Changeset View
Changeset View
Standalone View
Standalone View
entropy.c
Show All 33 Lines | |||||
# include <sys/un.h> | # include <sys/un.h> | ||||
#endif | #endif | ||||
#include <netinet/in.h> | #include <netinet/in.h> | ||||
#include <arpa/inet.h> | #include <arpa/inet.h> | ||||
#include <errno.h> | #include <errno.h> | ||||
#include <signal.h> | #include <signal.h> | ||||
#include <stdlib.h> | |||||
#include <string.h> | #include <string.h> | ||||
#include <unistd.h> | #include <unistd.h> | ||||
#include <stddef.h> /* for offsetof */ | #include <stddef.h> /* for offsetof */ | ||||
#include <openssl/rand.h> | #include <openssl/rand.h> | ||||
#include <openssl/crypto.h> | #include <openssl/crypto.h> | ||||
#include <openssl/err.h> | #include <openssl/err.h> | ||||
Show All 28 Lines | |||||
get_random_bytes_prngd(unsigned char *buf, int len, | get_random_bytes_prngd(unsigned char *buf, int len, | ||||
unsigned short tcp_port, char *socket_path) | unsigned short tcp_port, char *socket_path) | ||||
{ | { | ||||
int fd, addr_len, rval, errors; | int fd, addr_len, rval, errors; | ||||
u_char msg[2]; | u_char msg[2]; | ||||
struct sockaddr_storage addr; | struct sockaddr_storage addr; | ||||
struct sockaddr_in *addr_in = (struct sockaddr_in *)&addr; | struct sockaddr_in *addr_in = (struct sockaddr_in *)&addr; | ||||
struct sockaddr_un *addr_un = (struct sockaddr_un *)&addr; | struct sockaddr_un *addr_un = (struct sockaddr_un *)&addr; | ||||
mysig_t old_sigpipe; | sshsig_t old_sigpipe; | ||||
/* Sanity checks */ | /* Sanity checks */ | ||||
if (socket_path == NULL && tcp_port == 0) | if (socket_path == NULL && tcp_port == 0) | ||||
fatal("You must specify a port or a socket"); | fatal("You must specify a port or a socket"); | ||||
if (socket_path != NULL && | if (socket_path != NULL && | ||||
strlen(socket_path) >= sizeof(addr_un->sun_path)) | strlen(socket_path) >= sizeof(addr_un->sun_path)) | ||||
fatal("Random pool path is too long"); | fatal("Random pool path is too long"); | ||||
if (len <= 0 || len > 255) | if (len <= 0 || len > 255) | ||||
Show All 9 Lines | get_random_bytes_prngd(unsigned char *buf, int len, | ||||
} else { | } else { | ||||
addr_un->sun_family = AF_UNIX; | addr_un->sun_family = AF_UNIX; | ||||
strlcpy(addr_un->sun_path, socket_path, | strlcpy(addr_un->sun_path, socket_path, | ||||
sizeof(addr_un->sun_path)); | sizeof(addr_un->sun_path)); | ||||
addr_len = offsetof(struct sockaddr_un, sun_path) + | addr_len = offsetof(struct sockaddr_un, sun_path) + | ||||
strlen(socket_path) + 1; | strlen(socket_path) + 1; | ||||
} | } | ||||
old_sigpipe = signal(SIGPIPE, SIG_IGN); | old_sigpipe = ssh_signal(SIGPIPE, SIG_IGN); | ||||
errors = 0; | errors = 0; | ||||
rval = -1; | rval = -1; | ||||
reopen: | reopen: | ||||
fd = socket(addr.ss_family, SOCK_STREAM, 0); | fd = socket(addr.ss_family, SOCK_STREAM, 0); | ||||
if (fd == -1) { | if (fd == -1) { | ||||
error("Couldn't create socket: %s", strerror(errno)); | error("Couldn't create socket: %s", strerror(errno)); | ||||
