Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 1 | /* |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 2 | * Copyright (c) 2001-2002 Damien Miller. All rights reserved. |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 3 | * |
| 4 | * Redistribution and use in source and binary forms, with or without |
| 5 | * modification, are permitted provided that the following conditions |
| 6 | * are met: |
| 7 | * 1. Redistributions of source code must retain the above copyright |
| 8 | * notice, this list of conditions and the following disclaimer. |
| 9 | * 2. Redistributions in binary form must reproduce the above copyright |
| 10 | * notice, this list of conditions and the following disclaimer in the |
| 11 | * documentation and/or other materials provided with the distribution. |
| 12 | * |
| 13 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
| 14 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
| 15 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
| 16 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
| 17 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
| 18 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
| 19 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
| 20 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| 21 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 23 | */ |
| 24 | |
| 25 | #include "includes.h" |
| 26 | |
Damien Miller | 3717cda | 2006-03-15 14:02:36 +1100 | [diff] [blame] | 27 | #include <sys/types.h> |
| 28 | #include <sys/resource.h> |
| 29 | #include <sys/stat.h> |
| 30 | #include <sys/wait.h> |
Damien Miller | 8ec8c3e | 2006-07-10 20:35:38 +1000 | [diff] [blame^] | 31 | #include <sys/socket.h> |
| 32 | |
| 33 | #include <netinet/in.h> |
Damien Miller | 3717cda | 2006-03-15 14:02:36 +1100 | [diff] [blame] | 34 | |
| 35 | #ifdef HAVE_SYS_UN_H |
| 36 | # include <sys/un.h> |
| 37 | #endif |
| 38 | |
| 39 | #include <signal.h> |
| 40 | |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 41 | #include <openssl/rand.h> |
| 42 | #include <openssl/sha.h> |
| 43 | #include <openssl/crypto.h> |
| 44 | |
| 45 | /* SunOS 4.4.4 needs this */ |
| 46 | #ifdef HAVE_FLOATINGPOINT_H |
| 47 | # include <floatingpoint.h> |
| 48 | #endif /* HAVE_FLOATINGPOINT_H */ |
| 49 | |
| 50 | #include "misc.h" |
| 51 | #include "xmalloc.h" |
| 52 | #include "atomicio.h" |
| 53 | #include "pathnames.h" |
| 54 | #include "log.h" |
| 55 | |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 56 | /* Number of bytes we write out */ |
| 57 | #define OUTPUT_SEED_SIZE 48 |
| 58 | |
| 59 | /* Length of on-disk seedfiles */ |
| 60 | #define SEED_FILE_SIZE 1024 |
| 61 | |
| 62 | /* Maximum number of command-line arguments to read from file */ |
| 63 | #define NUM_ARGS 10 |
| 64 | |
| 65 | /* Minimum number of usable commands to be considered sufficient */ |
| 66 | #define MIN_ENTROPY_SOURCES 16 |
| 67 | |
| 68 | /* Path to on-disk seed file (relative to user's home directory */ |
| 69 | #ifndef SSH_PRNG_SEED_FILE |
| 70 | # define SSH_PRNG_SEED_FILE _PATH_SSH_USER_DIR"/prng_seed" |
| 71 | #endif |
| 72 | |
| 73 | /* Path to PRNG commands list */ |
| 74 | #ifndef SSH_PRNG_COMMAND_FILE |
Damien Miller | 05eda43 | 2002-02-10 18:32:28 +1100 | [diff] [blame] | 75 | # define SSH_PRNG_COMMAND_FILE SSHDIR "/ssh_prng_cmds" |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 76 | #endif |
| 77 | |
Kevin Steves | 9443508 | 2001-12-25 04:32:58 +0000 | [diff] [blame] | 78 | extern char *__progname; |
Kevin Steves | 9443508 | 2001-12-25 04:32:58 +0000 | [diff] [blame] | 79 | |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 80 | #define WHITESPACE " \t\n" |
| 81 | |
| 82 | #ifndef RUSAGE_SELF |
| 83 | # define RUSAGE_SELF 0 |
| 84 | #endif |
| 85 | #ifndef RUSAGE_CHILDREN |
| 86 | # define RUSAGE_CHILDREN 0 |
| 87 | #endif |
| 88 | |
Damien Miller | c46cc54 | 2002-01-22 21:58:27 +1100 | [diff] [blame] | 89 | #if !defined(PRNGD_SOCKET) && !defined(PRNGD_PORT) |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 90 | # define USE_SEED_FILES |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 91 | #endif |
