# define SSH_PRNG_COMMAND_FILE SSHDIR "/ssh_prng_cmds"
#endif
-
#ifdef HAVE___PROGNAME
extern char *__progname;
#else
double stir_gettimeofday(double entropy_estimate);
double stir_clock(double entropy_estimate);
double stir_rusage(int who, double entropy_estimate);
-double hash_command_output(entropy_cmd_t *src, char *hash);
+double hash_command_output(entropy_cmd_t *src, unsigned char *hash);
int get_random_bytes_prngd(unsigned char *buf, int len,
unsigned short tcp_port, char *socket_path);
msg[0] = 0x02;
msg[1] = len;
- if (atomicio(write, fd, msg, sizeof(msg)) != sizeof(msg)) {
+ if (atomicio(vwrite, fd, msg, sizeof(msg)) != sizeof(msg)) {
if (errno == EPIPE && errors < 10) {
close(fd);
errors++;
}
double
-hash_command_output(entropy_cmd_t *src, char *hash)
+hash_command_output(entropy_cmd_t *src, unsigned char *hash)
{
char buf[8192];
fd_set rdset;
case 0:
/* timer expired */
error_abort = 1;
+ kill(pid, SIGINT);
break;
case 1:
/* command input */
if (waitpid(pid, &status, 0) == -1) {
error("Couldn't wait for child '%s' completion: %s",
- src->cmdstring, strerror(errno));
+ src->cmdstring, strerror(errno));
return 0.0;
}
{
int c;
double entropy, total_entropy;
- char hash[SHA_DIGEST_LENGTH];
+ unsigned char hash[SHA_DIGEST_LENGTH];
total_entropy = 0;
for(c = 0; entropy_cmds[c].path != NULL; c++) {
/* mode 0600, owned by root or the current user? */
if (((st.st_mode & 0177) != 0) || !(st.st_uid == getuid())) {
debug("WARNING: PRNG seedfile %.100s must be mode 0600, "
- "owned by uid %d", filename, getuid());
+ "owned by uid %li", filename, (long int)getuid());
return 0;
}
prng_write_seedfile(void)
{
int fd;
- char seed[SEED_FILE_SIZE], filename[MAXPATHLEN];
+ unsigned char seed[SEED_FILE_SIZE];
+ char filename[MAXPATHLEN];
struct passwd *pw;
pw = getpwuid(getuid());
if (pw == NULL)
fatal("Couldn't get password entry for current user "
- "(%i): %s", getuid(), strerror(errno));
+ "(%li): %s", (long int)getuid(), strerror(errno));
/* Try to ensure that the parent directory is there */
snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir,
debug("writing PRNG seed to file %.100s", filename);
- RAND_bytes(seed, sizeof(seed));
+ if (RAND_bytes(seed, sizeof(seed)) <= 0)
+ fatal("PRNG seed extration failed");
/* Don't care if the seed doesn't exist */
prng_check_seedfile(filename);
debug("WARNING: couldn't access PRNG seedfile %.100s "
"(%.100s)", filename, strerror(errno));
} else {
- if (atomicio(write, fd, &seed, sizeof(seed)) < sizeof(seed))
+ if (atomicio(vwrite, fd, &seed, sizeof(seed)) < sizeof(seed))
fatal("problem writing PRNG seedfile %.100s "
"(%.100s)", filename, strerror(errno));
close(fd);
pw = getpwuid(getuid());
if (pw == NULL)
fatal("Couldn't get password entry for current user "
- "(%i): %s", getuid(), strerror(errno));
+ "(%li): %s", (long int)getuid(), strerror(errno));
snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir,
SSH_PRNG_SEED_FILE);
return cur_cmd < MIN_ENTROPY_SOURCES ? -1 : 0;
}
+void
