]>
Commit | Line | Data |
---|---|---|
bfc9a610 | 1 | /* |
2 | * Copyright (c) 2000 Damien Miller. All rights reserved. | |
3 | * | |
4 | * Redistribution and use in source and binary forms, with or without | |
5 | * modification, are permitted provided that the following conditions | |
6 | * are met: | |
7 | * 1. Redistributions of source code must retain the above copyright | |
8 | * notice, this list of conditions and the following disclaimer. | |
9 | * 2. Redistributions in binary form must reproduce the above copyright | |
10 | * notice, this list of conditions and the following disclaimer in the | |
11 | * documentation and/or other materials provided with the distribution. | |
12 | * 3. All advertising materials mentioning features or use of this software | |
13 | * must display the following acknowledgement: | |
14 | * This product includes software developed by Markus Friedl. | |
15 | * 4. The name of the author may not be used to endorse or promote products | |
16 | * derived from this software without specific prior written permission. | |
17 | * | |
18 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | |
19 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | |
20 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | |
21 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | |
22 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
23 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
24 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | |
25 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
26 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | |
27 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
28 | */ | |
29 | ||
30 | #include "includes.h" | |
31 | ||
32 | #include "ssh.h" | |
33 | #include "xmalloc.h" | |
34 | ||
35 | #ifdef HAVE_OPENSSL | |
36 | # include <openssl/rand.h> | |
37 | # include <openssl/sha.h> | |
38 | #endif | |
39 | #ifdef HAVE_SSL | |
40 | # include <ssl/rand.h> | |
41 | # include <ssl/sha.h> | |
42 | #endif | |
43 | ||
44 | RCSID("$Id$"); | |
45 | ||
46 | #ifdef EGD_SOCKET | |
47 | #ifndef offsetof | |
48 | # define offsetof(type, member) ((size_t) &((type *)0)->member) | |
49 | #endif | |
50 | /* Collect entropy from EGD */ | |
51 | void get_random_bytes(unsigned char *buf, int len) | |
52 | { | |
53 | static int egd_socket = -1; | |
54 | int c; | |
55 | char egd_message[2] = { 0x02, 0x00 }; | |
56 | struct sockaddr_un addr; | |
57 | int addr_len; | |
58 | ||
59 | memset(&addr, '\0', sizeof(addr)); | |
60 | addr.sun_family = AF_UNIX; | |
61 | ||
62 | /* FIXME: compile time check? */ | |
63 | if (sizeof(EGD_SOCKET) > sizeof(addr.sun_path)) | |
64 | fatal("Random pool path is too long"); | |
65 | ||
66 | strcpy(addr.sun_path, EGD_SOCKET); | |
67 | ||
68 | addr_len = offsetof(struct sockaddr_un, sun_path) + sizeof(EGD_SOCKET); | |
69 | ||
70 | if (egd_socket == -1) { | |
71 | egd_socket = socket(AF_UNIX, SOCK_STREAM, 0); | |
72 | if (egd_socket == -1) | |
73 | fatal("Couldn't create AF_UNIX socket: %s", strerror(errno)); | |
74 | if (connect(egd_socket, (struct sockaddr*)&addr, addr_len) == -1) | |