| 92 | |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 93 | typedef struct { |
| 94 | /* Proportion of data that is entropy */ |
| 95 | double rate; |
| 96 | /* Counter goes positive if this command times out */ |
| 97 | unsigned int badness; |
| 98 | /* Increases by factor of two each timeout */ |
| 99 | unsigned int sticky_badness; |
| 100 | /* Path to executable */ |
| 101 | char *path; |
| 102 | /* argv to pass to executable */ |
| 103 | char *args[NUM_ARGS]; /* XXX: arbitrary limit */ |
| 104 | /* full command string (debug) */ |
| 105 | char *cmdstring; |
| 106 | } entropy_cmd_t; |
| 107 | |
| 108 | /* slow command timeouts (all in milliseconds) */ |
| 109 | /* static int entropy_timeout_default = ENTROPY_TIMEOUT_MSEC; */ |
| 110 | static int entropy_timeout_current = ENTROPY_TIMEOUT_MSEC; |
| 111 | |
| 112 | /* this is initialised from a file, by prng_read_commands() */ |
| 113 | static entropy_cmd_t *entropy_cmds = NULL; |
| 114 | |
| 115 | /* Prototypes */ |
| 116 | double stir_from_system(void); |
| 117 | double stir_from_programs(void); |
| 118 | double stir_gettimeofday(double entropy_estimate); |
| 119 | double stir_clock(double entropy_estimate); |
| 120 | double stir_rusage(int who, double entropy_estimate); |
Kevin Steves | 4bdb547 | 2002-07-28 20:42:23 +0000 | [diff] [blame] | 121 | double hash_command_output(entropy_cmd_t *src, unsigned char *hash); |
Damien Miller | a8e06ce | 2003-11-21 23:48:55 +1100 | [diff] [blame] | 122 | int get_random_bytes_prngd(unsigned char *buf, int len, |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 123 | unsigned short tcp_port, char *socket_path); |
| 124 | |
| 125 | /* |
| 126 | * Collect 'len' bytes of entropy into 'buf' from PRNGD/EGD daemon |
| 127 | * listening either on 'tcp_port', or via Unix domain socket at * |
| 128 | * 'socket_path'. |
Damien Miller | a8e06ce | 2003-11-21 23:48:55 +1100 | [diff] [blame] | 129 | * Either a non-zero tcp_port or a non-null socket_path must be |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 130 | * supplied. |
| 131 | * Returns 0 on success, -1 on error |
| 132 | */ |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 133 | int |
Damien Miller | a8e06ce | 2003-11-21 23:48:55 +1100 | [diff] [blame] | 134 | get_random_bytes_prngd(unsigned char *buf, int len, |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 135 | unsigned short tcp_port, char *socket_path) |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 136 | { |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 137 | int fd, addr_len, rval, errors; |
Damien Miller | 52c8afe | 2005-06-19 10:19:43 +1000 | [diff] [blame] | 138 | u_char msg[2]; |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 139 | struct sockaddr_storage addr; |
| 140 | struct sockaddr_in *addr_in = (struct sockaddr_in *)&addr; |
| 141 | struct sockaddr_un *addr_un = (struct sockaddr_un *)&addr; |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 142 | mysig_t old_sigpipe; |
| 143 | |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 144 | /* Sanity checks */ |
| 145 | if (socket_path == NULL && tcp_port == 0) |
| 146 | fatal("You must specify a port or a socket"); |
| 147 | if (socket_path != NULL && |
| 148 | strlen(socket_path) >= sizeof(addr_un->sun_path)) |
| 149 | fatal("Random pool path is too long"); |
Damien Miller | 52c8afe | 2005-06-19 10:19:43 +1000 | [diff] [blame] | 150 | if (len <= 0 || len > 255) |
| 151 | fatal("Too many bytes (%d) to read from PRNGD", len); |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 152 | |
| 153 | memset(&addr, '\0', sizeof(addr)); |
| 154 | |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 155 | if (tcp_port != 0) { |
| 156 | addr_in->sin_family = AF_INET; |
| 157 | addr_in->sin_addr.s_addr = htonl(INADDR_LOOPBACK); |
| 158 | addr_in->sin_port = htons(tcp_port); |
