]>
Commit | Line | Data |
---|---|---|
bfc9a610 | 1 | /* |
2 | * Copyright (c) 2000 Damien Miller. All rights reserved. | |
3 | * | |
4 | * Redistribution and use in source and binary forms, with or without | |
5 | * modification, are permitted provided that the following conditions | |
6 | * are met: | |
7 | * 1. Redistributions of source code must retain the above copyright | |
8 | * notice, this list of conditions and the following disclaimer. | |
9 | * 2. Redistributions in binary form must reproduce the above copyright | |
10 | * notice, this list of conditions and the following disclaimer in the | |
11 | * documentation and/or other materials provided with the distribution. | |
12 | * 3. All advertising materials mentioning features or use of this software | |
13 | * must display the following acknowledgement: | |
14 | * This product includes software developed by Markus Friedl. | |
15 | * 4. The name of the author may not be used to endorse or promote products | |
16 | * derived from this software without specific prior written permission. | |
17 | * | |
18 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | |
19 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | |
20 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | |
21 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | |
22 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
23 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
24 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | |
25 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
26 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | |
27 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
28 | */ | |
29 | ||
30 | #include "includes.h" | |
31 | ||
32 | #include "ssh.h" | |
33 | #include "xmalloc.h" | |
34 | ||
35 | #ifdef HAVE_OPENSSL | |
36 | # include <openssl/rand.h> | |
37 | # include <openssl/sha.h> | |
38 | #endif | |
39 | #ifdef HAVE_SSL | |
40 | # include <ssl/rand.h> | |
41 | # include <ssl/sha.h> | |
42 | #endif | |
43 | ||
44 | RCSID("$Id$"); | |
45 | ||
46 | #ifdef EGD_SOCKET | |
47 | #ifndef offsetof | |
48 | # define offsetof(type, member) ((size_t) &((type *)0)->member) | |
49 | #endif | |
50 | /* Collect entropy from EGD */ | |
51 | void get_random_bytes(unsigned char *buf, int len) | |
52 | { | |
53 | static int egd_socket = -1; | |
54 | int c; | |
55 | char egd_message[2] = { 0x02, 0x00 }; | |
56 | struct sockaddr_un addr; | |
57 | int addr_len; | |
58 | ||
59 | memset(&addr, '\0', sizeof(addr)); | |
60 | addr.sun_family = AF_UNIX; | |
61 | ||
62 | /* FIXME: compile time check? */ | |
63 | if (sizeof(EGD_SOCKET) > sizeof(addr.sun_path)) | |
64 | fatal("Random pool path is too long"); | |
65 | ||
66 | strcpy(addr.sun_path, EGD_SOCKET); | |
67 | ||
68 | addr_len = offsetof(struct sockaddr_un, sun_path) + sizeof(EGD_SOCKET); | |
69 | ||
70 | if (egd_socket == -1) { | |
71 | egd_socket = socket(AF_UNIX, SOCK_STREAM, 0); | |
72 | if (egd_socket == -1) | |
73 | fatal("Couldn't create AF_UNIX socket: %s", strerror(errno)); | |
74 | if (connect(egd_socket, (struct sockaddr*)&addr, addr_len) == -1) | |
