Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / 8686ed75081958714f5d7768b5b0b8bcdd86b0ff^! / . / ssh-rand-helper.c
commit8686ed75081958714f5d7768b5b0b8bcdd86b0ff[log] [tgz]
authorDarren Tucker <dtucker@zip.com.au>Mon Dec 20 12:05:08 2004 +1100
committerDarren Tucker <dtucker@zip.com.au>Mon Dec 20 12:05:08 2004 +1100
tree7bd963a610a10662e80c654e50aa6b8337d12a78
parent442a383418dc3eb1809e66c966933071034d5325 [diff] [blame]
 - (dtucker) [ssh-rand-helper.c] Fall back to command-based seeding if reading
   from prngd is enabled at compile time but fails at run time, eg because
   prngd is not running.  Note that if you have prngd running when OpenSSH is
   built, OpenSSL will consider itself internally seeded and rand-helper won't
   be built at all unless explicitly enabled via --with-rand-helper.  ok djm@

diff --git a/ssh-rand-helper.c b/ssh-rand-helper.c
index 8cad53f..7cd081f 100644
--- a/ssh-rand-helper.c
+++ b/ssh-rand-helper.c

@@ -39,7 +39,7 @@
 #include "pathnames.h"
 #include "log.h"
 
-RCSID("$Id: ssh-rand-helper.c,v 1.19 2004/08/23 11:52:09 djm Exp $");
+RCSID("$Id: ssh-rand-helper.c,v 1.20 2004/12/20 01:05:08 dtucker Exp $");
 
 /* Number of bytes we write out */
 #define OUTPUT_SEED_SIZE	48
@@ -209,6 +209,22 @@
 	return rval;
 }
 
+static int
+seed_from_prngd(unsigned char *buf, size_t bytes)
+{
+#ifdef PRNGD_PORT
+	debug("trying egd/prngd port %d", PRNGD_PORT);
+	if (get_random_bytes_prngd(buf, bytes, PRNGD_PORT, NULL) == 0)
+		return 0;
+#endif
+#ifdef PRNGD_SOCKET
+	debug("trying egd/prngd socket %s", PRNGD_SOCKET);
+	if (get_random_bytes_prngd(buf, bytes, 0, PRNGD_SOCKET) == 0)
+		return 0;
+#endif
+	return -1;
+}
+
 double
 stir_gettimeofday(double entropy_estimate)
 {
@@ -815,21 +831,16 @@
 	debug("Seeded RNG with %i bytes from system calls",
 	    (int)stir_from_system());
 
-#ifdef PRNGD_PORT
-	if (get_random_bytes_prngd(buf, bytes, PRNGD_PORT, NULL) == -1)
-		fatal("Entropy collection failed");
-	RAND_add(buf, bytes, bytes);
-#elif defined(PRNGD_SOCKET)
-	if (get_random_bytes_prngd(buf, bytes, 0, PRNGD_SOCKET) == -1)
-		fatal("Entropy collection failed");
-	RAND_add(buf, bytes, bytes);
-#else
-	/* Read in collection commands */
-	if (prng_read_commands(SSH_PRNG_COMMAND_FILE) == -1)
-		fatal("PRNG initialisation failed -- exiting.");
-	debug("Seeded RNG with %i bytes from programs",
-	    (int)stir_from_programs());
-#endif
+	/* try prngd, fall back to commands if prngd fails or not configured */
+	if (seed_from_prngd(buf, bytes) == 0) {
+		RAND_add(buf, bytes, bytes);
+	} else {
+		/* Read in collection commands */
+		if (prng_read_commands(SSH_PRNG_COMMAND_FILE) == -1)
+			fatal("PRNG initialisation failed -- exiting.");
+		debug("Seeded RNG with %i bytes from programs",
+		    (int)stir_from_programs());
+	}
 
 #ifdef USE_SEED_FILES
 	prng_write_seedfile();