entropy.c revision 7c478bd95313f5f23a4c958a745db2134aa03244
/*
* Copyright (c) 2001 Damien Miller. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
#include "ssh.h"
#include "misc.h"
#include "xmalloc.h"
#include "atomicio.h"
#include "pathnames.h"
#include "log.h"
/*
* Portable OpenSSH PRNG seeding:
* If OpenSSL has not "internally seeded" itself (e.g. pulled data from
* collects entropy and writes it to stdout. The child program must
* write at least RANDOM_SEED_SIZE bytes. The child is run with stderr
*
* XXX: we should tell the child how many bytes we need.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
#ifndef OPENSSL_PRNG_ONLY
#define RANDOM_SEED_SIZE 48
#endif
void
seed_rng(void)
{
#ifndef OPENSSL_PRNG_ONLY
int devnull;
int p[2];
int ret;
unsigned char buf[RANDOM_SEED_SIZE];
if (RAND_status() == 1) {
debug3("RNG is ready, skipping seeding");
return;
}
if (pipe(p) == -1)
if (pid == 0) {
/* Keep stderr open for errors */
close(p[0]);
close(p[1]);
if (original_uid != original_euid &&
_exit(1);
}
_exit(1);
}
close(p[1]);
if (ret == -1)
fatal("Couldn't read from ssh-rand-helper: %s",
fatal("ssh-rand-helper child produced insufficient data");
close(p[0]);
fatal("Couldn't wait for ssh-rand-helper completion: %s",
/* We don't mind if the child exits upon a SIGPIPE */
fatal("ssh-rand-helper terminated abnormally");
if (WEXITSTATUS(ret) != 0)
#endif /* OPENSSL_PRNG_ONLY */
if (RAND_status() != 1)
fatal("PRNG is not seeded");
}
void
init_rng(void)
{
/*
* OpenSSL version numbers: MNNFFPPS: major minor fix patch status
* We match major, minor, fix and status (not patch)
*/
fatal("OpenSSL version mismatch. Built against %lx, you "
#ifndef OPENSSL_PRNG_ONLY
#endif
}