75 | fatal("Couldn't connect to EGD socket \"%s\": %s", addr.sun_path, strerror(errno)); | |
76 | } | |
77 | ||
78 | if (len > 255) | |
79 | fatal("Too many bytes to read from EGD"); | |
80 | ||
81 | /* Send blocking read request to EGD */ | |
82 | egd_message[1] = len; | |
83 | ||
84 | c = atomicio(write, egd_socket, egd_message, sizeof(egd_message)); | |
85 | if (c == -1) | |
86 | fatal("Couldn't write to EGD socket \"%s\": %s", EGD_SOCKET, strerror(errno)); | |
87 | ||
88 | c = atomicio(read, egd_socket, buf, len); | |
89 | if (c <= 0) | |
90 | fatal("Couldn't read from EGD socket \"%s\": %s", EGD_SOCKET, strerror(errno)); | |
91 | ||
92 | close(EGD_SOCKET); | |
93 | } | |
94 | #else /* !EGD_SOCKET */ | |
95 | #ifdef RANDOM_POOL | |
96 | /* Collect entropy from /dev/urandom or pipe */ | |
97 | void get_random_bytes(unsigned char *buf, int len) | |
98 | { | |
99 | static int random_pool = -1; | |
100 | int c; | |
101 | ||
102 | if (random_pool == -1) { | |
103 | random_pool = open(RANDOM_POOL, O_RDONLY); | |
104 | if (random_pool == -1) | |
105 | fatal("Couldn't open random pool \"%s\": %s", RANDOM_POOL, strerror(errno)); | |
106 | } | |
107 | ||
bfc9a610 | 108 | c = atomicio(read, random_pool, buf, len); |
109 | if (c <= 0) | |
110 | fatal("Couldn't read from random pool \"%s\": %s", RANDOM_POOL, strerror(errno)); | |
111 | } | |
112 | #endif /* RANDOM_POOL */ | |
113 | #endif /* EGD_SOCKET */ | |
114 | ||
115 | #if !defined(EGD_SOCKET) && !defined(RANDOM_POOL) | |
116 | /* | |
117 | * FIXME: proper entropy estimations. All current values are guesses | |
118 | * FIXME: Need timeout for slow moving programs | |
119 | * FIXME: More entropy sources | |
120 | */ | |
121 | ||
122 | double stir_from_system(void); | |
123 | double stir_from_programs(void); | |
124 | double stir_gettimeofday(double entropy_estimate); | |
125 | double stir_clock(double entropy_estimate); | |
126 | double stir_rusage(int who, double entropy_estimate); | |
127 | double hash_output_from_command(const char *path, const char **args, char *hash); | |
128 | ||
129 | typedef struct | |
130 | { | |
131 | /* Proportion of data that is entropy */ | |
132 | double rate; | |
133 | /* Path to executable */ | |
134 | const char *path; | |
135 | /* argv to pass to executable */ | |
136 | const char *args[5]; | |
137 | } entropy_source_t; | |
138 | ||
139 | entropy_source_t entropy_sources[] = { | |
140 | #ifdef PROG_LS | |
141 | { 0.002, PROG_LS, { "ls", "-alni", "/var/log", NULL } }, | |
142 | { 0.002, PROG_LS, { "ls", "-alni", "/var/adm", NULL } }, | |
143 | { 0.002, PROG_LS, { "ls", "-alni", "/var/mail", NULL } }, | |
144 | { 0.002, PROG_LS, { "ls", "-alni", "/var/spool/mail", NULL } }, | |
145 | { 0.002, PROG_LS, { "ls", "-alni", "/proc", NULL } }, | |
146 | { 0.002, PROG_LS, { "ls", "-alni", "/tmp", NULL } }, | |
147 | #endif | |
148 | #ifdef PROG_NETSTAT | |
149 | { 0.005, PROG_NETSTAT, { "netstat","-an", NULL, NULL } }, | |
150 | { 0.010, PROG_NETSTAT, { "netstat","-in", NULL, NULL } }, | |
151 | { 0.002, PROG_NETSTAT, { "netstat","-rn", NULL, NULL } }, | |
