5 files changed, 47 insertions, 18 deletions

diff --git a/ChangeLog b/ChangeLog
index eafed7e09..71f8b27b9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -9,6 +9,8 @@
      [bindresvport.c]
      in bindresvport(), if sin is non-NULL, example sin->sin_family for 
      the actual family being processed
+ - (djm) Mention PRNGd in documentation, it is nicer than EGD
+ - (djm) Automatically search for "well-known" EGD/PRNGd sockets in autoconf
 
 20010124
  - (bal) OpenBSD Resync
diff --git a/INSTALL b/INSTALL
index c1a7eb163..797b78355 100644
--- a/INSTALL
+++ b/INSTALL
@@ -29,10 +29,18 @@ passphrase requester. This is maintained separately at:
 
 http://www.ntrnet.net/~jmknoble/software/x11-ssh-askpass/index.html
 
+PRNGD:
+
+If your system lacks Kernel based random collection, the use of Lutz 
+Jaenicke's PRNGd is recommended.
+
+http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html
+
+EGD:
+
 The Entropy Gathering Daemon (EGD) is supported if you have a system which
 lacks /dev/random and don't want to use OpenSSH's internal entropy collection.
 
-EGD:
 http://www.lothar.com/tech/crypto/
 
 GNU Make:
@@ -110,10 +118,10 @@ headers, for this to work.
 random numbers (the default is /dev/urandom). Unless you are absolutely
 sure of what you are doing, it is best to leave this alone.
 
---with-egd-pool=/some/file allows you to enable Entropy Gathering
-Daemon support and to specify a EGD pool socket. Use this if your
-Unix lacks /dev/random and you don't want to use OpenSSH's builtin
-entropy collection support.
+--with-egd-pool=/some/file allows you to enable EGD or PRNGD support 
+and to specify a EGD pool socket. Use this if your Unix lacks 
+/dev/random and you don't want to use OpenSSH's builtin entropy 
+collection support.
 
 --with-lastlog=FILE will specify the location of the lastlog file. 
 ./configure searches a few locations for lastlog, but may not find
diff --git a/README b/README
index b832652e1..467617723 100644
--- a/README
+++ b/README
@@ -14,8 +14,8 @@ Markus Friedl, Niels Provos, Theo de Raadt, and Dug Song. It has a
 homepage at http://www.openssh.com/
 
 This port consists of the re-introduction of autoconf support, PAM
-support (for Linux and Solaris), EGD[1] support and replacements for 
-OpenBSD library functions that are (regrettably) absent from other 
+support (for Linux and Solaris), EGD[1]/PRNGD[2] support and replacements 
+for OpenBSD library functions that are (regrettably) absent from other 
 unices. This port has been best tested on Linux, Solaris, HPUX, NetBSD 
 and Irix. Support for AIX, SCO, NeXT and other Unices is underway. 
 This version actively tracks changes in the OpenBSD CVS repository.
@@ -24,7 +24,7 @@ The PAM support is now more functional than the popular packages of
 commercial ssh-1.2.x. It checks "account" and "session" modules for
 all logins, not just when using password authentication.
 
-OpenSSH depends on Zlib[2], OpenSSL[3] and optionally PAM[4].
+OpenSSH depends on Zlib[3], OpenSSL[4] and optionally PAM[5].
 
 There is now several mailing lists for this port of OpenSSH. Please
 refer to http://www.openssh.com/list.html for details on how to join.
@@ -37,11 +37,11 @@ If you are a citizen of the USA or another country which restricts
 export of cryptographic products, then please refrain from sending 
 crypto-related code or patches to the list. We cannot accept them.
 Other code contribution are accepted, but please follow the OpenBSD
-style guidelines[5].
+style guidelines[6].
 
 Please refer to the INSTALL document for information on how to install
 OpenSSH on your system. There are a number of differences between this 
-port of OpenSSH and F-Secure SSH 1.x, please refer to the OpenSSH FAQ[6]
+port of OpenSSH and F-Secure SSH 1.x, please refer to the OpenSSH FAQ[7]
 for details and general tips.
 
