]> andersk Git - openssh.git/blame - entropy.c
andersk / openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- (bal) Fixed bsd-snprinf.c so it now honors 'BROKEN_SNPRINTF' again.
[openssh.git] / entropy.c
CommitLineData
bfc9a610 1/*
2 * Copyright (c) 2000 Damien Miller. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
bfc9a610 12 *
13 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
14 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
15 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
16 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
17 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
18 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
19 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
20 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
21 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23 */
24
25#include "includes.h"
26
35484284 27#include <openssl/rand.h>
28#include <openssl/sha.h>
bfc9a610 29
819b676f 30/* SunOS 4.4.4 needs this */
31#ifdef HAVE_FLOATINGPOINT_H
32# include <floatingpoint.h>
33#endif /* HAVE_FLOATINGPOINT_H */
34
42f11eb2 35#include "ssh.h"
e1a023df 36#include "misc.h"
42f11eb2 37#include "xmalloc.h"
38#include "atomicio.h"
effa6591 39#include "pathnames.h"
42f11eb2 40#include "log.h"
41
bfc9a610 42RCSID("$Id$");
43
bfc9a610 44#ifndef offsetof
45# define offsetof(type, member) ((size_t) &((type *)0)->member)
46#endif
48c99b2c 47
48c99b2c 48/* Number of times to pass through command list gathering entropy */
49#define NUM_ENTROPY_RUNS 1
50
51/* Scale entropy estimates back by this amount on subsequent runs */
52#define SCALE_PER_RUN 10.0
53
54/* Minimum number of commands to be considered valid */
55#define MIN_ENTROPY_SOURCES 16
56
57#define WHITESPACE " \t\n"
58
cbd7492e 59#ifndef RUSAGE_SELF
60# define RUSAGE_SELF 0
61#endif
62#ifndef RUSAGE_CHILDREN
63# define RUSAGE_CHILDREN 0
64#endif
65
48c99b2c 66#if defined(EGD_SOCKET) || defined(RANDOM_POOL)
67
68#ifdef EGD_SOCKET
bfc9a610 69/* Collect entropy from EGD */
be0b9bb7 70int get_random_bytes(unsigned char *buf, int len)
bfc9a610 71{
be0b9bb7 72 int fd;
73 char msg[2];
bfc9a610 74 struct sockaddr_un addr;
6a951840 75 int addr_len, rval, errors;
e1a023df 76 mysig_t old_sigpipe;
bfc9a610 77
be0b9bb7 78 /* Sanity checks */
bfc9a610 79 if (sizeof(EGD_SOCKET) > sizeof(addr.sun_path))
80 fatal("Random pool path is too long");
be0b9bb7 81 if (len > 255)
82 fatal("Too many bytes to read from EGD");
83
84 memset(&addr, '\0', sizeof(addr));
85 addr.sun_family = AF_UNIX;
48c99b2c 86 strlcpy(addr.sun_path, EGD_SOCKET, sizeof(addr.sun_path));
bfc9a610 87 addr_len = offsetof(struct sockaddr_un, sun_path) + sizeof(EGD_SOCKET);
2b87da3b 88
e1a023df 89 old_sigpipe = mysignal(SIGPIPE, SIG_IGN);
6a951840 90
91 errors = rval = 0;
92reopen:
be0b9bb7 93 fd = socket(AF_UNIX, SOCK_STREAM, 0);
94 if (fd == -1) {