152 | { 0.002, PROG_NETSTAT, { "netstat","-s", NULL, NULL } }, | |
153 | #endif | |
154 | #ifdef PROG_ARP | |
155 | { 0.002, PROG_ARP, { "arp","-a","-n", NULL } }, | |
156 | #endif | |
157 | #ifdef PROG_IFCONFIG | |
158 | { 0.002, PROG_IFCONFIG, { "ifconfig", "-a", NULL, NULL } }, | |
159 | #endif | |
160 | #ifdef PROG_PS | |
161 | { 0.003, PROG_PS, { "ps", "laxww", NULL, NULL } }, | |
162 | { 0.003, PROG_PS, { "ps", "-al", NULL, NULL } }, | |
163 | { 0.003, PROG_PS, { "ps", "-efl", NULL, NULL } }, | |
164 | #endif | |
165 | #ifdef PROG_W | |
166 | { 0.005, PROG_W, { "w", NULL, NULL, NULL } }, | |
167 | #endif | |
168 | #ifdef PROG_WHO | |
169 | { 0.001, PROG_WHO, { "who","-i", NULL, NULL } }, | |
170 | #endif | |
171 | #ifdef PROG_LAST | |
172 | { 0.001, PROG_LAST, { "last", NULL, NULL, NULL } }, | |
173 | #endif | |
174 | #ifdef PROG_LASTLOG | |
175 | { 0.001, PROG_LASTLOG, { "lastlog", NULL, NULL, NULL } }, | |
176 | #endif | |
177 | #ifdef PROG_DF | |
178 | { 0.010, PROG_DF, { "df", NULL, NULL, NULL } }, | |
179 | { 0.010, PROG_DF, { "df", "-i", NULL, NULL } }, | |
180 | #endif | |
181 | #ifdef PROG_VMSTAT | |
182 | { 0.010, PROG_VMSTAT, { "vmstat", NULL, NULL, NULL } }, | |
183 | #endif | |
184 | #ifdef PROG_UPTIME | |
185 | { 0.001, PROG_UPTIME, { "uptime", NULL, NULL, NULL } }, | |
186 | #endif | |
187 | #ifdef PROG_IPCS | |
188 | { 0.001, PROG_IPCS, { "-a", NULL, NULL, NULL } }, | |
189 | #endif | |
190 | #ifdef PROG_TAIL | |
191 | { 0.001, PROG_TAIL, { "tail", "-200", "/var/log/messages", NULL, NULL } }, | |
192 | { 0.001, PROG_TAIL, { "tail", "-200", "/var/log/syslog", NULL, NULL } }, | |
193 | { 0.001, PROG_TAIL, { "tail", "-200", "/var/adm/messages", NULL, NULL } }, | |
194 | { 0.001, PROG_TAIL, { "tail", "-200", "/var/adm/syslog", NULL, NULL } }, | |
195 | { 0.001, PROG_TAIL, { "tail", "-200", "/var/log/maillog", NULL, NULL } }, | |
196 | { 0.001, PROG_TAIL, { "tail", "-200", "/var/adm/maillog", NULL, NULL } }, | |
197 | #endif | |
198 | { 0.000, NULL, { NULL, NULL, NULL, NULL, NULL } }, | |
199 | }; | |
200 | ||
bfc9a610 | 201 | double |
202 | stir_from_system(void) | |
203 | { | |
204 | double total_entropy_estimate; | |
205 | long int i; | |
206 | ||
207 | total_entropy_estimate = 0; | |
208 | ||
209 | i = getpid(); | |
210 | RAND_add(&i, sizeof(i), 0.1); | |
211 | total_entropy_estimate += 0.1; | |
212 | ||
213 | i = getppid(); | |
214 | RAND_add(&i, sizeof(i), 0.1); | |
215 | total_entropy_estimate += 0.1; | |
216 | ||
217 | i = getuid(); | |
218 | RAND_add(&i, sizeof(i), 0.0); | |
219 | i = getgid(); | |
220 | RAND_add(&i, sizeof(i), 0.0); | |
221 | ||
222 | total_entropy_estimate += stir_gettimeofday(1.0); | |
223 | total_entropy_estimate += stir_clock(0.2); | |
224 | total_entropy_estimate += stir_rusage(RUSAGE_SELF, 2.0); | |
225 | ||
226 | return(total_entropy_estimate); | |
227 | } | |
228 | ||
229 | double | |
230 | stir_from_programs(void) | |
231 | { | |
232 | int i; | |
233 | int c; | |
234 | double entropy_estimate; | |
235 | double total_entropy_estimate; | |
236 | char hash[SHA_DIGEST_LENGTH]; | |
237 | ||
