summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDarren Tucker <dtucker@zip.com.au>2004-12-20 12:05:08 +1100
committerDarren Tucker <dtucker@zip.com.au>2004-12-20 12:05:08 +1100
commit8686ed75081958714f5d7768b5b0b8bcdd86b0ff (patch)
tree7bd963a610a10662e80c654e50aa6b8337d12a78
parent442a383418dc3eb1809e66c966933071034d5325 (diff)
- (dtucker) [ssh-rand-helper.c] Fall back to command-based seeding if reading
from prngd is enabled at compile time but fails at run time, eg because prngd is not running. Note that if you have prngd running when OpenSSH is built, OpenSSL will consider itself internally seeded and rand-helper won't be built at all unless explicitly enabled via --with-rand-helper. ok djm@
-rw-r--r--ChangeLog9
-rw-r--r--ssh-rand-helper.c43
2 files changed, 35 insertions, 17 deletions
diff --git a/ChangeLog b/ChangeLog
index 469fa495..c6cf7b38 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+20041220
+ - (dtucker) [ssh-rand-helper.c] Fall back to command-based seeding if reading
+ from prngd is enabled at compile time but fails at run time, eg because
+ prngd is not running. Note that if you have prngd running when OpenSSH is
+ built, OpenSSL will consider itself internally seeded and rand-helper won't
+ be built at all unless explicitly enabled via --with-rand-helper. ok djm@
+
20041213
- (dtucker) [contrib/findssh.sh] Clean up on interrupt; from
amarendra.godbole at ge com.
@@ -1950,4 +1957,4 @@
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
-$Id: ChangeLog,v 1.3604 2004/12/13 07:08:32 dtucker Exp $
+$Id: ChangeLog,v 1.3605 2004/12/20 01:05:08 dtucker Exp $
diff --git a/ssh-rand-helper.c b/ssh-rand-helper.c
index 8cad53fe..7cd081fa 100644
--- a/ssh-rand-helper.c
+++ b/ssh-rand-helper.c
@@ -39,7 +39,7 @@
#include "pathnames.h"
#include "log.h"
-RCSID("$Id: ssh-rand-helper.c,v 1.19 2004/08/23 11:52:09 djm Exp $");
+RCSID("$Id: ssh-rand-helper.c,v 1.20 2004/12/20 01:05:08 dtucker Exp $");
/* Number of bytes we write out */
#define OUTPUT_SEED_SIZE 48
@@ -209,6 +209,22 @@ done:
return rval;
}
+static int
+seed_from_prngd(unsigned char *buf, size_t bytes)
+{
+#ifdef PRNGD_PORT
+ debug("trying egd/prngd port %d", PRNGD_PORT);
+ if (get_random_bytes_prngd(buf, bytes, PRNGD_PORT, NULL) == 0)
+ return 0;
+#endif
+#ifdef PRNGD_SOCKET
+ debug("trying egd/prngd socket %s", PRNGD_SOCKET);
+ if (get_random_bytes_prngd(buf, bytes, 0, PRNGD_SOCKET) == 0)
+ return 0;
+#endif
+ return -1;
+}
+
double
stir_gettimeofday(double entropy_estimate)
{
@@ -815,21 +831,16 @@ main(int argc, char **argv)
debug("Seeded RNG with %i bytes from system calls",
(int)stir_from_system());
-#ifdef PRNGD_PORT
- if (get_random_bytes_prngd(buf, bytes, PRNGD_PORT, NULL) == -1)
- fatal("Entropy collection failed");
- RAND_add(buf, bytes, bytes);
-#elif defined(PRNGD_SOCKET)
- if (get_random_bytes_prngd(buf, bytes, 0, PRNGD_SOCKET) == -1)
- fatal("Entropy collection failed");
- RAND_add(buf, bytes, bytes);
-#else
- /* Read in collection commands */
- if (prng_read_commands(SSH_PRNG_COMMAND_FILE) == -1)
- fatal("PRNG initialisation failed -- exiting.");
- debug("Seeded RNG with %i bytes from programs",
- (int)stir_from_programs());
-#endif
+ /* try prngd, fall back to commands if prngd fails or not configured */
+ if (seed_from_prngd(buf, bytes) == 0) {
+ RAND_add(buf, bytes, bytes);
+ } else {
+ /* Read in collection commands */
+ if (prng_read_commands(SSH_PRNG_COMMAND_FILE) == -1)
+ fatal("PRNG initialisation failed -- exiting.");
+ debug("Seeded RNG with %i bytes from programs",
+ (int)stir_from_programs());
+ }
#ifdef USE_SEED_FILES
prng_write_seedfile();