| 159 | addr_len = sizeof(*addr_in); |
| 160 | } else { |
| 161 | addr_un->sun_family = AF_UNIX; |
| 162 | strlcpy(addr_un->sun_path, socket_path, |
| 163 | sizeof(addr_un->sun_path)); |
| 164 | addr_len = offsetof(struct sockaddr_un, sun_path) + |
| 165 | strlen(socket_path) + 1; |
| 166 | } |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 167 | |
| 168 | old_sigpipe = mysignal(SIGPIPE, SIG_IGN); |
| 169 | |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 170 | errors = 0; |
| 171 | rval = -1; |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 172 | reopen: |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 173 | fd = socket(addr.ss_family, SOCK_STREAM, 0); |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 174 | if (fd == -1) { |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 175 | error("Couldn't create socket: %s", strerror(errno)); |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 176 | goto done; |
| 177 | } |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 178 | |
| 179 | if (connect(fd, (struct sockaddr*)&addr, addr_len) == -1) { |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 180 | if (tcp_port != 0) { |
| 181 | error("Couldn't connect to PRNGD port %d: %s", |
| 182 | tcp_port, strerror(errno)); |
| 183 | } else { |
| 184 | error("Couldn't connect to PRNGD socket \"%s\": %s", |
| 185 | addr_un->sun_path, strerror(errno)); |
| 186 | } |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 187 | goto done; |
| 188 | } |
| 189 | |
| 190 | /* Send blocking read request to PRNGD */ |
| 191 | msg[0] = 0x02; |
| 192 | msg[1] = len; |
| 193 | |
Darren Tucker | 8661b56 | 2003-07-06 15:20:46 +1000 | [diff] [blame] | 194 | if (atomicio(vwrite, fd, msg, sizeof(msg)) != sizeof(msg)) { |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 195 | if (errno == EPIPE && errors < 10) { |
| 196 | close(fd); |
| 197 | errors++; |
| 198 | goto reopen; |
| 199 | } |
| 200 | error("Couldn't write to PRNGD socket: %s", |
| 201 | strerror(errno)); |
| 202 | goto done; |
| 203 | } |
| 204 | |
Damien Miller | 52c8afe | 2005-06-19 10:19:43 +1000 | [diff] [blame] | 205 | if (atomicio(read, fd, buf, len) != (size_t)len) { |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 206 | if (errno == EPIPE && errors < 10) { |
| 207 | close(fd); |
| 208 | errors++; |
| 209 | goto reopen; |
| 210 | } |
| 211 | error("Couldn't read from PRNGD socket: %s", |
| 212 | strerror(errno)); |
| 213 | goto done; |
| 214 | } |
| 215 | |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 216 | rval = 0; |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 217 | done: |
| 218 | mysignal(SIGPIPE, old_sigpipe); |
| 219 | if (fd != -1) |
| 220 | close(fd); |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 221 | return rval; |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 222 | } |
| 223 | |
Darren Tucker | 8686ed7 | 2004-12-20 12:05:08 +1100 | [diff] [blame] | 224 | static int |
| 225 | seed_from_prngd(unsigned char *buf, size_t bytes) |
| 226 | { |
| 227 | #ifdef PRNGD_PORT |
| 228 | debug("trying egd/prngd port %d", PRNGD_PORT); |
| 229 | if (get_random_bytes_prngd(buf, bytes, PRNGD_PORT, NULL) == 0) |
| 230 | return 0; |
| 231 | #endif |
| 232 | #ifdef PRNGD_SOCKET |
| 233 | debug("trying egd/prngd socket %s", PRNGD_SOCKET); |
| 234 | if (get_random_bytes_prngd(buf, bytes, 0, PRNGD_SOCKET) == 0) |
| 235 | return 0; |
| 236 | #endif |
| 237 | return -1; |
| 238 | } |
| 239 | |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 240 | double |
| 241 | stir_gettimeofday(double entropy_estimate) |
| 242 | { |
| 243 | struct timeval tv; |
| 244 | |
| 245 | if (gettimeofday(&tv, NULL) == -1) |
| 246 | fatal("Couldn't gettimeofday: %s", strerror(errno)); |
| 247 | |
| 248 | RAND_add(&tv, sizeof(tv), entropy_estimate); |
| 249 | |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 250 | return entropy_estimate; |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 251 | } |
| 252 | |
| 253 | double |