238 | /* | |
239 | * Run through list of programs twice to catch differences | |
240 | */ | |
241 | total_entropy_estimate = 0; | |
242 | for(i = 0; i < 2; i++) { | |
243 | c = 0; | |
244 | while (entropy_sources[c].path != NULL) { | |
245 | /* Hash output from command */ | |
246 | entropy_estimate = hash_output_from_command(entropy_sources[c].path, | |
247 | entropy_sources[c].args, hash); | |
248 | ||
249 | /* Scale back entropy estimate according to command's rate */ | |
250 | entropy_estimate *= entropy_sources[c].rate; | |
251 | ||
252 | /* Upper bound of entropy estimate is SHA_DIGEST_LENGTH */ | |
253 | if (entropy_estimate > SHA_DIGEST_LENGTH) | |
254 | entropy_estimate = SHA_DIGEST_LENGTH; | |
255 | ||
256 | /* * Scale back estimates for subsequent passes through list */ | |
257 | entropy_estimate /= 10.0 * (i + 1.0); | |
258 | ||
259 | /* Stir it in */ | |
260 | RAND_add(hash, sizeof(hash), entropy_estimate); | |
261 | ||
262 | /* FIXME: turn this off later */ | |
263 | #if 1 | |
264 | debug("Got %0.2f bytes of entropy from %s", entropy_estimate, | |
265 | entropy_sources[c].path); | |
266 | #endif | |
267 | ||
268 | total_entropy_estimate += entropy_estimate; | |
269 | ||
270 | /* Execution times should be a little unpredictable */ | |
271 | total_entropy_estimate += stir_gettimeofday(0.05); | |
272 | total_entropy_estimate += stir_clock(0.05); | |
273 | total_entropy_estimate += stir_rusage(RUSAGE_SELF, 0.1); | |
274 | total_entropy_estimate += stir_rusage(RUSAGE_CHILDREN, 0.1); | |
275 | ||
276 | c++; | |
277 | } | |
278 | } | |
279 | ||
280 | return(total_entropy_estimate); | |
281 | } | |
282 | ||
283 | double | |
284 | stir_gettimeofday(double entropy_estimate) | |
285 | { | |
286 | struct timeval tv; | |
287 | ||
288 | if (gettimeofday(&tv, NULL) == -1) | |
289 | fatal("Couldn't gettimeofday: %s", strerror(errno)); | |
290 | ||
291 | RAND_add(&tv, sizeof(tv), entropy_estimate); | |
292 | ||
293 | return(entropy_estimate); | |
294 | } | |
295 | ||
296 | double | |
297 | stir_clock(double entropy_estimate) | |
298 | { | |
299 | #ifdef HAVE_CLOCK | |
300 | clock_t c; | |
301 | ||
302 | c = clock(); | |
303 | RAND_add(&c, sizeof(c), entropy_estimate); | |
304 | ||
305 | return(entropy_estimate); | |
306 | #else /* _HAVE_CLOCK */ | |
307 | return(0); | |
308 | #endif /* _HAVE_CLOCK */ | |
309 | } | |
310 | ||
311 | double | |
312 | stir_rusage(int who, double entropy_estimate) | |
313 | { | |
314 | #ifdef HAVE_GETRUSAGE | |
315 | struct rusage ru; | |
316 | ||
317 | if (getrusage(who, &ru) == -1) | |
318 | fatal("Couldn't getrusage: %s", strerror(errno)); | |
319 | ||
320 | RAND_add(&ru, sizeof(ru), 0.1); | |
321 | ||
322 | return(entropy_estimate); | |
323 | #else /* _HAVE_GETRUSAGE */ | |
324 | return(0); | |
325 | #endif /* _HAVE_GETRUSAGE */ | |
326 | } | |
327 | ||
328 | double | |
329 | hash_output_from_command(const char *path, const char **args, char *hash) | |
330 | { | |
331 | static int devnull = -1; | |
332 | int p[2]; | |
333 | pid_t pid; | |
334 | int status; | |
335 | char buf[2048]; | |
336 | int bytes_read; | |
