summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog9
-rw-r--r--ssh-rand-helper.c43
2 files changed, 35 insertions, 17 deletions
diff --git a/ChangeLog b/ChangeLog
index 469fa495..c6cf7b38 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+20041220
+ - (dtucker) [ssh-rand-helper.c] Fall back to command-based seeding if reading
+ from prngd is enabled at compile time but fails at run time, eg because
+ prngd is not running. Note that if you have prngd running when OpenSSH is
+ built, OpenSSL will consider itself internally seeded and rand-helper won't
+ be built at all unless explicitly enabled via --with-rand-helper. ok djm@
+
20041213
- (dtucker) [contrib/findssh.sh] Clean up on interrupt; from
amarendra.godbole at ge com.
@@ -1950,4 +1957,4 @@
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
-$Id: ChangeLog,v 1.3604 2004/12/13 07:08:32 dtucker Exp $
+$Id: ChangeLog,v 1.3605 2004/12/20 01:05:08 dtucker Exp $
diff --git a/ssh-rand-helper.c b/ssh-rand-helper.c
index 8cad53fe..7cd081fa 100644
--- a/ssh-rand-helper.c
+++ b/ssh-rand-helper.c
@@ -39,7 +39,7 @@
#include "pathnames.h"
#include "log.h"
-RCSID("$Id: ssh-rand-helper.c,v 1.19 2004/08/23 11:52:09 djm Exp $");
+RCSID("$Id: ssh-rand-helper.c,v 1.20 2004/12/20 01:05:08 dtucker Exp $");
/* Number of bytes we write out */
#define OUTPUT_SEED_SIZE 48
@@ -209,6 +209,22 @@ done:
return rval;
}
+static int
+seed_from_prngd(unsigned char *buf, size_t bytes)
+{
+#ifdef PRNGD_PORT
+ debug("trying egd/prngd port %d", PRNGD_PORT);
+ if (get_random_bytes_prngd(buf, bytes, PRNGD_PORT, NULL) == 0)
+ return 0;
+#endif
+#ifdef PRNGD_SOCKET
+ debug("trying egd/prngd socket %s", PRNGD_SOCKET);
+ if (get_random_bytes_prngd(buf, bytes, 0, PRNGD_SOCKET) == 0)
+ return 0;
+#endif
+ return -1;
+}
+
double
stir_gettimeofday(double entropy_estimate)
{
@@ -815,21 +831,16 @@ main(int argc, char **argv)
debug("Seeded RNG with %i bytes from system calls",
(int)stir_from_system());
-#ifdef PRNGD_PORT
- if (get_random_bytes_prngd(buf, bytes, PRNGD_PORT, NULL) == -1)
- fatal("Entropy collection failed");
- RAND_add(buf, bytes, bytes);
-#elif defined(PRNGD_SOCKET)
- if (get_random_bytes_prngd(buf, bytes, 0, PRNGD_SOCKET) == -1)
- fatal("Entropy collection failed");
- RAND_add(buf, bytes, bytes);
-#else
- /* Read in collection commands */
- if (prng_read_commands(SSH_PRNG_COMMAND_FILE) == -1)
- fatal("PRNG initialisation failed -- exiting.");
- debug("Seeded RNG with %i bytes from programs",
- (int)stir_from_programs());
-#endif
+ /* try prngd, fall back to commands if prngd fails or not configured */
+ if (seed_from_prngd(buf, bytes) == 0) {
+ RAND_add(buf, bytes, bytes);
+ } else {
+ /* Read in collection commands */
+ if (prng_read_commands(SSH_PRNG_COMMAND_FILE) == -1)
+ fatal("PRNG initialisation failed -- exiting.");
+ debug("Seeded RNG with %i bytes from programs",
+ (int)stir_from_programs());
+ }
#ifdef USE_SEED_FILES
prng_write_seedfile();