95 error("Couldn't create AF_UNIX socket: %s", strerror(errno));
6a951840 96 goto done;
be0b9bb7 97 }
bfc9a610 98
be0b9bb7 99 if (connect(fd, (struct sockaddr*)&addr, addr_len) == -1) {
2b87da3b 100 error("Couldn't connect to EGD socket \"%s\": %s",
be0b9bb7 101 addr.sun_path, strerror(errno));
6a951840 102 goto done;
be0b9bb7 103 }
bfc9a610 104
be0b9bb7 105 /* Send blocking read request to EGD */
106 msg[0] = 0x02;
107 msg[1] = len;
108
109 if (atomicio(write, fd, msg, sizeof(msg)) != sizeof(msg)) {
6a951840 110 if (errno == EPIPE && errors < 10) {
111 close(fd);
112 errors++;
113 goto reopen;
114 }
2b87da3b 115 error("Couldn't write to EGD socket \"%s\": %s",
be0b9bb7 116 EGD_SOCKET, strerror(errno));
6a951840 117 goto done;
be0b9bb7 118 }
bfc9a610 119
be0b9bb7 120 if (atomicio(read, fd, buf, len) != len) {
6a951840 121 if (errno == EPIPE && errors < 10) {
122 close(fd);
123 errors++;
124 goto reopen;
125 }
2b87da3b 126 error("Couldn't read from EGD socket \"%s\": %s",
be0b9bb7 127 EGD_SOCKET, strerror(errno));
6a951840 128 goto done;
be0b9bb7 129 }
2b87da3b 130
6a951840 131 rval = 1;
132done:
2adddc78 133 mysignal(SIGPIPE, old_sigpipe);
6a951840 134 if (fd != -1)
135 close(fd);
136 return(rval);
bfc9a610 137}
138#else /* !EGD_SOCKET */
139#ifdef RANDOM_POOL
140/* Collect entropy from /dev/urandom or pipe */
be0b9bb7 141int get_random_bytes(unsigned char *buf, int len)
bfc9a610 142{
be0b9bb7 143 int random_pool;
bfc9a610 144
be0b9bb7 145 random_pool = open(RANDOM_POOL, O_RDONLY);
bfc9a610 146 if (random_pool == -1) {
2b87da3b 147 error("Couldn't open random pool \"%s\": %s",
be0b9bb7 148 RANDOM_POOL, strerror(errno));
149 return(0);
bfc9a610 150 }
2b87da3b 151
be0b9bb7 152 if (atomicio(read, random_pool, buf, len) != len) {
2b87da3b 153 error("Couldn't read from random pool \"%s\": %s",
be0b9bb7 154 RANDOM_POOL, strerror(errno));
155 close(random_pool);
156 return(0);
157 }
2b87da3b 158
be0b9bb7 159 close(random_pool);
2b87da3b 160
be0b9bb7 161 return(1);
bfc9a610 162}
163#endif /* RANDOM_POOL */
164#endif /* EGD_SOCKET */
165
48c99b2c 166/*
167 * Seed OpenSSL's random number pool from Kernel random number generator
168 * or EGD
169 */
170void
171seed_rng(void)
172{
173 char buf[32];
2b87da3b 174
48c99b2c 175 debug("Seeding random number generator");
be0b9bb7 176
b5b3f75d 177 if (!get_random_bytes(buf, sizeof(buf))) {
178 if (!RAND_status())
179 fatal("Entropy collection failed and entropy exhausted");
180 } else {
181 RAND_add(buf, sizeof(buf), sizeof(buf));
182 }
2b87da3b 183
48c99b2c 184 memset(buf, '\0', sizeof(buf));
185}
186
264dce47 187/* No-op */
188void init_rng(void) {}
189
48c99b2c 190#else /* defined(EGD_SOCKET) || defined(RANDOM_POOL) */
191
2b87da3b 192/*
bfc9a610 193 * FIXME: proper entropy estimations. All current values are guesses
b7a87eea 194 * FIXME: (ATL) do estimates at compile time?