+usage(void)
+{
+ fprintf(stderr, "Usage: %s [options]\n", __progname);
+ fprintf(stderr, " -v Verbose; display verbose debugging messages.\n");
+ fprintf(stderr, " Multiple -v increases verbosity.\n");
+ fprintf(stderr, " -x Force output in hexidecimal (for debugging)\n");
+ fprintf(stderr, " -X Force output in binary\n");
+ fprintf(stderr, " -b bytes Number of bytes to output (default %d)\n",
+ OUTPUT_SEED_SIZE);
+}
+
int
main(int argc, char **argv)
{
- unsigned char buf[OUTPUT_SEED_SIZE];
- int ret;
+ unsigned char *buf;
+ int ret, ch, debug_level, output_hex, bytes;
+ extern char *optarg;
+ LogLevel ll;
- __progname = get_progname(argv[0]);
- /* XXX: need some debugging mode */
+ __progname = ssh_get_progname(argv[0]);
log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);
+ ll = SYSLOG_LEVEL_INFO;
+ debug_level = output_hex = 0;
+ bytes = OUTPUT_SEED_SIZE;
+
+ /* Don't write binary data to a tty, unless we are forced to */
+ if (isatty(STDOUT_FILENO))
+ output_hex = 1;
+
+ while ((ch = getopt(argc, argv, "vxXhb:")) != -1) {
+ switch (ch) {
+ case 'v':
+ if (debug_level < 3)
+ ll = SYSLOG_LEVEL_DEBUG1 + debug_level++;
+ break;
+ case 'x':
+ output_hex = 1;
+ break;
+ case 'X':
+ output_hex = 0;
+ break;
+ case 'b':
+ if ((bytes = atoi(optarg)) <= 0)
+ fatal("Invalid number of output bytes");
+ break;
+ case 'h':
+ usage();
+ exit(0);
+ default:
+ error("Invalid commandline option");
+ usage();
+ }
+ }
+
+ log_init(argv[0], ll, SYSLOG_FACILITY_USER, 1);
+
#ifdef USE_SEED_FILES
prng_read_seedfile();
#endif
+ buf = xmalloc(bytes);
+
/*
* Seed the RNG from wherever we can
*/
/* Take whatever is on the stack, but don't credit it */
- RAND_add(buf, sizeof(buf), 0);
+ RAND_add(buf, bytes, 0);
debug("Seeded RNG with %i bytes from system calls",
(int)stir_from_system());
#ifdef PRNGD_PORT
- if (get_random_bytes_prngd(buf, sizeof(buf), PRNGD_PORT, NULL) == -1)
+ if (get_random_bytes_prngd(buf, bytes, PRNGD_PORT, NULL) == -1)
fatal("Entropy collection failed");
- RAND_add(buf, sizeof(buf), sizeof(buf));
+ RAND_add(buf, bytes, bytes);
#elif defined(PRNGD_SOCKET)
- if (get_random_bytes_prngd(buf, sizeof(buf), 0, PRNGD_SOCKET) == -1)
+ if (get_random_bytes_prngd(buf, bytes, 0, PRNGD_SOCKET) == -1)
fatal("Entropy collection failed");
- RAND_add(buf, sizeof(buf), sizeof(buf));
+ RAND_add(buf, bytes, bytes);
#else
/* Read in collection commands */
if (prng_read_commands(SSH_PRNG_COMMAND_FILE) == -1)
if (!RAND_status())
fatal("Not enough entropy in RNG");
- RAND_bytes(buf, sizeof(buf));
+ if (RAND_bytes(buf, bytes) <= 0)
+ fatal("Couldn't extract entropy from PRNG");
- ret = atomicio(write, STDOUT_FILENO, buf, sizeof(buf));
+ if (output_hex) {
+ for(ret = 0; ret < bytes; ret++)
+ printf("%02x", (unsigned char)(buf[ret]));
+ printf("\n");
+ } else
+ ret = atomicio(vwrite, STDOUT_FILENO, buf, bytes);
- memset(buf, '\0', sizeof(buf));
+ memset(buf, '\0', bytes);
+ xfree(buf);
- return ret == sizeof(buf) ? 0 : 1;
+ return ret == bytes ? 0 : 1;
}
-