 Damien Miller <djm@mindrot.org>
@@ -56,8 +56,9 @@ References -
 
 [0] http://www.openssh.com/faq.html
 [1] http://www.lothar.com/tech/crypto/
-[2] ftp://ftp.freesoftware.com/pub/infozip/zlib/
-[3] http://www.openssl.org/
-[4] http://www.kernel.org/pub/linux/libs/pam/ (PAM is standard on Solaris)
-[5] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9&apropos=0&manpath=OpenBSD+Current
-[6] http://www.openssh.com/faq.html
+[2] http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html
+[3] ftp://ftp.freesoftware.com/pub/infozip/zlib/
+[4] http://www.openssl.org/
+[5] http://www.kernel.org/pub/linux/libs/pam/ (PAM is standard on Solaris)
+[6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9
+[7] http://www.openssh.com/faq.html
diff --git a/WARNING.RNG b/WARNING.RNG
index 21f4901c9..44e606d54 100644
--- a/WARNING.RNG
+++ b/WARNING.RNG
@@ -16,6 +16,8 @@ key and impersonate you or your hosts.
 
 If you are using the builtin random number support (configure will
 tell you if this is the case), then read this document in its entirety.
+Alternately, you can use Lutz Jaenicke's PRNGd - a small daemon which
+collects random numbers and makes them available by a socket.
 
 Please also request that your OS vendor provides a kernel-based random
 number collector (/dev/random) in future versions of your operating
diff --git a/configure.in b/configure.in
index f217e5ae9..798e327be 100644
--- a/configure.in
+++ b/configure.in
@@ -1043,7 +1043,7 @@ AC_CHECK_FILE("/dev/ptc",
 
 # Check for user-specified random device, otherwise check /dev/urandom
 AC_ARG_WITH(random,
-        [  --with-random=FILE      read randomness from FILE (default=/dev/urandom)],
+        [  --with-random=FILE      read entropy from FILE (default=/dev/urandom)],
         [
                 if test "x$withval" != "xno" ; then
                         RANDOM_POOL="$withval";
@@ -1064,15 +1064,31 @@ AC_ARG_WITH(random,
 
 # Check for EGD pool file
 AC_ARG_WITH(egd-pool,
-        [  --with-egd-pool=FILE    read randomness from EGD pool FILE (default none)],
+        [  --with-egd-pool=FILE    read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
         [
                 if test "x$withval" != "xno" ; then
                         EGD_SOCKET="$withval";
                         AC_DEFINE_UNQUOTED(EGD_SOCKET, "$EGD_SOCKET")
                 fi
+        ],
+        [
+                # Check for existing socket only if we don't have a random device already
+                if test -z "$RANDOM_POOL" ; then
+                        AC_MSG_CHECKING(for PRNGD/EGD socket)
+                        # Insert other locations here
+                        for egdsock in /var/run/egd-pool /etc/entropy ; do
+                                if test -S $egdsock ; then
+                                        EGD_SOCKET="$egdsock"
+                                        AC_DEFINE_UNQUOTED(EGD_SOCKET, "$EGD_SOCKET")
+                                        AC_MSG_RESULT($egdsock)
+                                        break;
+                                fi
+                        done
+                fi
         ]
 )
 
+
 # detect pathnames for entropy gathering commands, if we need them
 INSTALL_SSH_PRNG_CMDS=""
 rm -f prng_commands
@@ -1629,7 +1645,7 @@ if test ! -z "$RANDOM_POOL" ; then
         RAND_MSG="Device ($RANDOM_POOL)"
 else
         if test ! -z "$EGD_SOCKET" ; then
-                RAND_MSG="EGD ($EGD_SOCKET)"
+                RAND_MSG="EGD/PRNGD ($EGD_SOCKET)"
         else
                 RAND_MSG="Builtin (timeout $entropy_timeout)"
                 BUILTIN_RNG=1