bfc9a610 195 * FIXME: More entropy sources
196 */
197
b7a87eea 198/* slow command timeouts (all in milliseconds) */
199/* static int entropy_timeout_default = ENTROPY_TIMEOUT_MSEC; */
200static int entropy_timeout_current = ENTROPY_TIMEOUT_MSEC;
201
d3083fbd 202static int prng_seed_saved = 0;
264dce47 203static int prng_initialised = 0;
204uid_t original_uid;
bfc9a610 205
206typedef struct
207{
208 /* Proportion of data that is entropy */
209 double rate;
b7a87eea 210 /* Counter goes positive if this command times out */
211 unsigned int badness;
212 /* Increases by factor of two each timeout */
213 unsigned int sticky_badness;
bfc9a610 214 /* Path to executable */
d3083fbd 215 char *path;
bfc9a610 216 /* argv to pass to executable */
d3083fbd 217 char *args[5];
ad85db64 218 /* full command string (debug) */
219 char *cmdstring;
bfc9a610 220} entropy_source_t;
221
b7a87eea 222double stir_from_system(void);
223double stir_from_programs(void);
224double stir_gettimeofday(double entropy_estimate);
225double stir_clock(double entropy_estimate);
226double stir_rusage(int who, double entropy_estimate);
227double hash_output_from_command(entropy_source_t *src, char *hash);
228
d3083fbd 229/* this is initialised from a file, by prng_read_commands() */
230entropy_source_t *entropy_sources = NULL;
bfc9a610 231
2b87da3b 232double
bfc9a610 233stir_from_system(void)
234{
235 double total_entropy_estimate;
236 long int i;
2b87da3b 237
bfc9a610 238 total_entropy_estimate = 0;
2b87da3b 239
bfc9a610 240 i = getpid();
cbd7492e 241 RAND_add(&i, sizeof(i), 0.5);
bfc9a610 242 total_entropy_estimate += 0.1;
2b87da3b 243
bfc9a610 244 i = getppid();
cbd7492e 245 RAND_add(&i, sizeof(i), 0.5);
bfc9a610 246 total_entropy_estimate += 0.1;
247
248 i = getuid();
249 RAND_add(&i, sizeof(i), 0.0);
250 i = getgid();
251 RAND_add(&i, sizeof(i), 0.0);
252
253 total_entropy_estimate += stir_gettimeofday(1.0);
cbd7492e 254 total_entropy_estimate += stir_clock(0.5);
bfc9a610 255 total_entropy_estimate += stir_rusage(RUSAGE_SELF, 2.0);
256
257 return(total_entropy_estimate);
258}
259
2b87da3b 260double
bfc9a610 261stir_from_programs(void)
262{
263 int i;
264 int c;
265 double entropy_estimate;
266 double total_entropy_estimate;
267 char hash[SHA_DIGEST_LENGTH];
268
bfc9a610 269 total_entropy_estimate = 0;
48c99b2c 270 for(i = 0; i < NUM_ENTROPY_RUNS; i++) {
bfc9a610 271 c = 0;
272 while (entropy_sources[c].path != NULL) {
bfc9a610 273
b7a87eea 274 if (!entropy_sources[c].badness) {
275 /* Hash output from command */
276 entropy_estimate = hash_output_from_command(&entropy_sources[c], hash);
277
278 /* Scale back entropy estimate according to command's rate */
279 entropy_estimate *= entropy_sources[c].rate;
2b87da3b 280
b7a87eea 281 /* Upper bound of entropy estimate is SHA_DIGEST_LENGTH */
282 if (entropy_estimate > SHA_DIGEST_LENGTH)
283 entropy_estimate = SHA_DIGEST_LENGTH;
bfc9a610 284
2b87da3b 285 /* Scale back estimates for subsequent passes through list */
48c99b2c 286 entropy_estimate /= SCALE_PER_RUN * (i + 1.0);
2b87da3b 287
b7a87eea 288 /* Stir it in */
289 RAND_add(hash, sizeof(hash), entropy_estimate);
bfc9a610 290
2b87da3b 291 debug3("Got %0.2f bytes of entropy from '%s'", entropy_estimate,
ad85db64 292 entropy_sources[c].cmdstring);