337 | int total_bytes_read; | |
338 | SHA_CTX sha; | |
339 | ||
340 | if (devnull == -1) { | |
341 | devnull = open("/dev/null", O_RDWR); | |
342 | if (devnull == -1) | |
343 | fatal("Couldn't open /dev/null: %s", strerror(errno)); | |
344 | } | |
345 | ||
346 | if (pipe(p) == -1) | |
347 | fatal("Couldn't open pipe: %s", strerror(errno)); | |
348 | ||
349 | switch (pid = fork()) { | |
350 | case -1: /* Error */ | |
351 | close(p[0]); | |
352 | close(p[1]); | |
353 | fatal("Couldn't fork: %s", strerror(errno)); | |
354 | /* NOTREACHED */ | |
355 | case 0: /* Child */ | |
356 | close(0); | |
357 | close(1); | |
358 | close(2); | |
359 | dup2(devnull, 0); | |
360 | dup2(p[1], 1); | |
361 | dup2(p[1], 2); | |
362 | close(p[0]); | |
363 | close(p[1]); | |
364 | close(devnull); | |
365 | ||
366 | execv(path, (char**)args); | |
367 | debug("(child) Couldn't exec '%s': %s", path, strerror(errno)); | |
368 | _exit(-1); | |
369 | default: /* Parent */ | |
370 | break; | |
371 | } | |
372 | ||
373 | RAND_add(&pid, sizeof(&pid), 0.0); | |
374 | ||
375 | close(p[1]); | |
376 | ||
377 | /* Hash output from child */ | |
378 | SHA1_Init(&sha); | |
379 | total_bytes_read = 0; | |
380 | while ((bytes_read = read(p[0], buf, sizeof(buf))) > 0) { | |
381 | SHA1_Update(&sha, buf, bytes_read); | |
382 | total_bytes_read += bytes_read; | |
383 | RAND_add(&bytes_read, sizeof(&bytes_read), 0.0); | |
384 | } | |
385 | SHA1_Final(hash, &sha); | |
386 | ||
387 | close(p[0]); | |
388 | ||
389 | if (waitpid(pid, &status, 0) == -1) { | |
390 | error("Couldn't wait for child '%s' completion: %s", path, | |
391 | strerror(errno)); | |
392 | return(-1); | |
393 | } | |
394 | ||
395 | RAND_add(&status, sizeof(&status), 0.0); | |
396 | ||
397 | if (!WIFEXITED(status) || (WEXITSTATUS(status) != 0)) | |
398 | return(0.0); | |
399 | else | |
400 | return(total_bytes_read); | |
401 | } | |
402 | #endif /* defined(EGD_SOCKET) || defined(RANDOM_POOL) */ | |
403 | ||
404 | #if defined(EGD_SOCKET) || defined(RANDOM_POOL) | |
405 | /* | |
406 | * Seed OpenSSL's random number pool from Kernel random number generator | |
407 | * or EGD | |
408 | */ | |
409 | void | |
410 | seed_rng(void) | |
411 | { | |
412 | char buf[32]; | |
413 | ||
414 | debug("Seeding random number generator"); | |
415 | get_random_bytes(buf, sizeof(buf)); | |
416 | RAND_add(buf, sizeof(buf), sizeof(buf)); | |
417 | memset(buf, '\0', sizeof(buf)); | |
418 | } | |
419 | #else /* defined(EGD_SOCKET) || defined(RANDOM_POOL) */ | |
420 | /* | |
421 | * Conditionally Seed OpenSSL's random number pool syscalls and program output | |
422 | */ | |
423 | void | |
424 | seed_rng(void) | |
425 | { | |
6c081128 | 426 | debug("Seeding random number generator."); |
427 | debug("OpenSSL random status is now %i\n", RAND_status()); | |
428 | debug("%i bytes from system calls", (int)stir_from_system()); | |
429 | debug("%i bytes from programs", (int)stir_from_programs()); | |
430 | debug("OpenSSL random status is now %i\n", RAND_status()); | |
bfc9a610 | 431 | } |
432 | #endif /* defined(EGD_SOCKET) || defined(RANDOM_POOL) */ |