# define SSH_PRNG_COMMAND_FILE SSHDIR "/ssh_prng_cmds"
#endif
-
#ifdef HAVE___PROGNAME
extern char *__progname;
#else
double stir_gettimeofday(double entropy_estimate);
double stir_clock(double entropy_estimate);
double stir_rusage(int who, double entropy_estimate);
-double hash_command_output(entropy_cmd_t *src, char *hash);
-int get_random_bytes_prngd(unsigned char *buf, int len,
+double hash_command_output(entropy_cmd_t *src, unsigned char *hash);
+int get_random_bytes_prngd(unsigned char *buf, int len,
unsigned short tcp_port, char *socket_path);
/*
* Collect 'len' bytes of entropy into 'buf' from PRNGD/EGD daemon
* listening either on 'tcp_port', or via Unix domain socket at *
* 'socket_path'.
- * Either a non-zero tcp_port or a non-null socket_path must be
+ * Either a non-zero tcp_port or a non-null socket_path must be
* supplied.
* Returns 0 on success, -1 on error
*/
int
-get_random_bytes_prngd(unsigned char *buf, int len,
+get_random_bytes_prngd(unsigned char *buf, int len,
unsigned short tcp_port, char *socket_path)
{
int fd, addr_len, rval, errors;
msg[0] = 0x02;
msg[1] = len;
- if (atomicio(write, fd, msg, sizeof(msg)) != sizeof(msg)) {
+ if (atomicio(vwrite, fd, msg, sizeof(msg)) != sizeof(msg)) {
if (errno == EPIPE && errors < 10) {
close(fd);
errors++;
}
double
-hash_command_output(entropy_cmd_t *src, char *hash)
+hash_command_output(entropy_cmd_t *src, unsigned char *hash)
{
char buf[8192];
fd_set rdset;
if (devnull == -1) {
devnull = open("/dev/null", O_RDWR);
if (devnull == -1)
- fatal("Couldn't open /dev/null: %s",
+ fatal("Couldn't open /dev/null: %s",
strerror(errno));
}
execv(src->path, (char**)(src->args));
- debug("(child) Couldn't exec '%s': %s",
+ debug("(child) Couldn't exec '%s': %s",
src->cmdstring, strerror(errno));
_exit(-1);
default: /* Parent */
case 0:
/* timer expired */
error_abort = 1;
+ kill(pid, SIGINT);
break;
case 1:
/* command input */
case -1:
default:
/* error */
- debug("Command '%s': select() failed: %s",
+ debug("Command '%s': select() failed: %s",
src->cmdstring, strerror(errno));
error_abort = 1;
break;
if (waitpid(pid, &status, 0) == -1) {
error("Couldn't wait for child '%s' completion: %s",
- src->cmdstring, strerror(errno));
+ src->cmdstring, strerror(errno));
return 0.0;
}
if (error_abort) {
/*
* Closing p[0] on timeout causes the entropy command to
- * SIGPIPE. Take whatever output we got, and mark this
- * command as slow
+ * SIGPIPE. Take whatever output we got, and mark this
+ * command as slow
*/
debug2("Command '%s' timed out", src->cmdstring);
src->sticky_badness *= 2;
{
int c;
double entropy, total_entropy;
- char hash[SHA_DIGEST_LENGTH];
+ unsigned char hash[SHA_DIGEST_LENGTH];
total_entropy = 0;
for(c = 0; entropy_cmds[c].path != NULL; c++) {
/* Stir it in */
RAND_add(hash, sizeof(hash), entropy);
- debug3("Got %0.2f bytes of entropy from '%s'",
+ debug3("Got %0.2f bytes of entropy from '%s'",
entropy, entropy_cmds[c].cmdstring);
total_entropy += entropy;
total_entropy += stir_rusage(RUSAGE_CHILDREN, 0.1);
} else {
debug2("Command '%s' disabled (badness %d)",
- entropy_cmds[c].cmdstring,
+ entropy_cmds[c].cmdstring,
entropy_cmds[c].badness);
if (entropy_cmds[c].badness > 0)
struct stat st;
/*
- * XXX raceable: eg replace seed between this stat and subsequent
- * open. Not such a problem because we don't really trust the
+ * XXX raceable: eg replace seed between this stat and subsequent
+ * open. Not such a problem because we don't really trust the
* seed file anyway.
