entropy.c (149749) | entropy.c (157016) |
---|---|
1/* 2 * Copyright (c) 2001 Damien Miller. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. --- 12 unchanged lines hidden (view full) --- 21 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23 */ 24 25#include "includes.h" 26 27#include <openssl/rand.h> 28#include <openssl/crypto.h> | 1/* 2 * Copyright (c) 2001 Damien Miller. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. --- 12 unchanged lines hidden (view full) --- 21 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23 */ 24 25#include "includes.h" 26 27#include <openssl/rand.h> 28#include <openssl/crypto.h> |
29#include <openssl/err.h> |
|
29 30#include "ssh.h" 31#include "misc.h" 32#include "xmalloc.h" 33#include "atomicio.h" 34#include "pathnames.h" 35#include "log.h" | 30 31#include "ssh.h" 32#include "misc.h" 33#include "xmalloc.h" 34#include "atomicio.h" 35#include "pathnames.h" 36#include "log.h" |
37#include "buffer.h" 38#include "bufaux.h" |
|
36 37/* 38 * Portable OpenSSH PRNG seeding: 39 * If OpenSSL has not "internally seeded" itself (e.g. pulled data from 40 * /dev/random), then we execute a "ssh-rand-helper" program which 41 * collects entropy and writes it to stdout. The child program must 42 * write at least RANDOM_SEED_SIZE bytes. The child is run with stderr 43 * attached, so error/debugging output should be visible. 44 * 45 * XXX: we should tell the child how many bytes we need. 46 */ 47 | 39 40/* 41 * Portable OpenSSH PRNG seeding: 42 * If OpenSSL has not "internally seeded" itself (e.g. pulled data from 43 * /dev/random), then we execute a "ssh-rand-helper" program which 44 * collects entropy and writes it to stdout. The child program must 45 * write at least RANDOM_SEED_SIZE bytes. The child is run with stderr 46 * attached, so error/debugging output should be visible. 47 * 48 * XXX: we should tell the child how many bytes we need. 49 */ 50 |
48RCSID("$Id: entropy.c,v 1.49 2005/07/17 07:26:44 djm Exp $"); | 51RCSID("$Id: entropy.c,v 1.52 2005/09/27 22:26:30 dtucker Exp $"); |
49 50#ifndef OPENSSL_PRNG_ONLY 51#define RANDOM_SEED_SIZE 48 52static uid_t original_uid, original_euid; 53#endif 54 55void 56seed_rng(void) --- 83 unchanged lines hidden (view full) --- 140 * OpenSSL version numbers: MNNFFPPS: major minor fix patch status 141 * We match major, minor, fix and status (not patch) 142 */ 143 if ((SSLeay() ^ OPENSSL_VERSION_NUMBER) & ~0xff0L) 144 fatal("OpenSSL version mismatch. Built against %lx, you " 145 "have %lx", OPENSSL_VERSION_NUMBER, SSLeay()); 146 147#ifndef OPENSSL_PRNG_ONLY | 52 53#ifndef OPENSSL_PRNG_ONLY 54#define RANDOM_SEED_SIZE 48 55static uid_t original_uid, original_euid; 56#endif 57 58void 59seed_rng(void) --- 83 unchanged lines hidden (view full) --- 143 * OpenSSL version numbers: MNNFFPPS: major minor fix patch status 144 * We match major, minor, fix and status (not patch) 145 */ 146 if ((SSLeay() ^ OPENSSL_VERSION_NUMBER) & ~0xff0L) 147 fatal("OpenSSL version mismatch. Built against %lx, you " 148 "have %lx", OPENSSL_VERSION_NUMBER, SSLeay()); 149 150#ifndef OPENSSL_PRNG_ONLY |
148 if ((original_uid = getuid()) == -1) 149 fatal("getuid: %s", strerror(errno)); 150 if ((original_euid = geteuid()) == -1) 151 fatal("geteuid: %s", strerror(errno)); | 151 original_uid = getuid(); 152 original_euid = geteuid(); |
152#endif 153} 154 | 153#endif 154} 155 |
156#ifndef OPENSSL_PRNG_ONLY 157void 158rexec_send_rng_seed(Buffer *m) 159{ 160 u_char buf[RANDOM_SEED_SIZE]; 161 162 if (RAND_bytes(buf, sizeof(buf)) <= 0) { 163 error("Couldn't obtain random bytes (error %ld)", 164 ERR_get_error()); 165 buffer_put_string(m, "", 0); 166 } else 167 buffer_put_string(m, buf, sizeof(buf)); 168} 169 170void 171rexec_recv_rng_seed(Buffer *m) 172{ 173 u_char *buf; 174 u_int len; 175 176 buf = buffer_get_string_ret(m, &len); 177 if (buf != NULL) { 178 debug3("rexec_recv_rng_seed: seeding rng with %u bytes", len); 179 RAND_add(buf, len, len); 180 } 181} 182#endif |
|