- (dtucker) [ssh-rand-helper.c] Fall back to command-based seeding if reading

from prngd is enabled at compile time but fails at run time, eg because prngd is not running. Note that if you have prngd running when OpenSSH is built, OpenSSL will consider itself internally seeded and rand-helper won't be built at all unless explicitly enabled via --with-rand-helper. ok djm@
2004-12-20 12:05:08 +11:00 · 2004-12-20 12:05:08 +11:00 · 8686ed7508
parent 442a383418
commit 8686ed7508
2 changed files with 35 additions and 17 deletions
--- a/9
+++ b/9
@ -1,3 +1,10 @@
+20041220
+ - (dtucker) [ssh-rand-helper.c] Fall back to command-based seeding if reading
+   from prngd is enabled at compile time but fails at run time, eg because
+   prngd is not running.  Note that if you have prngd running when OpenSSH is
+   built, OpenSSL will consider itself internally seeded and rand-helper won't
+   be built at all unless explicitly enabled via --with-rand-helper.  ok djm@
+
 20041213
 - (dtucker) [contrib/findssh.sh] Clean up on interrupt; from
   amarendra.godbole at ge com.
@ -1950,4 +1957,4 @@
   - (djm) Trim deprecated options from INSTALL. Mention UsePAM
   - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu

-$Id: ChangeLog,v 1.3604 2004/12/13 07:08:32 dtucker Exp $
+$Id: ChangeLog,v 1.3605 2004/12/20 01:05:08 dtucker Exp $
--- a/ssh-rand-helper.c
+++ b/ssh-rand-helper.c
@ -39,7 +39,7 @@
 #include "pathnames.h"
 #include "log.h"

-RCSID("$Id: ssh-rand-helper.c,v 1.19 2004/08/23 11:52:09 djm Exp $");
+RCSID("$Id: ssh-rand-helper.c,v 1.20 2004/12/20 01:05:08 dtucker Exp $");

 /* Number of bytes we write out */
 #define OUTPUT_SEED_SIZE	48
@ -209,6 +209,22 @@ done:
 	return rval;
 }

+static int
+seed_from_prngd(unsigned char *buf, size_t bytes)
+{
+#ifdef PRNGD_PORT
+	debug("trying egd/prngd port %d", PRNGD_PORT);
+	if (get_random_bytes_prngd(buf, bytes, PRNGD_PORT, NULL) == 0)
+		return 0;
+#endif
+#ifdef PRNGD_SOCKET
+	debug("trying egd/prngd socket %s", PRNGD_SOCKET);
+	if (get_random_bytes_prngd(buf, bytes, 0, PRNGD_SOCKET) == 0)
+		return 0;
+#endif
+	return -1;
+}
+
 double
 stir_gettimeofday(double entropy_estimate)
 {
@ -815,21 +831,16 @@ main(int argc, char **argv)
 	debug("Seeded RNG with %i bytes from system calls",
 	    (int)stir_from_system());

-#ifdef PRNGD_PORT
-	if (get_random_bytes_prngd(buf, bytes, PRNGD_PORT, NULL) == -1)
-		fatal("Entropy collection failed");
-	RAND_add(buf, bytes, bytes);
-#elif defined(PRNGD_SOCKET)
-	if (get_random_bytes_prngd(buf, bytes, 0, PRNGD_SOCKET) == -1)
-		fatal("Entropy collection failed");
-	RAND_add(buf, bytes, bytes);
-#else
-	/* Read in collection commands */
-	if (prng_read_commands(SSH_PRNG_COMMAND_FILE) == -1)
-		fatal("PRNG initialisation failed -- exiting.");
-	debug("Seeded RNG with %i bytes from programs",
-	    (int)stir_from_programs());
-#endif
+	/* try prngd, fall back to commands if prngd fails or not configured */
+	if (seed_from_prngd(buf, bytes) == 0) {
+		RAND_add(buf, bytes, bytes);
+	} else {
+		/* Read in collection commands */
+		if (prng_read_commands(SSH_PRNG_COMMAND_FILE) == -1)
+			fatal("PRNG initialisation failed -- exiting.");
+		debug("Seeded RNG with %i bytes from programs",
+		    (int)stir_from_programs());
+	}

 #ifdef USE_SEED_FILES
 	prng_write_seedfile();