75 | fatal("Couldn't connect to EGD socket \"%s\": %s", addr.sun_path, strerror(errno)); | |
76 | } | |
77 | ||
78 | if (len > 255) | |
79 | fatal("Too many bytes to read from EGD"); | |
80 | ||
81 | /* Send blocking read request to EGD */ | |
82 | egd_message[1] = len; | |
83 | ||
84 | c = atomicio(write, egd_socket, egd_message, sizeof(egd_message)); | |
85 | if (c == -1) | |
86 | fatal("Couldn't write to EGD socket \"%s\": %s", EGD_SOCKET, strerror(errno)); | |
87 | ||
88 | c = atomicio(read, egd_socket, buf, len); | |
89 | if (c <= 0) | |
90 | fatal("Couldn't read from EGD socket \"%s\": %s", EGD_SOCKET, strerror(errno)); | |
91 | ||
92 | close(EGD_SOCKET); | |
93 | } | |
94 | #else /* !EGD_SOCKET */ | |
95 | #ifdef RANDOM_POOL | |
96 | /* Collect entropy from /dev/urandom or pipe */ | |
97 | void get_random_bytes(unsigned char *buf, int len) | |
98 | { | |
99 | static int random_pool = -1; | |
100 | int c; | |
101 | ||
102 | if (random_pool == -1) { | |
103 | random_pool = open(RANDOM_POOL, O_RDONLY); | |
104 | if (random_pool == -1) | |
105 | fatal("Couldn't open random pool \"%s\": %s", RANDOM_POOL, strerror(errno)); | |
106 | } | |
107 | ||
bfc9a610 | 108 | c = atomicio(read, random_pool, buf, len); |
109 | if (c <= 0) | |
110 | fatal("Couldn't read from random pool \"%s\": %s", RANDOM_POOL, strerror(errno)); | |
111 | } | |
112 | #endif /* RANDOM_POOL */ | |
113 | #endif /* EGD_SOCKET */ | |
114 | ||
115 | #if !defined(EGD_SOCKET) && !defined(RANDOM_POOL) | |
116 | /* | |
117 | * FIXME: proper entropy estimations. All current values are guesses | |
118 | * FIXME: Need timeout for slow moving programs | |
119 | * FIXME: More entropy sources | |
120 | */ | |
121 | ||
122 | double stir_from_system(void); | |
123 | double stir_from_programs(void); | |
124 | double stir_gettimeofday(double entropy_estimate); | |
125 | double stir_clock(double entropy_estimate); | |
126 | double stir_rusage(int who, double entropy_estimate); | |
127 | double hash_output_from_command(const char *path, const char **args, char *hash); | |
128 | ||
129 | typedef struct | |
130 | { | |
131 | /* Proportion of data that is entropy */ | |
132 | double rate; | |
133 | /* Path to executable */ | |
134 | const char *path; | |
135 | /* argv to pass to executable */ | |
136 | const char *args[5]; | |
137 | } entropy_source_t; | |
138 | ||
139 | entropy_source_t entropy_sources[] = { | |
140 | #ifdef PROG_LS | |
141 | { 0.002, PROG_LS, { "ls", "-alni", "/var/log", NULL } }, | |
142 | { 0.002, PROG_LS, { "ls", "-alni", "/var/adm", NULL } }, | |
143 | { 0.002, PROG_LS, { "ls", "-alni", "/var/mail", NULL } }, | |
144 | { 0.002, PROG_LS, { "ls", "-alni", "/var/spool/mail", NULL } }, | |
145 | { 0.002, PROG_LS, { "ls", "-alni", "/proc", NULL } }, | |
146 | { 0.002, PROG_LS, { "ls", "-alni", "/tmp", NULL } }, | |
147 | #endif | |
148 | #ifdef PROG_NETSTAT | |
149 | { 0.005, PROG_NETSTAT, { "netstat","-an", NULL, NULL } }, | |
150 | { 0.010, PROG_NETSTAT, { "netstat","-in", NULL, NULL } }, | |
151 | { 0.002, PROG_NETSTAT, { "netstat","-rn", NULL, NULL } }, | |
