X-Git-Url: http://andersk.mit.edu/gitweb/gssapi-openssh.git/blobdiff_plain/d03f42626b290c7c9839e1ecb27dfb069e76a396..eabf5e199ea94140088fedf87e34251240be7359:/openssh/ssh-rand-helper.c diff --git a/openssh/ssh-rand-helper.c b/openssh/ssh-rand-helper.c index f96447b..9c9c495 100644 --- a/openssh/ssh-rand-helper.c +++ b/openssh/ssh-rand-helper.c @@ -115,19 +115,19 @@ double stir_gettimeofday(double entropy_estimate); double stir_clock(double entropy_estimate); double stir_rusage(int who, double entropy_estimate); double hash_command_output(entropy_cmd_t *src, unsigned char *hash); -int get_random_bytes_prngd(unsigned char *buf, int len, +int get_random_bytes_prngd(unsigned char *buf, int len, unsigned short tcp_port, char *socket_path); /* * Collect 'len' bytes of entropy into 'buf' from PRNGD/EGD daemon * listening either on 'tcp_port', or via Unix domain socket at * * 'socket_path'. - * Either a non-zero tcp_port or a non-null socket_path must be + * Either a non-zero tcp_port or a non-null socket_path must be * supplied. * Returns 0 on success, -1 on error */ int -get_random_bytes_prngd(unsigned char *buf, int len, +get_random_bytes_prngd(unsigned char *buf, int len, unsigned short tcp_port, char *socket_path) { int fd, addr_len, rval, errors; @@ -187,7 +187,7 @@ reopen: msg[0] = 0x02; msg[1] = len; - if (atomicio(write, fd, msg, sizeof(msg)) != sizeof(msg)) { + if (atomicio(vwrite, fd, msg, sizeof(msg)) != sizeof(msg)) { if (errno == EPIPE && errors < 10) { close(fd); errors++; @@ -289,7 +289,7 @@ hash_command_output(entropy_cmd_t *src, unsigned char *hash) if (devnull == -1) { devnull = open("/dev/null", O_RDWR); if (devnull == -1) - fatal("Couldn't open /dev/null: %s", + fatal("Couldn't open /dev/null: %s", strerror(errno)); } @@ -314,7 +314,7 @@ hash_command_output(entropy_cmd_t *src, unsigned char *hash) execv(src->path, (char**)(src->args)); - debug("(child) Couldn't exec '%s': %s", + debug("(child) Couldn't exec '%s': %s", src->cmdstring, strerror(errno)); _exit(-1); default: /* Parent */ @@ -355,6 +355,7 @@ hash_command_output(entropy_cmd_t *src, unsigned char *hash) case 0: /* timer expired */ error_abort = 1; + kill(pid, SIGINT); break; case 1: /* command input */ @@ -375,7 +376,7 @@ hash_command_output(entropy_cmd_t *src, unsigned char *hash) case -1: default: /* error */ - debug("Command '%s': select() failed: %s", + debug("Command '%s': select() failed: %s", src->cmdstring, strerror(errno)); error_abort = 1; break; @@ -399,8 +400,8 @@ hash_command_output(entropy_cmd_t *src, unsigned char *hash) if (error_abort) { /* * Closing p[0] on timeout causes the entropy command to - * SIGPIPE. Take whatever output we got, and mark this - * command as slow + * SIGPIPE. Take whatever output we got, and mark this + * command as slow */ debug2("Command '%s' timed out", src->cmdstring); src->sticky_badness *= 2; @@ -478,7 +479,7 @@ stir_from_programs(void) /* Stir it in */ RAND_add(hash, sizeof(hash), entropy); - debug3("Got %0.2f bytes of entropy from '%s'", + debug3("Got %0.2f bytes of entropy from '%s'", entropy, entropy_cmds[c].cmdstring); total_entropy += entropy; @@ -490,7 +491,7 @@ stir_from_programs(void) total_entropy += stir_rusage(RUSAGE_CHILDREN, 0.1); } else { debug2("Command '%s' disabled (badness %d)", - entropy_cmds[c].cmdstring, + entropy_cmds[c].cmdstring, entropy_cmds[c].badness); if (entropy_cmds[c].badness > 0) @@ -510,8 +511,8 @@ prng_check_seedfile(char *filename) struct stat st; /* - * XXX raceable: eg replace seed between this stat and subsequent - * open. Not such a problem because we don't really trust the + * XXX raceable: eg replace seed between this stat and subsequent + * open. Not such a problem because we don't really trust the * seed file anyway. * XXX: use secure path checking as elsewhere in OpenSSH */ @@ -531,7 +532,7 @@ prng_check_seedfile(char *filename) /* mode 0600, owned by root or the current user? */ if (((st.st_mode & 0177) != 0) || !