- (djm) Seed PRNG at startup, rather than waiting for arc4random calls to
do it implicitly.
diff --git a/ChangeLog b/ChangeLog
index cddb4b3..7d344e6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+20010319
+ - (djm) Seed PRNG at startup, rather than waiting for arc4random calls to
+ do it implicitly.
+
20010318
- (bal) Fixed scp type casing issue which causes "scp: protocol error:
size not delimited" fatal errors when tranfering.
@@ -4596,4 +4600,4 @@
- Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1
-$Id: ChangeLog,v 1.971 2001/03/18 02:43:16 tim Exp $
+$Id: ChangeLog,v 1.972 2001/03/18 22:38:15 djm Exp $
diff --git a/entropy.c b/entropy.c
index 665f773..8bd540d 100644
--- a/entropy.c
+++ b/entropy.c
@@ -40,7 +40,7 @@
#include "pathnames.h"
#include "log.h"
-RCSID("$Id: entropy.c,v 1.35 2001/03/03 13:29:21 djm Exp $");
+RCSID("$Id: entropy.c,v 1.36 2001/03/18 22:38:16 djm Exp $");
#ifndef offsetof
# define offsetof(type, member) ((size_t) &((type *)0)->member)
@@ -68,7 +68,8 @@
# define SAVED_IDS_WORK_WITH_SETEUID
#endif
-void check_openssl_version(void)
+void
+check_openssl_version(void)
{
if (SSLeay() != OPENSSL_VERSION_NUMBER)
fatal("OpenSSL version mismatch. Built against %lx, you "
@@ -83,7 +84,8 @@
#ifdef USE_PRNGD
/* Collect entropy from PRNGD/EGD */
-int get_random_bytes(unsigned char *buf, int len)
+int
+get_random_bytes(unsigned char *buf, int len)
{
int fd;
char msg[2];
@@ -180,7 +182,8 @@
#else /* !USE_PRNGD */
#ifdef RANDOM_POOL
/* Collect entropy from /dev/urandom or pipe */
-int get_random_bytes(unsigned char *buf, int len)
+int
+get_random_bytes(unsigned char *buf, int len)
{
int random_pool;
@@ -226,7 +229,8 @@
memset(buf, '\0', sizeof(buf));
}
-void init_rng(void)
+void
+init_rng(void)
{
check_openssl_version();
}
@@ -403,8 +407,7 @@
}
-static
-int
+static int
_get_timeval_msec_difference(struct timeval *t1, struct timeval *t2) {
int secdiff, usecdiff;
@@ -842,8 +845,10 @@
/* commands */
old_sigchld_handler = mysignal(SIGCHLD, SIG_DFL);
- debug("Seeded RNG with %i bytes from programs", (int)stir_from_programs());
- debug("Seeded RNG with %i bytes from system calls", (int)stir_from_system());
+ debug("Seeded RNG with %i bytes from programs",
+ (int)stir_from_programs());
+ debug("Seeded RNG with %i bytes from system calls",
+ (int)stir_from_system());
if (!RAND_status())
fatal("Not enough entropy in RNG");
@@ -854,7 +859,8 @@
fatal("Couldn't initialise builtin random number generator -- exiting.");
}
-void init_rng(void)
+void
+init_rng(void)
{
int original_euid;
diff --git a/openbsd-compat/bsd-arc4random.c b/openbsd-compat/bsd-arc4random.c
index 87c7da5..2f31307 100644
--- a/openbsd-compat/bsd-arc4random.c
+++ b/openbsd-compat/bsd-arc4random.c
@@ -24,7 +24,7 @@
#include "includes.h"
-RCSID("$Id: bsd-arc4random.c,v 1.2 2001/02/09 01:55:36 djm Exp $");
+RCSID("$Id: bsd-arc4random.c,v 1.3 2001/03/18 22:38:16 djm Exp $");
#ifndef HAVE_ARC4RANDOM
@@ -43,10 +43,15 @@
unsigned int arc4random(void)
{
unsigned int r = 0;
+ static int first_time = 1;
- if (rc4_ready <= 0)
+ if (rc4_ready <= 0) {
+ if (!first_time)
+ seed_rng();
+ first_time = 0;
arc4random_stir();
-
+ }
+
RC4(&rc4, sizeof(r), (unsigned char *)&r, (unsigned char *)&r);
rc4_ready -= sizeof(r);
@@ -57,17 +62,14 @@
void arc4random_stir(void)
{
unsigned char rand_buf[SEED_SIZE];
-
+
memset(&rc4, 0, sizeof(rc4));
-
- seed_rng();
-
- RAND_bytes(rand_buf, sizeof(rand_buf));
-
+ if (!RAND_bytes(rand_buf, sizeof(rand_buf)))
+ fatal("Couldn't obtain random bytes (error %ld)",
+ ERR_get_error());
RC4_set_key(&rc4, sizeof(rand_buf), rand_buf);
-
memset(rand_buf, 0, sizeof(rand_buf));
-
+
rc4_ready = REKEY_BYTES;
}
#endif /* !HAVE_ARC4RANDOM */
diff --git a/ssh-agent.c b/ssh-agent.c
index 5a774d5..8c4b539 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -740,6 +740,7 @@
__progname = get_progname(av[0]);
init_rng();
+ seed_rng();
#ifdef __GNU_LIBRARY__
while ((ch = getopt(ac, av, "+cks")) != -1) {
diff --git a/ssh-keygen.c b/ssh-keygen.c
index b9ea017..086b8ad 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -639,6 +639,7 @@
__progname = get_progname(av[0]);
init_rng();
+ seed_rng();
SSLeay_add_all_algorithms();
diff --git a/ssh.c b/ssh.c
index 74a2b75..c47d3dc 100644
--- a/ssh.c
+++ b/ssh.c
@@ -576,6 +576,8 @@
/* reinit */
log_init(av[0], options.log_level, SYSLOG_FACILITY_USER, 1);
+ seed_rng();
+
if (options.user == NULL)
options.user = xstrdup(pw->pw_name);
diff --git a/sshd.c b/sshd.c
index 2d6cbd0..0a1048c 100644
--- a/sshd.c
+++ b/sshd.c
@@ -687,6 +687,8 @@
options.log_facility == -1 ? SYSLOG_FACILITY_AUTH : options.log_facility,
!inetd_flag);
+ seed_rng();
+
/* Read server configuration options from the configuration file. */
read_server_config(&options, config_file_name);