152 | { 0.002, PROG_NETSTAT, { "netstat","-s", NULL, NULL } }, | |
153 | #endif | |
154 | #ifdef PROG_ARP | |
155 | { 0.002, PROG_ARP, { "arp","-a","-n", NULL } }, | |
156 | #endif | |
157 | #ifdef PROG_IFCONFIG | |
158 | { 0.002, PROG_IFCONFIG, { "ifconfig", "-a", NULL, NULL } }, | |
159 | #endif | |
160 | #ifdef PROG_PS | |
161 | { 0.003, PROG_PS, { "ps", "laxww", NULL, NULL } }, | |
162 | { 0.003, PROG_PS, { "ps", "-al", NULL, NULL } }, | |
163 | { 0.003, PROG_PS, { "ps", "-efl", NULL, NULL } }, | |
164 | #endif | |
165 | #ifdef PROG_W | |
166 | { 0.005, PROG_W, { "w", NULL, NULL, NULL } }, | |
167 | #endif | |
168 | #ifdef PROG_WHO | |
169 | { 0.001, PROG_WHO, { "who","-i", NULL, NULL } }, | |
170 | #endif | |
171 | #ifdef PROG_LAST | |
172 | { 0.001, PROG_LAST, { "last", NULL, NULL, NULL } }, | |
173 | #endif | |
174 | #ifdef PROG_LASTLOG | |
175 | { 0.001, PROG_LASTLOG, { "lastlog", NULL, NULL, NULL } }, | |
176 | #endif | |
177 | #ifdef PROG_DF | |
178 | { 0.010, PROG_DF, { "df", NULL, NULL, NULL } }, | |
179 | { 0.010, PROG_DF, { "df", "-i", NULL, NULL } }, | |
180 | #endif | |
181 | #ifdef PROG_VMSTAT | |
182 | { 0.010, PROG_VMSTAT, { "vmstat", NULL, NULL, NULL } }, | |
183 | #endif | |
184 | #ifdef PROG_UPTIME | |
185 | { 0.001, PROG_UPTIME, { "uptime", NULL, NULL, NULL } }, | |
186 | #endif | |
187 | #ifdef PROG_IPCS | |
188 | { 0.001, PROG_IPCS, { "-a", NULL, NULL, NULL } }, | |
189 | #endif | |
190 | #ifdef PROG_TAIL | |
191 | { 0.001, PROG_TAIL, { "tail", "-200", "/var/log/messages", NULL, NULL } }, | |
192 | { 0.001, PROG_TAIL, { "tail", "-200", "/var/log/syslog", NULL, NULL } }, | |
193 | { 0.001, PROG_TAIL, { "tail", "-200", "/var/adm/messages", NULL, NULL } }, | |
194 | { 0.001, PROG_TAIL, { "tail", "-200", "/var/adm/syslog", NULL, NULL } }, | |
195 | { 0.001, PROG_TAIL, { "tail", "-200", "/var/log/maillog", NULL, NULL } }, | |
196 | { 0.001, PROG_TAIL, { "tail", "-200", "/var/adm/maillog", NULL, NULL } }, | |
197 | #endif | |
198 | { 0.000, NULL, { NULL, NULL, NULL, NULL, NULL } }, | |
199 | }; | |
200 | ||
201 | ||
202 | double | |
203 | stir_from_system(void) | |
204 | { | |
205 | double total_entropy_estimate; | |
206 | long int i; | |
207 | ||
208 | total_entropy_estimate = 0; | |
209 | ||
210 | i = getpid(); | |
211 | RAND_add(&i, sizeof(i), 0.1); | |
212 | total_entropy_estimate += 0.1; | |
213 | ||
214 | i = getppid(); | |
215 | RAND_add(&i, sizeof(i), 0.1); | |
216 | total_entropy_estimate += 0.1; | |
217 | ||
218 | i = getuid(); | |
219 | RAND_add(&i, sizeof(i), 0.0); | |
220 | i = getgid(); | |
221 | RAND_add(&i, sizeof(i), 0.0); | |
222 | ||
223 | total_entropy_estimate += stir_gettimeofday(1.0); | |
224 | total_entropy_estimate += stir_clock(0.2); | |
225 | total_entropy_estimate += stir_rusage(RUSAGE_SELF, 2.0); | |
226 | ||
227 | return(total_entropy_estimate); | |
228 | } | |
229 | ||
230 | double | |
231 | stir_from_programs(void) | |
232 | { | |
233 | int i; | |
234 | int c; | |
235 | double entropy_estimate; | |
236 | double total_entropy_estimate; | |