bfc9a610 293
b7a87eea 294 total_entropy_estimate += entropy_estimate;
bfc9a610 295
296 /* Execution times should be a little unpredictable */
b7a87eea 297 total_entropy_estimate += stir_gettimeofday(0.05);
298 total_entropy_estimate += stir_clock(0.05);
299 total_entropy_estimate += stir_rusage(RUSAGE_SELF, 0.1);
300 total_entropy_estimate += stir_rusage(RUSAGE_CHILDREN, 0.1);
301 } else {
22d89d24 302 debug2("Command '%s' disabled (badness %d)",
ad85db64 303 entropy_sources[c].cmdstring, entropy_sources[c].badness);
b7a87eea 304
305 if (entropy_sources[c].badness > 0)
306 entropy_sources[c].badness--;
307 }
308
bfc9a610 309 c++;
310 }
311 }
2b87da3b 312
bfc9a610 313 return(total_entropy_estimate);
314}
315
316double
317stir_gettimeofday(double entropy_estimate)
318{
319 struct timeval tv;
2b87da3b 320
bfc9a610 321 if (gettimeofday(&tv, NULL) == -1)
322 fatal("Couldn't gettimeofday: %s", strerror(errno));
323
324 RAND_add(&tv, sizeof(tv), entropy_estimate);
2b87da3b 325
bfc9a610 326 return(entropy_estimate);
327}
328
329double
330stir_clock(double entropy_estimate)
331{
332#ifdef HAVE_CLOCK
333 clock_t c;
2b87da3b 334
bfc9a610 335 c = clock();
336 RAND_add(&c, sizeof(c), entropy_estimate);
2b87da3b 337
bfc9a610 338 return(entropy_estimate);
339#else /* _HAVE_CLOCK */
340 return(0);
341#endif /* _HAVE_CLOCK */
342}
343
344double
345stir_rusage(int who, double entropy_estimate)
346{
347#ifdef HAVE_GETRUSAGE
348 struct rusage ru;
2b87da3b 349
b7a87eea 350 if (getrusage(who, &ru) == -1)
cbd7492e 351 return(0);
bfc9a610 352
cbd7492e 353 RAND_add(&ru, sizeof(ru), entropy_estimate);
bfc9a610 354
355 return(entropy_estimate);
356#else /* _HAVE_GETRUSAGE */
357 return(0);
358#endif /* _HAVE_GETRUSAGE */
359}
360
ad85db64 361
362static
363int
364_get_timeval_msec_difference(struct timeval *t1, struct timeval *t2) {
365 int secdiff, usecdiff;
366
367 secdiff = t2->tv_sec - t1->tv_sec;
368 usecdiff = (secdiff*1000000) + (t2->tv_usec - t1->tv_usec);
369 return (int)(usecdiff / 1000);
370}
371
bfc9a610 372double
b7a87eea 373hash_output_from_command(entropy_source_t *src, char *hash)
bfc9a610 374{
375 static int devnull = -1;
376 int p[2];
b7a87eea 377 fd_set rdset;
378 int cmd_eof = 0, error_abort = 0;
ad85db64 379 struct timeval tv_start, tv_current;
380 int msec_elapsed = 0;
bfc9a610 381 pid_t pid;
382 int status;
ad85db64 383 char buf[16384];
bfc9a610 384 int bytes_read;
385 int total_bytes_read;
386 SHA_CTX sha;
2b87da3b 387
22d89d24 388 debug3("Reading output from \'%s\'", src->cmdstring);
389
bfc9a610 390 if (devnull == -1) {
391 devnull = open("/dev/null", O_RDWR);
392 if (devnull == -1)
393 fatal("Couldn't open /dev/null: %s", strerror(errno));
394 }
2b87da3b 395
bfc9a610 396 if (pipe(p) == -1)
397 fatal("Couldn't open pipe: %s", strerror(errno));
398
ad85db64 399 (void)gettimeofday(&tv_start, NULL); /* record start time */
400
bfc9a610 401 switch (pid = fork()) {
402 case -1: /* Error */
403 close(p[0]);
404 close(p[1]);
405 fatal("Couldn't fork: %s", strerror(errno));
406 /* NOTREACHED */
407 case 0: /* Child */
b7a87eea 408 dup2(devnull, STDIN_FILENO);
409 dup2(p[1], STDOUT_FILENO);
410 dup2(p[1], STDERR_FILENO);
bfc9a610 411 close(p[0]);
412 close(p[1]);
413 close(devnull);