goto done; | goto done; | ||||
Show All 33 Lines | if (atomicio(read, fd, buf, len) != (size_t)len) { | ||||
} | } | ||||
error("Couldn't read from PRNGD socket: %s", | error("Couldn't read from PRNGD socket: %s", | ||||
strerror(errno)); | strerror(errno)); | ||||
goto done; | goto done; | ||||
} | } | ||||
rval = 0; | rval = 0; | ||||
done: | done: | ||||
signal(SIGPIPE, old_sigpipe); | ssh_signal(SIGPIPE, old_sigpipe); | ||||
if (fd != -1) | if (fd != -1) | ||||
close(fd); | close(fd); | ||||
return rval; | return rval; | ||||
} | } | ||||
static int | static int | ||||
seed_from_prngd(unsigned char *buf, size_t bytes) | seed_from_prngd(unsigned char *buf, size_t bytes) | ||||
{ | { | ||||
Show All 25 Lines | rexec_send_rng_seed(struct sshbuf *m) | ||||
if ((r = sshbuf_put_string(m, buf, len)) != 0) | if ((r = sshbuf_put_string(m, buf, len)) != 0) | ||||
fatal("%s: buffer error: %s", __func__, ssh_err(r)); | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | ||||
explicit_bzero(buf, sizeof(buf)); | explicit_bzero(buf, sizeof(buf)); | ||||
} | } | ||||
void | void | ||||
rexec_recv_rng_seed(struct sshbuf *m) | rexec_recv_rng_seed(struct sshbuf *m) | ||||
{ | { | ||||
u_char *buf = NULL; | const u_char *buf = NULL; | ||||
size_t len = 0; | size_t len = 0; | ||||
int r; | int r; | ||||
if ((r = sshbuf_get_string_direct(m, &buf, &len)) != 0 | if ((r = sshbuf_get_string_direct(m, &buf, &len)) != 0) | ||||
fatal("%s: buffer error: %s", __func__, ssh_err(r)); | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | ||||
debug3("rexec_recv_rng_seed: seeding rng with %u bytes", len); | debug3("rexec_recv_rng_seed: seeding rng with %lu bytes", | ||||
(unsigned long)len); | |||||
RAND_add(buf, len, len); | RAND_add(buf, len, len); | ||||
} | } | ||||
#endif /* OPENSSL_PRNG_ONLY */ | #endif /* OPENSSL_PRNG_ONLY */ | ||||
void | void | ||||
seed_rng(void) | seed_rng(void) | ||||
{ | { | ||||
unsigned char buf[RANDOM_SEED_SIZE]; | unsigned char buf[RANDOM_SEED_SIZE]; | ||||
Show All 22 Lines | #endif /* OPENSSL_PRNG_ONLY */ | ||||
/* Ensure arc4random() is primed */ | /* Ensure arc4random() is primed */ | ||||
arc4random_buf(buf, sizeof(buf)); | arc4random_buf(buf, sizeof(buf)); | ||||
explicit_bzero(buf, sizeof(buf)); | explicit_bzero(buf, sizeof(buf)); | ||||
} | } | ||||
#else /* WITH_OPENSSL */ | #else /* WITH_OPENSSL */ | ||||
/* Acutal initialisation is handled in arc4random() */ | #include <stdlib.h> | ||||
#include <string.h> | |||||
/* Actual initialisation is handled in arc4random() */ | |||||
void | void | ||||
seed_rng(void) | seed_rng(void) | ||||
{ | { | ||||
unsigned char buf[RANDOM_SEED_SIZE]; | unsigned char buf[RANDOM_SEED_SIZE]; | ||||
/* Ensure arc4random() is primed */ | /* Ensure arc4random() is primed */ | ||||
arc4random_buf(buf, sizeof(buf)); | arc4random_buf(buf, sizeof(buf)); | ||||
explicit_bzero(buf, sizeof(buf)); | explicit_bzero(buf, sizeof(buf)); | ||||
} | } | ||||
#endif /* WITH_OPENSSL */ | #endif /* WITH_OPENSSL */ |