237 | char hash[SHA_DIGEST_LENGTH]; | |
238 | ||
239 | /* | |
240 | * Run through list of programs twice to catch differences | |
241 | */ | |
242 | total_entropy_estimate = 0; | |
243 | for(i = 0; i < 2; i++) { | |
244 | c = 0; | |
245 | while (entropy_sources[c].path != NULL) { | |
246 | /* Hash output from command */ | |
247 | entropy_estimate = hash_output_from_command(entropy_sources[c].path, | |
248 | entropy_sources[c].args, hash); | |
249 | ||
250 | /* Scale back entropy estimate according to command's rate */ | |
251 | entropy_estimate *= entropy_sources[c].rate; | |
252 | ||
253 | /* Upper bound of entropy estimate is SHA_DIGEST_LENGTH */ | |
254 | if (entropy_estimate > SHA_DIGEST_LENGTH) | |
255 | entropy_estimate = SHA_DIGEST_LENGTH; | |
256 | ||
257 | /* * Scale back estimates for subsequent passes through list */ | |
258 | entropy_estimate /= 10.0 * (i + 1.0); | |
259 | ||
260 | /* Stir it in */ | |
261 | RAND_add(hash, sizeof(hash), entropy_estimate); | |
262 | ||
263 | /* FIXME: turn this off later */ | |
264 | #if 1 | |
265 | debug("Got %0.2f bytes of entropy from %s", entropy_estimate, | |
266 | entropy_sources[c].path); | |
267 | #endif | |
268 | ||
269 | total_entropy_estimate += entropy_estimate; | |
270 | ||
271 | /* Execution times should be a little unpredictable */ | |
272 | total_entropy_estimate += stir_gettimeofday(0.05); | |
273 | total_entropy_estimate += stir_clock(0.05); | |
274 | total_entropy_estimate += stir_rusage(RUSAGE_SELF, 0.1); | |
275 | total_entropy_estimate += stir_rusage(RUSAGE_CHILDREN, 0.1); | |
276 | ||
277 | c++; | |
278 | } | |
279 | } | |
280 | ||
281 | return(total_entropy_estimate); | |
282 | } | |
283 | ||
284 | double | |
285 | stir_gettimeofday(double entropy_estimate) | |
286 | { | |
287 | struct timeval tv; | |
288 | ||
289 | if (gettimeofday(&tv, NULL) == -1) | |
290 | fatal("Couldn't gettimeofday: %s", strerror(errno)); | |
291 | ||
292 | RAND_add(&tv, sizeof(tv), entropy_estimate); | |
293 | ||
294 | return(entropy_estimate); | |
295 | } | |
296 | ||
297 | double | |
298 | stir_clock(double entropy_estimate) | |
299 | { | |
300 | #ifdef HAVE_CLOCK | |
301 | clock_t c; | |
302 | ||
303 | c = clock(); | |
304 | RAND_add(&c, sizeof(c), entropy_estimate); | |
305 | ||
306 | return(entropy_estimate); | |
307 | #else /* _HAVE_CLOCK */ | |
308 | return(0); | |
309 | #endif /* _HAVE_CLOCK */ | |
310 | } | |
311 | ||
312 | double | |
313 | stir_rusage(int who, double entropy_estimate) | |
314 | { | |
315 | #ifdef HAVE_GETRUSAGE | |
316 | struct rusage ru; | |
317 | ||
318 | if (getrusage(who, &ru) == -1) | |
319 | fatal("Couldn't getrusage: %s", strerror(errno)); | |
320 | ||
321 | RAND_add(&ru, sizeof(ru), 0.1); | |
322 | ||
323 | return(entropy_estimate); | |
324 | #else /* _HAVE_GETRUSAGE */ | |
325 | return(0); | |
326 | #endif /* _HAVE_GETRUSAGE */ | |
327 | } | |
328 | ||
329 | double | |
330 | hash_output_from_command(const char *path, const char **args, char *hash) | |
331 | { | |
332 | static int devnull = -1; | |
333 | int p[2]; | |
334 | pid_t pid; | |
335 | int status; | |