414
264dce47 415 setuid(original_uid);
b7a87eea 416 execv(src->path, (char**)(src->args));
ad85db64 417 debug("(child) Couldn't exec '%s': %s", src->cmdstring,
418 strerror(errno));
bfc9a610 419 _exit(-1);
420 default: /* Parent */
421 break;
422 }
423
424 RAND_add(&pid, sizeof(&pid), 0.0);
425
426 close(p[1]);
427
428 /* Hash output from child */
429 SHA1_Init(&sha);
430 total_bytes_read = 0;
b7a87eea 431
432 while (!error_abort && !cmd_eof) {
433 int ret;
434 struct timeval tv;
ad85db64 435 int msec_remaining;
436
437 (void) gettimeofday(&tv_current, 0);
48c99b2c 438 msec_elapsed = _get_timeval_msec_difference(&tv_start, &tv_current);
ad85db64 439 if (msec_elapsed >= entropy_timeout_current) {
440 error_abort=1;
441 continue;
442 }
443 msec_remaining = entropy_timeout_current - msec_elapsed;
b7a87eea 444
445 FD_ZERO(&rdset);
446 FD_SET(p[0], &rdset);
ad85db64 447 tv.tv_sec = msec_remaining / 1000;
448 tv.tv_usec = (msec_remaining % 1000) * 1000;
b7a87eea 449
450 ret = select(p[0]+1, &rdset, NULL, NULL, &tv);
ad85db64 451
264dce47 452 RAND_add(&tv, sizeof(tv), 0.0);
453
b7a87eea 454 switch (ret) {
455 case 0:
456 /* timer expired */
457 error_abort = 1;
458 break;
b7a87eea 459 case 1:
460 /* command input */
461 bytes_read = read(p[0], buf, sizeof(buf));
264dce47 462 RAND_add(&bytes_read, sizeof(&bytes_read), 0.0);
b7a87eea 463 if (bytes_read == -1) {
464 error_abort = 1;
465 break;
264dce47 466 } else if (bytes_read) {
ad85db64 467 SHA1_Update(&sha, buf, bytes_read);
468 total_bytes_read += bytes_read;
264dce47 469 } else {
ad85db64 470 cmd_eof = 1;
264dce47 471 }
b7a87eea 472 break;
b7a87eea 473 case -1:
474 default:
264dce47 475 /* error */
ad85db64 476 debug("Command '%s': select() failed: %s", src->cmdstring,
477 strerror(errno));
b7a87eea 478 error_abort = 1;
479 break;
264dce47 480 }
481 }
b7a87eea 482
bfc9a610 483 SHA1_Final(hash, &sha);
484
485 close(p[0]);
ad85db64 486
22d89d24 487 debug3("Time elapsed: %d msec", msec_elapsed);
2b87da3b 488
bfc9a610 489 if (waitpid(pid, &status, 0) == -1) {
22d89d24 490 error("Couldn't wait for child '%s' completion: %s", src->cmdstring,
ad85db64 491 strerror(errno));
b7a87eea 492 return(0.0);
bfc9a610 493 }
494
495 RAND_add(&status, sizeof(&status), 0.0);
496
b7a87eea 497 if (error_abort) {
498 /* closing p[0] on timeout causes the entropy command to
499 * SIGPIPE. Take whatever output we got, and mark this command
500 * as slow */
22d89d24 501 debug2("Command '%s' timed out", src->cmdstring);
b7a87eea 502 src->sticky_badness *= 2;
503 src->badness = src->sticky_badness;
bfc9a610 504 return(total_bytes_read);
b7a87eea 505 }
506
507 if (WIFEXITED(status)) {
508 if (WEXITSTATUS(status)==0) {
509 return(total_bytes_read);
510 } else {
2b87da3b 511 debug2("Command '%s' exit status was %d", src->cmdstring,
48c99b2c 512 WEXITSTATUS(status));
b7a87eea 513 src->badness = src->sticky_badness = 128;
514 return (0.0);
515 }
516 } else if (WIFSIGNALED(status)) {
2b87da3b 517 debug2("Command '%s' returned on uncaught signal %d !", src->cmdstring,
48c99b2c 518 status);
b7a87eea 519 src->badness = src->sticky_badness = 128;
520 return(0.0);
521 } else
522 return(0.0);
523}
524
525/*
526 * prng seedfile functions
527 */
528int
529prng_check_seedfile(char *filename) {
