void)
180	/* static int entropy_timeout_default = ENTROPY_TIMEOUT_MSEC; */	183	/* static int entropy_timeout_default = ENTROPY_TIMEOUT_MSEC; */
181	static int entropy_timeout_current = ENTROPY_TIMEOUT_MSEC;	184	static int entropy_timeout_current = ENTROPY_TIMEOUT_MSEC;
182		185
183	static int prng_seed_loaded = 0;
184	static int prng_seed_saved = 0;	186	static int prng_seed_saved = 0;
185	static int prng_commands_loaded = 0;	187	static int prng_initialised = 0;
		188	uid_t original_uid;
186		189
187	typedef struct	190	typedef struct
188	{	191	{
@@ -395,10 +398,10 @@ hash_output_from_command(entropy_source_t src, char hash)
395	close(p[1]);	398	close(p[1]);
396	close(devnull);	399	close(devnull);
397		400
		401	setuid(original_uid);
398	execv(src->path, (char**)(src->args));	402	execv(src->path, (char**)(src->args));
399	debug("(child) Couldn't exec '%s': %s", src->cmdstring,	403	debug("(child) Couldn't exec '%s': %s", src->cmdstring,
400	strerror(errno));	404	strerror(errno));
401	src->badness = src->sticky_badness = 128;
402	_exit(-1);	405	_exit(-1);
403	default: /* Parent */	406	default: /* Parent */
404	break;	407	break;
@@ -432,38 +435,36 @@ hash_output_from_command(entropy_source_t src, char hash)
432		435
433	ret = select(p[0]+1, &rdset, NULL, NULL, &tv);	436	ret = select(p[0]+1, &rdset, NULL, NULL, &tv);
434		437
		438	RAND_add(&tv, sizeof(tv), 0.0);
		439
435	switch (ret) {	440	switch (ret) {
436	case 0:	441	case 0:
437	/* timer expired */	442	/* timer expired */
438	error_abort = 1;	443	error_abort = 1;
439	break;	444	break;
440
441	case 1:	445	case 1:
442	/* command input */	446	/* command input */
443	bytes_read = read(p[0], buf, sizeof(buf));	447	bytes_read = read(p[0], buf, sizeof(buf));
		448	RAND_add(&bytes_read, sizeof(&bytes_read), 0.0);
444	if (bytes_read == -1) {	449	if (bytes_read == -1) {
445	error_abort = 1;	450	error_abort = 1;
446	break;	451	break;
447	}	452	} else if (bytes_read) {
448	if (bytes_read) {
449	SHA1_Update(&sha, buf, bytes_read);	453	SHA1_Update(&sha, buf, bytes_read);
450	total_bytes_read += bytes_read;	454	total_bytes_read += bytes_read;
451	RAND_add(&bytes_read, sizeof(&bytes_read), 0.0);	455	} else {
452	} else
453	cmd_eof = 1;	456	cmd_eof = 1;
454		457	}
455	break;	458	break;
456
457	case -1:	459	case -1:
458	default:	460	default:
		461	/* error */
459	debug("Command '%s': select() failed: %s", src->cmdstring,	462	debug("Command '%s': select() failed: %s", src->cmdstring,
460	strerror(errno));	463	strerror(errno));
461	error_abort = 1;	464	error_abort = 1;
462	break;	465	break;
463	} /* switch ret */	466	}
464		467	}
465	RAND_add(&tv, sizeof(&tv), 0.0);
466	} /* while !error_abort && !cmd_eof */
467		468
468	SHA1_Final(hash, &sha);	469	SHA1_Final(hash, &sha);
469		470
@@ -533,7 +534,7 @@ prng_check_seedfile(char *filename) {
533	fatal("PRNG seedfile %.100s is not a regular file", filename);	534	fatal("PRNG seedfile %.100s is not a regular file", filename);
534		535
535	/* mode 0600, owned by root or the current user? */	536	/* mode 0600, owned by root or the current user? */
536	if (((st.st_mode & 0177) != 0) \|\| !(st.st_uid == getuid()))	537	if (((st.st_mode & 0177) != 0) \|\| !(st.st_uid == original_uid))
537	fatal("PRNG seedfile %.100s must be mode 0600, owned by uid %d",	538	fatal("PRNG seedfile %.100s must be mode 0600, owned by uid %d",
538	filename, getuid());	539	filename, getuid());
539		540
@@ -551,12 +552,14 @@ prng_write_seedfile(void) {
551	if (prng_seed_saved)	552	if (prng_seed_saved)
552	return;	553	return;
553		554
		555	setuid(original_uid);
		556
554	prng_seed_saved = 1;	557	prng_seed_saved = 1;
555		558
556	pw = getpwuid(getuid());	559	pw = getpwuid(original_uid);
557	if (pw == NULL)	560	if (pw == NULL)
558	fatal("Couldn't get password entry for current user (%i): %s",	561	fatal("Couldn't get password entry for current user (%i): %s",