* XXX: use secure path checking as elsewhere in OpenSSH
*/
/* mode 0600, owned by root or the current user? */
if (((st.st_mode & 0177) != 0) || !(st.st_uid == getuid())) {
debug("WARNING: PRNG seedfile %.100s must be mode 0600, "
- "owned by uid %d", filename, getuid());
+ "owned by uid %li", filename, (long int)getuid());
return 0;
}
prng_write_seedfile(void)
{
int fd;
- char seed[SEED_FILE_SIZE], filename[MAXPATHLEN];
+ unsigned char seed[SEED_FILE_SIZE];
+ char filename[MAXPATHLEN];
struct passwd *pw;
pw = getpwuid(getuid());
if (pw == NULL)
fatal("Couldn't get password entry for current user "
- "(%i): %s", getuid(), strerror(errno));
+ "(%li): %s", (long int)getuid(), strerror(errno));
/* Try to ensure that the parent directory is there */
snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir,
debug("writing PRNG seed to file %.100s", filename);
- RAND_bytes(seed, sizeof(seed));
+ if (RAND_bytes(seed, sizeof(seed)) <= 0)
+ fatal("PRNG seed extraction failed");
/* Don't care if the seed doesn't exist */
prng_check_seedfile(filename);
debug("WARNING: couldn't access PRNG seedfile %.100s "
"(%.100s)", filename, strerror(errno));
} else {
- if (atomicio(write, fd, &seed, sizeof(seed)) < sizeof(seed))
+ if (atomicio(vwrite, fd, &seed, sizeof(seed)) < sizeof(seed))
fatal("problem writing PRNG seedfile %.100s "
"(%.100s)", filename, strerror(errno));
close(fd);
pw = getpwuid(getuid());
if (pw == NULL)
fatal("Couldn't get password entry for current user "
- "(%i): %s", getuid(), strerror(errno));
+ "(%li): %s", (long int)getuid(), strerror(errno));
snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir,
SSH_PRNG_SEED_FILE);
continue; /* done with this line */
/*
- * The first non-whitespace char should be a double quote
+ * The first non-whitespace char should be a double quote
* delimiting the commandline
*/
if (*cp != '"') {
/*
* If we've filled the array, reallocate it twice the size
- * Do this now because even if this we're on the last
+ * Do this now because even if this we're on the last
* command we need another slot to mark the last entry
*/
if (cur_cmd == num_cmds) {
OUTPUT_SEED_SIZE);
}
-int
+int
main(int argc, char **argv)
{
unsigned char *buf;
extern char *optarg;
LogLevel ll;
- __progname = get_progname(argv[0]);
+ __progname = ssh_get_progname(argv[0]);
log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);
ll = SYSLOG_LEVEL_INFO;
/* Don't write binary data to a tty, unless we are forced to */
if (isatty(STDOUT_FILENO))
output_hex = 1;
-
+
while ((ch = getopt(argc, argv, "vxXhb:")) != -1) {
switch (ch) {
case 'v':
}
log_init(argv[0], ll, SYSLOG_FACILITY_USER, 1);
-
+
#ifdef USE_SEED_FILES
prng_read_seedfile();
#endif
/*
* Seed the RNG from wherever we can
*/
-
+
/* Take whatever is on the stack, but don't credit it */
RAND_add(buf, bytes, 0);
- debug("Seeded RNG with %i bytes from system calls",
+ debug("Seeded RNG with %i bytes from system calls",
(int)stir_from_system());
#ifdef PRNGD_PORT
/* Read in collection commands */
if (prng_read_commands(SSH_PRNG_COMMAND_FILE) == -1)
fatal("PRNG initialisation failed -- exiting.");
- debug("Seeded RNG with %i bytes from programs",
+ debug("Seeded RNG with %i bytes from programs",
(int)stir_from_programs());
#endif
if (!RAND_status())
fatal("Not enough entropy in RNG");
- RAND_bytes(buf, bytes);
+ if (RAND_bytes(buf, bytes) <= 0)
+ fatal("Couldn't extract entropy from PRNG");
if (output_hex) {
for(ret = 0; ret < bytes; ret++)
printf("%02x", (unsigned char)(buf[ret]));
printf("\n");
} else
- ret = atomicio(write, STDOUT_FILENO, buf, bytes);
-
+ ret = atomicio(vwrite, STDOUT_FILENO, buf, bytes);
+
memset(buf, '\0', bytes);
xfree(buf);
-
+
return ret == bytes ? 0 : 1;
}
-
andersk / gssapi-openssh.git / blobdiff