530
531 struct stat st;
532
533 /* FIXME raceable: eg replace seed between this stat and subsequent open */
534 /* Not such a problem because we don't trust the seed file anyway */
535 if (lstat(filename, &st) == -1) {
5b2d4b75 536 /* Give up on hard errors */
b7a87eea 537 if (errno != ENOENT)
2b87da3b 538 debug("WARNING: Couldn't stat random seed file \"%s\": %s",
5b2d4b75 539 filename, strerror(errno));
b7a87eea 540
541 return(0);
542 }
543
544 /* regular file? */
545 if (!S_ISREG(st.st_mode))
546 fatal("PRNG seedfile %.100s is not a regular file", filename);
547
548 /* mode 0600, owned by root or the current user? */
5b2d4b75 549 if (((st.st_mode & 0177) != 0) || !(st.st_uid == original_uid)) {
550 debug("WARNING: PRNG seedfile %.100s must be mode 0600, owned by uid %d",
b7a87eea 551 filename, getuid());
5b2d4b75 552 return(0);
553 }
2b87da3b 554
b7a87eea 555 return(1);
556}
557
558void
559prng_write_seedfile(void) {
560 int fd;
561 char seed[1024];
562 char filename[1024];
563 struct passwd *pw;
564
565 /* Don't bother if we have already saved a seed */
566 if (prng_seed_saved)
567 return;
2b87da3b 568
264dce47 569 setuid(original_uid);
2b87da3b 570
52bcc044 571 prng_seed_saved = 1;
2b87da3b 572
264dce47 573 pw = getpwuid(original_uid);
b7a87eea 574 if (pw == NULL)
2b87da3b 575 fatal("Couldn't get password entry for current user (%i): %s",
264dce47 576 original_uid, strerror(errno));
2b87da3b 577
b7a87eea 578 /* Try to ensure that the parent directory is there */
2b87da3b 579 snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir,
effa6591 580 _PATH_SSH_USER_DIR);
b7a87eea 581 mkdir(filename, 0700);
582
2b87da3b 583 snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir,
b7a87eea 584 SSH_PRNG_SEED_FILE);
585
586 debug("writing PRNG seed to file %.100s", filename);
587
588 RAND_bytes(seed, sizeof(seed));
589
590 /* Don't care if the seed doesn't exist */
591 prng_check_seedfile(filename);
2b87da3b 592
5b2d4b75 593 if ((fd = open(filename, O_WRONLY|O_TRUNC|O_CREAT, 0600)) == -1) {
2b87da3b 594 debug("WARNING: couldn't access PRNG seedfile %.100s (%.100s)",
5b2d4b75 595 filename, strerror(errno));
2b87da3b 596 } else {
5b2d4b75 597 if (atomicio(write, fd, &seed, sizeof(seed)) != sizeof(seed))
2b87da3b 598 fatal("problem writing PRNG seedfile %.100s (%.100s)", filename,
5b2d4b75 599 strerror(errno));
b7a87eea 600
5b2d4b75 601 close(fd);
602 }
b7a87eea 603}
604
605void
606prng_read_seedfile(void) {
607 int fd;
608 char seed[1024];
609 char filename[1024];
610 struct passwd *pw;
2b87da3b 611
264dce47 612 pw = getpwuid(original_uid);
b7a87eea 613 if (pw == NULL)
2b87da3b 614 fatal("Couldn't get password entry for current user (%i): %s",
264dce47 615 original_uid, strerror(errno));
2b87da3b 616
617 snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir,
b7a87eea 618 SSH_PRNG_SEED_FILE);
619
620 debug("loading PRNG seed from file %.100s", filename);
621
622 if (!prng_check_seedfile(filename)) {
52ce34a2 623 verbose("Random seed file not found or not valid, ignoring.");
b7a87eea 624 return;
625 }
626
627 /* open the file and read in the seed */
628 fd = open(filename, O_RDONLY);
629 if (fd == -1)
2b87da3b 630 fatal("could not open PRNG seedfile %.100s (%.100s)", filename,