336 | char buf[2048]; | |
337 | int bytes_read; | |
338 | int total_bytes_read; | |
339 | SHA_CTX sha; | |
340 | ||
341 | if (devnull == -1) { | |
342 | devnull = open("/dev/null", O_RDWR); | |
343 | if (devnull == -1) | |
344 | fatal("Couldn't open /dev/null: %s", strerror(errno)); | |
345 | } | |
346 | ||
347 | if (pipe(p) == -1) | |
348 | fatal("Couldn't open pipe: %s", strerror(errno)); | |
349 | ||
350 | switch (pid = fork()) { | |
351 | case -1: /* Error */ | |
352 | close(p[0]); | |
353 | close(p[1]); | |
354 | fatal("Couldn't fork: %s", strerror(errno)); | |
355 | /* NOTREACHED */ | |
356 | case 0: /* Child */ | |
357 | close(0); | |
358 | close(1); | |
359 | close(2); | |
360 | dup2(devnull, 0); | |
361 | dup2(p[1], 1); | |
362 | dup2(p[1], 2); | |
363 | close(p[0]); | |
364 | close(p[1]); | |
365 | close(devnull); | |
366 | ||
367 | execv(path, (char**)args); | |
368 | debug("(child) Couldn't exec '%s': %s", path, strerror(errno)); | |
369 | _exit(-1); | |
370 | default: /* Parent */ | |
371 | break; | |
372 | } | |
373 | ||
374 | RAND_add(&pid, sizeof(&pid), 0.0); | |
375 | ||
376 | close(p[1]); | |
377 | ||
378 | /* Hash output from child */ | |
379 | SHA1_Init(&sha); | |
380 | total_bytes_read = 0; | |
381 | while ((bytes_read = read(p[0], buf, sizeof(buf))) > 0) { | |
382 | SHA1_Update(&sha, buf, bytes_read); | |
383 | total_bytes_read += bytes_read; | |
384 | RAND_add(&bytes_read, sizeof(&bytes_read), 0.0); | |
385 | } | |
386 | SHA1_Final(hash, &sha); | |
387 | ||
388 | close(p[0]); | |
389 | ||
390 | if (waitpid(pid, &status, 0) == -1) { | |
391 | error("Couldn't wait for child '%s' completion: %s", path, | |
392 | strerror(errno)); | |
393 | return(-1); | |
394 | } | |
395 | ||
396 | RAND_add(&status, sizeof(&status), 0.0); | |
397 | ||
398 | if (!WIFEXITED(status) || (WEXITSTATUS(status) != 0)) | |
399 | return(0.0); | |
400 | else | |
401 | return(total_bytes_read); | |
402 | } | |
403 | #endif /* defined(EGD_SOCKET) || defined(RANDOM_POOL) */ | |
404 | ||
405 | #if defined(EGD_SOCKET) || defined(RANDOM_POOL) | |
406 | /* | |
407 | * Seed OpenSSL's random number pool from Kernel random number generator | |
408 | * or EGD | |
409 | */ | |
410 | void | |
411 | seed_rng(void) | |
412 | { | |
413 | char buf[32]; | |
414 | ||
415 | debug("Seeding random number generator"); | |
416 | get_random_bytes(buf, sizeof(buf)); | |
417 | RAND_add(buf, sizeof(buf), sizeof(buf)); | |
418 | memset(buf, '\0', sizeof(buf)); | |
419 | } | |
420 | #else /* defined(EGD_SOCKET) || defined(RANDOM_POOL) */ | |
421 | /* | |
422 | * Conditionally Seed OpenSSL's random number pool syscalls and program output | |
423 | */ | |
424 | void | |
425 | seed_rng(void) | |
426 | { | |
427 | if (!RAND_status()) { | |
428 | debug("Seeding random number generator."); | |
429 | debug("%i bytes from system calls", (int)stir_from_system()); | |
430 | debug("%i bytes from programs", (int)stir_from_programs()); | |
431 | debug("OpenSSL random status is now %i\n", RAND_status()); | |
432 | } | |
433 | } | |
434 | #endif /* defined(EGD_SOCKET) || defined(RANDOM_POOL) */ |