559	getuid(), strerror(errno));	562	original_uid, strerror(errno));
560		563
561	/* Try to ensure that the parent directory is there */	564	/* Try to ensure that the parent directory is there */
562	snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir,	565	snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir,
@@ -591,10 +594,10 @@ prng_read_seedfile(void) {
591	char filename[1024];	594	char filename[1024];
592	struct passwd *pw;	595	struct passwd *pw;
593		596
594	pw = getpwuid(getuid());	597	pw = getpwuid(original_uid);
595	if (pw == NULL)	598	if (pw == NULL)
596	fatal("Couldn't get password entry for current user (%i): %s",	599	fatal("Couldn't get password entry for current user (%i): %s",
597	getuid(), strerror(errno));	600	original_uid, strerror(errno));
598		601
599	snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir,	602	snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir,
600	SSH_PRNG_SEED_FILE);	603	SSH_PRNG_SEED_FILE);
@@ -755,7 +758,7 @@ prng_read_commands(char *cmdfilename)
755	/* trim to size */	758	/* trim to size */
756	entropy_sources = xrealloc(entcmd, (cur_cmd+1) * sizeof(entropy_source_t));	759	entropy_sources = xrealloc(entcmd, (cur_cmd+1) * sizeof(entropy_source_t));
757		760
758	debug("loaded %d entropy commands from %.100s", cur_cmd, cmdfilename);	761	debug("Loaded %d entropy commands from %.100s", cur_cmd, cmdfilename);
759		762
760	return (cur_cmd >= MIN_ENTROPY_SOURCES);	763	return (cur_cmd >= MIN_ENTROPY_SOURCES);
761	}	764	}
@@ -777,35 +780,41 @@ void
777	seed_rng(void)	780	seed_rng(void)
778	{	781	{
779	void *old_sigchld_handler;	782	void *old_sigchld_handler;
780
781	if (!prng_commands_loaded) {
782	if (!prng_read_commands(SSH_PRNG_COMMAND_FILE))
783	fatal("PRNG initialisation failed -- exiting.");
784	prng_commands_loaded = 1;
785	}
786		783
		784	if (!prng_initialised)
		785	fatal("RNG not initialised");
		786
787	/* Make sure some other sigchld handler doesn't reap our entropy */	787	/* Make sure some other sigchld handler doesn't reap our entropy */
788	/* commands */	788	/* commands */
789	old_sigchld_handler = signal(SIGCHLD, SIG_DFL);	789	old_sigchld_handler = signal(SIGCHLD, SIG_DFL);
790		790
791	debug("Seeding random number generator.");	791	debug("Seeded RNG with %i bytes from programs", (int)stir_from_programs());
792	debug("OpenSSL random status is now %i\n", RAND_status());	792	debug("Seeded RNG with %i bytes from system calls", (int)stir_from_system());
793	debug("%i bytes from system calls", (int)stir_from_system());	793
794	debug("%i bytes from programs", (int)stir_from_programs());	794	if (!RAND_status())
795	debug("OpenSSL random status is now %i\n", RAND_status());	795	fatal("Not enough entropy in RNG");
796		796
797	signal(SIGCHLD, old_sigchld_handler);	797	signal(SIGCHLD, old_sigchld_handler);
798		798
799	if (!RAND_status())	799	if (!RAND_status())
800	fatal("Couldn't initialise builtin random number generator -- exiting.");	800	fatal("Couldn't initialise builtin random number generator -- exiting.");
		801	}
801		802
802	if (!prng_seed_loaded)	803	void init_rng(void)
803	{	804	{
804	prng_seed_loaded = 1;	805	original_uid = getuid();
805	prng_seed_saved = 0;	806
806	prng_read_seedfile();	807	/* Read in collection commands */
807	fatal_add_cleanup(prng_seed_cleanup, NULL);	808	if (!prng_read_commands(SSH_PRNG_COMMAND_FILE))
808	atexit(prng_write_seedfile);	809	fatal("PRNG initialisation failed -- exiting.");
809	}	810
		811	/* Set ourselves up to save a seed upon exit */
		812	prng_seed_saved = 0;
		813	prng_read_seedfile();
		814	fatal_add_cleanup(prng_seed_cleanup, NULL);
		815	atexit(prng_write_seedfile);
		816
		817	prng_initialised = 1;
810	}	818	}
		819
811	#endif /* defined(EGD_SOCKET) \|\| defined(RANDOM_POOL) */	820	#endif /* defined(EGD_SOCKET) \|\| defined(RANDOM_POOL) */