(st.st_uid == getuid())) { debug("WARNING: PRNG seedfile %.100s must be mode 0600, " - "owned by uid %d", filename, getuid()); + "owned by uid %li", filename, (long int)getuid()); return 0; } @@ -549,7 +550,7 @@ prng_write_seedfile(void) pw = getpwuid(getuid()); if (pw == NULL) fatal("Couldn't get password entry for current user " - "(%i): %s", getuid(), strerror(errno)); + "(%li): %s", (long int)getuid(), strerror(errno)); /* Try to ensure that the parent directory is there */ snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir, @@ -561,7 +562,8 @@ prng_write_seedfile(void) debug("writing PRNG seed to file %.100s", filename); - RAND_bytes(seed, sizeof(seed)); + if (RAND_bytes(seed, sizeof(seed)) <= 0) + fatal("PRNG seed extraction failed"); /* Don't care if the seed doesn't exist */ prng_check_seedfile(filename); @@ -570,7 +572,7 @@ prng_write_seedfile(void) debug("WARNING: couldn't access PRNG seedfile %.100s " "(%.100s)", filename, strerror(errno)); } else { - if (atomicio(write, fd, &seed, sizeof(seed)) < sizeof(seed)) + if (atomicio(vwrite, fd, &seed, sizeof(seed)) < sizeof(seed)) fatal("problem writing PRNG seedfile %.100s " "(%.100s)", filename, strerror(errno)); close(fd); @@ -587,7 +589,7 @@ prng_read_seedfile(void) pw = getpwuid(getuid()); if (pw == NULL) fatal("Couldn't get password entry for current user " - "(%i): %s", getuid(), strerror(errno)); + "(%li): %s", (long int)getuid(), strerror(errno)); snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir, SSH_PRNG_SEED_FILE); @@ -649,7 +651,7 @@ prng_read_commands(char *cmdfilename) continue; /* done with this line */ /* - * The first non-whitespace char should be a double quote + * The first non-whitespace char should be a double quote * delimiting the commandline */ if (*cp != '"') { @@ -724,7 +726,7 @@ prng_read_commands(char *cmdfilename) /* * If we've filled the array, reallocate it twice the size - * Do this now because even if this we're on the last + * Do this now because even if this we're on the last * command we need another slot to mark the last entry */ if (cur_cmd == num_cmds) { @@ -759,7 +761,7 @@ usage(void) OUTPUT_SEED_SIZE); } -int +int main(int argc, char **argv) { unsigned char *buf; @@ -767,7 +769,7 @@ main(int argc, char **argv) extern char *optarg; LogLevel ll; - __progname = get_progname(argv[0]); + __progname = ssh_get_progname(argv[0]); log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1); ll = SYSLOG_LEVEL_INFO; @@ -777,7 +779,7 @@ main(int argc, char **argv) /* Don't write binary data to a tty, unless we are forced to */ if (isatty(STDOUT_FILENO)) output_hex = 1; - + while ((ch = getopt(argc, argv, "vxXhb:")) != -1) { switch (ch) { case 'v': @@ -804,7 +806,7 @@ main(int argc, char **argv) } log_init(argv[0], ll, SYSLOG_FACILITY_USER, 1); - + #ifdef USE_SEED_FILES prng_read_seedfile(); #endif @@ -814,11 +816,11 @@ main(int argc, char **argv) /* * Seed the RNG from wherever we can */ - + /* Take whatever is on the stack, but don't credit it */ RAND_add(buf, bytes, 0); - debug("Seeded RNG with %i bytes from system calls", + debug("Seeded RNG with %i bytes from system calls", (int)stir_from_system()); #ifdef PRNGD_PORT @@ -833,7 +835,7 @@ main(int argc, char **argv) /* Read in collection commands */ if (prng_read_commands(SSH_PRNG_COMMAND_FILE) == -1) fatal("PRNG initialisation failed -- exiting."); - debug("Seeded RNG with %i bytes from programs", + debug("Seeded RNG with %i bytes from programs", (int)stir_from_programs()); #endif @@ -848,17 +850,18 @@ main(int argc, char **argv) if (!RAND_status()) fatal("Not enough entropy in RNG"); - RAND_bytes(buf, bytes); + if (RAND_bytes(buf, bytes) <= 0) + fatal("Couldn't extract entropy from PRNG"); if (output_hex) { for(ret = 0; ret < bytes; ret++) printf("%02x", (unsigned char)(buf[ret])); printf("\n"); } else - ret = atomicio(write, STDOUT_FILENO, buf, bytes); - + ret = atomicio(vwrite, STDOUT_FILENO, buf, bytes); + memset(buf, '\0', bytes); xfree(buf); - + return ret == bytes ? 0 : 1; }