X-Git-Url: http://andersk.mit.edu/gitweb/gssapi-openssh.git/blobdiff_plain/350391c57ace69c4fab6461c695428489f6a4376..bbf3a7a87e15924f1754d4f304217fb2c98cadaa:/openssh/ssh-rand-helper.c diff --git a/openssh/ssh-rand-helper.c b/openssh/ssh-rand-helper.c index 72a818f..79f78d9 100644 --- a/openssh/ssh-rand-helper.c +++ b/openssh/ssh-rand-helper.c @@ -63,7 +63,6 @@ RCSID("$Id$"); # define SSH_PRNG_COMMAND_FILE SSHDIR "/ssh_prng_cmds" #endif - #ifdef HAVE___PROGNAME extern char *__progname; #else @@ -115,7 +114,7 @@ double stir_from_programs(void); double stir_gettimeofday(double entropy_estimate); double stir_clock(double entropy_estimate); double stir_rusage(int who, double entropy_estimate); -double hash_command_output(entropy_cmd_t *src, char *hash); +double hash_command_output(entropy_cmd_t *src, unsigned char *hash); int get_random_bytes_prngd(unsigned char *buf, int len, unsigned short tcp_port, char *socket_path); @@ -188,7 +187,7 @@ reopen: msg[0] = 0x02; msg[1] = len; - if (atomicio(write, fd, msg, sizeof(msg)) != sizeof(msg)) { + if (atomicio(vwrite, fd, msg, sizeof(msg)) != sizeof(msg)) { if (errno == EPIPE && errors < 10) { close(fd); errors++; @@ -274,7 +273,7 @@ timeval_diff(struct timeval *t1, struct timeval *t2) } double -hash_command_output(entropy_cmd_t *src, char *hash) +hash_command_output(entropy_cmd_t *src, unsigned char *hash) { char buf[8192]; fd_set rdset; @@ -356,6 +355,7 @@ hash_command_output(entropy_cmd_t *src, char *hash) case 0: /* timer expired */ error_abort = 1; + kill(pid, SIGINT); break; case 1: /* command input */ @@ -391,7 +391,7 @@ hash_command_output(entropy_cmd_t *src, char *hash) if (waitpid(pid, &status, 0) == -1) { error("Couldn't wait for child '%s' completion: %s", - src->cmdstring, strerror(errno)); + src->cmdstring, strerror(errno)); return 0.0; } @@ -460,7 +460,7 @@ stir_from_programs(void) { int c; double entropy, total_entropy; - char hash[SHA_DIGEST_LENGTH]; + unsigned char hash[SHA_DIGEST_LENGTH]; total_entropy = 0; for(c = 0; entropy_cmds[c].path != NULL; c++) { @@ -532,7 +532,7 @@ prng_check_seedfile(char *filename) /* mode 0600, owned by root or the current user? */ if (((st.st_mode & 0177) != 0) || !(st.st_uid == getuid())) { debug("WARNING: PRNG seedfile %.100s must be mode 0600, " - "owned by uid %d", filename, getuid()); + "owned by uid %li", filename, (long int)getuid()); return 0; } @@ -543,13 +543,14 @@ void prng_write_seedfile(void) { int fd; - char seed[SEED_FILE_SIZE], filename[MAXPATHLEN]; + unsigned char seed[SEED_FILE_SIZE]; + char filename[MAXPATHLEN]; struct passwd *pw; pw = getpwuid(getuid()); if (pw == NULL) fatal("Couldn't get password entry for current user " - "(%i): %s", getuid(), strerror(errno)); + "(%li): %s", (long int)getuid(), strerror(errno)); /* Try to ensure that the parent directory is there */ snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir, @@ -561,7 +562,8 @@ prng_write_seedfile(void) debug("writing PRNG seed to file %.100s", filename); - RAND_bytes(seed, sizeof(seed)); + if (RAND_bytes(seed, sizeof(seed)) <= 0) + fatal("PRNG seed extration failed"); /* Don't care if the seed doesn't exist */ prng_check_seedfile(filename); @@ -570,7 +572,7 @@ prng_write_seedfile(void) debug("WARNING: couldn't access PRNG seedfile %.100s " "(%.100s)", filename, strerror(errno)); } else { - if (atomicio(write, fd, &seed, sizeof(seed)) < sizeof(seed)) + if (atomicio(vwrite, fd, &seed, sizeof(seed)) < sizeof(seed)) fatal("problem writing PRNG seedfile %.100s " "(%.100s)", filename, strerror(errno)); close(fd); @@ -587,7 +589,7 @@ prng_read_seedfile(void) pw = getpwuid(getuid()); if (pw == NULL) fatal("Couldn't get password entry for current user " - "(%i): %s", getuid(), strerror(errno)); + "(%li): %s", (long int)getuid(), strerror(errno)); snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir, SSH_PRNG_SEED_FILE); @@ -767,7 +769,7 @@ main(int argc, char **argv) extern char *optarg; LogLevel ll; - __progname = get_progname(argv[0]); + __progname = ssh_get_progname(argv[0]); log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1); ll = SYSLOG_LEVEL_INFO; @@ -848,18 +850,18 @@ main(int argc, char **argv) if (!RAND_status()) fatal("Not enough entropy in RNG"); - RAND_bytes(buf, bytes); + if (RAND_bytes(buf, bytes) <= 0) + fatal("Couldn't extract entropy from PRNG"); if (output_hex) { for(ret = 0; ret < bytes; ret++) printf("%02x", (unsigned char)(buf[ret])); printf("\n"); } else - ret = atomicio(write, STDOUT_FILENO, buf, bytes); + ret = atomicio(vwrite, STDOUT_FILENO, buf, bytes); memset(buf, '\0', bytes); xfree(buf); return ret == bytes ? 0 : 1; } -