b7a87eea 631 strerror(errno));
632
633 if (atomicio(read, fd, &seed, sizeof(seed)) != sizeof(seed)) {
634 verbose("invalid or short read from PRNG seedfile %.100s - ignoring",
635 filename);
636 memset(seed, '\0', sizeof(seed));
637 }
638 close(fd);
639
640 /* stir in the seed, with estimated entropy zero */
641 RAND_add(&seed, sizeof(seed), 0.0);
bfc9a610 642}
b7a87eea 643
d3083fbd 644
645/*
646 * entropy command initialisation functions
647 */
d3083fbd 648int
649prng_read_commands(char *cmdfilename)
650{
651 FILE *f;
d3083fbd 652 char *cp;
48c99b2c 653 char line[1024];
654 char cmd[1024];
655 char path[256];
d3083fbd 656 int linenum;
d3083fbd 657 int num_cmds = 64;
658 int cur_cmd = 0;
48c99b2c 659 double est;
660 entropy_source_t *entcmd;
d3083fbd 661
662 f = fopen(cmdfilename, "r");
663 if (!f) {
664 fatal("couldn't read entropy commands file %.100s: %.100s",
665 cmdfilename, strerror(errno));
666 }
667
d3083fbd 668 entcmd = (entropy_source_t *)xmalloc(num_cmds * sizeof(entropy_source_t));
669 memset(entcmd, '\0', num_cmds * sizeof(entropy_source_t));
670
48c99b2c 671 /* Read in file */
672 linenum = 0;
d3083fbd 673 while (fgets(line, sizeof(line), f)) {
48c99b2c 674 int arg;
675 char *argv;
676
d3083fbd 677 linenum++;
678
679 /* skip leading whitespace, test for blank line or comment */
680 cp = line + strspn(line, WHITESPACE);
681 if ((*cp == 0) || (*cp == '#'))
682 continue; /* done with this line */
683
48c99b2c 684 /* First non-whitespace char should be double quote delimiting */
685 /* commandline */
686 if (*cp != '"') {
687 error("bad entropy command, %.100s line %d", cmdfilename,
688 linenum);
689 continue;
2b87da3b 690 }
d3083fbd 691
48c99b2c 692 /* first token, command args (incl. argv[0]) in double quotes */
693 cp = strtok(cp, "\"");
694 if (cp == NULL) {
695 error("missing or bad command string, %.100s line %d -- ignored",
696 cmdfilename, linenum);
697 continue;
698 }
699 strlcpy(cmd, cp, sizeof(cmd));
2b87da3b 700
48c99b2c 701 /* second token, full command path */
702 if ((cp = strtok(NULL, WHITESPACE)) == NULL) {
703 error("missing command path, %.100s line %d -- ignored",
704 cmdfilename, linenum);
705 continue;
706 }
d3083fbd 707
48c99b2c 708 /* did configure mark this as dead? */
709 if (strncmp("undef", cp, 5) == 0)
710 continue;
d3083fbd 711
2b87da3b 712 strlcpy(path, cp, sizeof(path));
48c99b2c 713
714 /* third token, entropy rate estimate for this command */
715 if ((cp = strtok(NULL, WHITESPACE)) == NULL) {
716 error("missing entropy estimate, %.100s line %d -- ignored",
717 cmdfilename, linenum);
718 continue;
719 }
720 est = strtod(cp, &argv);
721
722 /* end of line */
723 if ((cp = strtok(NULL, WHITESPACE)) != NULL) {
2b87da3b 724 error("garbage at end of line %d in %.100s -- ignored", linenum,
48c99b2c 725 cmdfilename);
d3083fbd 726 continue;
727 }
48c99b2c 728
729 /* save the command for debug messages */
730 entcmd[cur_cmd].cmdstring = xstrdup(cmd);
2b87da3b 731
48c99b2c 732 /* split the command args */
733 cp = strtok(cmd, WHITESPACE);
734 arg = 0;
735 argv = NULL;
736 do {
737 char *s = (char*)xmalloc(strlen(cp) + 1);
738 strncpy(s, cp, strlen(cp) + 1);
739 entcmd[cur_cmd].args[arg] = s;
740 arg++;
741 } while ((arg < 5) && (cp = strtok(NULL, WHITESPACE)));