diff --git a/entropy.h b/entropy.h index ec425a0cb..a6f7bfc60 100644 --- a/entropy.h +++ b/entropy.h
@@ -31,5 +31,6 @@
31	#define _RANDOMS_H	31	#define _RANDOMS_H
32		32
33	void seed_rng(void);	33	void seed_rng(void);
		34	void init_rng(void);
34		35
35	#endif /* _RANDOMS_H */	36	#endif /* _RANDOMS_H */


diff --git a/ssh-add.c b/ssh-add.c index 661e1ffa9..a5d785ce7 100644 --- a/ssh-add.c +++ b/ssh-add.c
@@ -210,6 +210,8 @@ main(int argc, char **argv)
210	int i;	210	int i;
211	int deleting = 0;	211	int deleting = 0;
212		212
		213	init_rng();
		214
213	/* check if RSA support exists */	215	/* check if RSA support exists */
214	if (rsa_alive() == 0) {	216	if (rsa_alive() == 0) {
215	fprintf(stderr,	217	fprintf(stderr,


diff --git a/ssh-agent.c b/ssh-agent.c index 7bfa29042..148bcff6e 100644 --- a/ssh-agent.c +++ b/ssh-agent.c
@@ -509,6 +509,8 @@ main(int ac, char **av)
509	char shell, format, pidstr, pidstrbuf[1 + 3 sizeof pid];	509	char shell, format, pidstr, pidstrbuf[1 + 3 sizeof pid];
510	extern int optind;	510	extern int optind;
511		511
		512	init_rng();
		513
512	/* check if RSA support exists */	514	/* check if RSA support exists */
513	if (rsa_alive() == 0) {	515	if (rsa_alive() == 0) {
514	fprintf(stderr,	516	fprintf(stderr,


diff --git a/ssh-keygen.c b/ssh-keygen.c index 4b89c15e1..dbd0443fc 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c
@@ -520,6 +520,8 @@ main(int ac, char **av)
520	extern int optind;	520	extern int optind;
521	extern char *optarg;	521	extern char *optarg;
522		522
		523	init_rng();
		524
523	SSLeay_add_all_algorithms();	525	SSLeay_add_all_algorithms();
524		526
525	/* we need this for the home * directory. */	527	/* we need this for the home * directory. */


diff --git a/ssh.c b/ssh.c index f9742dc8d..be2ba4469 100644 --- a/ssh.c +++ b/ssh.c
@@ -206,6 +206,8 @@ main(int ac, char **av)
206	int dummy;	206	int dummy;
207	uid_t original_effective_uid;	207	uid_t original_effective_uid;
208		208
		209	init_rng();
		210
209	/*	211	/*
210	* Save the original real uid. It will be needed later (uid-swapping	212	* Save the original real uid. It will be needed later (uid-swapping
211	* may clobber the real uid).	213	* may clobber the real uid).


diff --git a/sshd.c b/sshd.c index a4749fbe4..93d68404f 100644 --- a/sshd.c +++ b/sshd.c
@@ -422,6 +422,8 @@ main(int ac, char **av)
422	char ntop[NI_MAXHOST], strport[NI_MAXSERV];	422	char ntop[NI_MAXHOST], strport[NI_MAXSERV];
423	int listen_sock, maxfd;	423	int listen_sock, maxfd;
424		424
		425	init_rng();
		426
425	/* Save argv[0]. */	427	/* Save argv[0]. */
426	saved_argc = ac;	428	saved_argc = ac;
427	saved_argv = av;	429	saved_argv = av;