1/* 2 * Copyright (c) 2001 Damien Miller. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. --- 12 unchanged lines hidden (view full) --- 21 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23 */ 24 25#include "includes.h" 26 27#include <openssl/rand.h> 28#include <openssl/crypto.h> |
29#include <openssl/err.h> |
30 31#include "ssh.h" 32#include "misc.h" 33#include "xmalloc.h" 34#include "atomicio.h" 35#include "pathnames.h" 36#include "log.h" |
37#include "buffer.h" 38#include "bufaux.h" |
39 40/* 41 * Portable OpenSSH PRNG seeding: 42 * If OpenSSL has not "internally seeded" itself (e.g. pulled data from 43 * /dev/random), then we execute a "ssh-rand-helper" program which 44 * collects entropy and writes it to stdout. The child program must 45 * write at least RANDOM_SEED_SIZE bytes. The child is run with stderr 46 * attached, so error/debugging output should be visible. 47 * 48 * XXX: we should tell the child how many bytes we need. 49 */ 50 |
51RCSID("$Id: entropy.c,v 1.52 2005/09/27 22:26:30 dtucker Exp $"); |
52 53#ifndef OPENSSL_PRNG_ONLY 54#define RANDOM_SEED_SIZE 48 55static uid_t original_uid, original_euid; 56#endif 57 58void 59seed_rng(void) --- 83 unchanged lines hidden (view full) --- 143 * OpenSSL version numbers: MNNFFPPS: major minor fix patch status 144 * We match major, minor, fix and status (not patch) 145 */ 146 if ((SSLeay() ^ OPENSSL_VERSION_NUMBER) & ~0xff0L) 147 fatal("OpenSSL version mismatch. Built against %lx, you " 148 "have %lx", OPENSSL_VERSION_NUMBER, SSLeay()); 149 150#ifndef OPENSSL_PRNG_ONLY |
151 original_uid = getuid(); 152 original_euid = geteuid(); |
153#endif 154} 155 |
156#ifndef OPENSSL_PRNG_ONLY 157void 158rexec_send_rng_seed(Buffer *m) 159{ 160 u_char buf[RANDOM_SEED_SIZE]; 161 162 if (RAND_bytes(buf, sizeof(buf)) <= 0) { 163 error("Couldn't obtain random bytes (error %ld)", 164 ERR_get_error()); 165 buffer_put_string(m, "", 0); 166 } else 167 buffer_put_string(m, buf, sizeof(buf)); 168} 169 170void 171rexec_recv_rng_seed(Buffer *m) 172{ 173 u_char *buf; 174 u_int len; 175 176 buf = buffer_get_string_ret(m, &len); 177 if (buf != NULL) { 178 debug3("rexec_recv_rng_seed: seeding rng with %u bytes", len); 179 RAND_add(buf, len, len); 180 } 181} 182#endif |