2b87da3b 742
48c99b2c 743 if (strtok(NULL, WHITESPACE))
744 error("ignored extra command elements (max 5), %.100s line %d",
745 cmdfilename, linenum);
746
747 /* Copy the command path and rate estimate */
748 entcmd[cur_cmd].path = xstrdup(path);
749 entcmd[cur_cmd].rate = est;
750
751 /* Initialise other values */
752 entcmd[cur_cmd].sticky_badness = 1;
753
754 cur_cmd++;
755
756 /* If we've filled the array, reallocate it twice the size */
757 /* Do this now because even if this we're on the last command,
758 we need another slot to mark the last entry */
759 if (cur_cmd == num_cmds) {
760 num_cmds *= 2;
761 entcmd = xrealloc(entcmd, num_cmds * sizeof(entropy_source_t));
762 }
d3083fbd 763 }
764
765 /* zero the last entry */
766 memset(&entcmd[cur_cmd], '\0', sizeof(entropy_source_t));
48c99b2c 767
d3083fbd 768 /* trim to size */
769 entropy_sources = xrealloc(entcmd, (cur_cmd+1) * sizeof(entropy_source_t));
770
264dce47 771 debug("Loaded %d entropy commands from %.100s", cur_cmd, cmdfilename);
d3083fbd 772
773 return (cur_cmd >= MIN_ENTROPY_SOURCES);
774}
775
b7a87eea 776/*
777 * Write a keyfile at exit
2b87da3b 778 */
b7a87eea 779void
780prng_seed_cleanup(void *junk)
781{
782 prng_write_seedfile();
783}
784
bfc9a610 785/*
b7a87eea 786 * Conditionally Seed OpenSSL's random number pool from
787 * syscalls and program output
bfc9a610 788 */
789void
790seed_rng(void)
791{
e1a023df 792 mysig_t old_sigchld_handler;
d3083fbd 793
264dce47 794 if (!prng_initialised)
795 fatal("RNG not initialised");
2b87da3b 796
a64009ad 797 /* Make sure some other sigchld handler doesn't reap our entropy */
798 /* commands */
e1a023df 799 old_sigchld_handler = mysignal(SIGCHLD, SIG_DFL);
a64009ad 800
264dce47 801 debug("Seeded RNG with %i bytes from programs", (int)stir_from_programs());
802 debug("Seeded RNG with %i bytes from system calls", (int)stir_from_system());
803
804 if (!RAND_status())
805 fatal("Not enough entropy in RNG");
b7a87eea 806
e1a023df 807 mysignal(SIGCHLD, old_sigchld_handler);
a64009ad 808
ad85db64 809 if (!RAND_status())
810 fatal("Couldn't initialise builtin random number generator -- exiting.");
264dce47 811}
ad85db64 812
2b87da3b 813void init_rng(void)
264dce47 814{
e879a080 815 int original_euid;
2b87da3b 816
264dce47 817 original_uid = getuid();
e879a080 818 original_euid = geteuid();
264dce47 819
820 /* Read in collection commands */
821 if (!prng_read_commands(SSH_PRNG_COMMAND_FILE))
822 fatal("PRNG initialisation failed -- exiting.");
823
824 /* Set ourselves up to save a seed upon exit */
2b87da3b 825 prng_seed_saved = 0;
e879a080 826
827 /* Give up privs while reading seed file */
828 if ((original_uid != original_euid) && (seteuid(original_uid) == -1))
829 fatal("Couldn't give up privileges");
2b87da3b 830
264dce47 831 prng_read_seedfile();
e879a080 832
833 if ((original_uid != original_euid) && (seteuid(original_euid) == -1))
834 fatal("Couldn't restore privileges");
835
264dce47 836 fatal_add_cleanup(prng_seed_cleanup, NULL);
837 atexit(prng_write_seedfile);
838
839 prng_initialised = 1;
bfc9a610 840}
264dce47 841
bfc9a610 842#endif /* defined(EGD_SOCKET) || defined(RANDOM_POOL) */
git-cvsimport mirror of OpenSSH
This page took 0.214253 seconds and 5 git commands to generate.