| 254 | stir_clock(double entropy_estimate) |
| 255 | { |
| 256 | #ifdef HAVE_CLOCK |
| 257 | clock_t c; |
| 258 | |
| 259 | c = clock(); |
| 260 | RAND_add(&c, sizeof(c), entropy_estimate); |
| 261 | |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 262 | return entropy_estimate; |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 263 | #else /* _HAVE_CLOCK */ |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 264 | return 0; |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 265 | #endif /* _HAVE_CLOCK */ |
| 266 | } |
| 267 | |
| 268 | double |
| 269 | stir_rusage(int who, double entropy_estimate) |
| 270 | { |
| 271 | #ifdef HAVE_GETRUSAGE |
| 272 | struct rusage ru; |
| 273 | |
| 274 | if (getrusage(who, &ru) == -1) |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 275 | return 0; |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 276 | |
| 277 | RAND_add(&ru, sizeof(ru), entropy_estimate); |
| 278 | |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 279 | return entropy_estimate; |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 280 | #else /* _HAVE_GETRUSAGE */ |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 281 | return 0; |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 282 | #endif /* _HAVE_GETRUSAGE */ |
| 283 | } |
| 284 | |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 285 | static int |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 286 | timeval_diff(struct timeval *t1, struct timeval *t2) |
| 287 | { |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 288 | int secdiff, usecdiff; |
| 289 | |
| 290 | secdiff = t2->tv_sec - t1->tv_sec; |
| 291 | usecdiff = (secdiff*1000000) + (t2->tv_usec - t1->tv_usec); |
| 292 | return (int)(usecdiff / 1000); |
| 293 | } |
| 294 | |
| 295 | double |
Kevin Steves | 4bdb547 | 2002-07-28 20:42:23 +0000 | [diff] [blame] | 296 | hash_command_output(entropy_cmd_t *src, unsigned char *hash) |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 297 | { |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 298 | char buf[8192]; |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 299 | fd_set rdset; |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 300 | int bytes_read, cmd_eof, error_abort, msec_elapsed, p[2]; |
| 301 | int status, total_bytes_read; |
| 302 | static int devnull = -1; |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 303 | pid_t pid; |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 304 | SHA_CTX sha; |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 305 | struct timeval tv_start, tv_current; |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 306 | |
| 307 | debug3("Reading output from \'%s\'", src->cmdstring); |
| 308 | |
| 309 | if (devnull == -1) { |
| 310 | devnull = open("/dev/null", O_RDWR); |
| 311 | if (devnull == -1) |
Damien Miller | a8e06ce | 2003-11-21 23:48:55 +1100 | [diff] [blame] | 312 | fatal("Couldn't open /dev/null: %s", |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 313 | strerror(errno)); |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 314 | } |
| 315 | |
| 316 | if (pipe(p) == -1) |
| 317 | fatal("Couldn't open pipe: %s", strerror(errno)); |
| 318 | |
| 319 | (void)gettimeofday(&tv_start, NULL); /* record start time */ |
| 320 | |
| 321 | switch (pid = fork()) { |
| 322 | case -1: /* Error */ |
| 323 | close(p[0]); |
| 324 | close(p[1]); |
| 325 | fatal("Couldn't fork: %s", strerror(errno)); |
| 326 | /* NOTREACHED */ |
| 327 | case 0: /* Child */ |
| 328 | dup2(devnull, STDIN_FILENO); |
| 329 | dup2(p[1], STDOUT_FILENO); |
| 330 | dup2(p[1], STDERR_FILENO); |
| 331 | close(p[0]); |
| 332 | close(p[1]); |
| 333 | close(devnull); |
| 334 | |
| 335 | execv(src->path, (char**)(src->args)); |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 336 | |
Damien Miller | a8e06ce | 2003-11-21 23:48:55 +1100 | [diff] [blame] | 337 | debug("(child) Couldn't exec '%s': %s", |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 338 | src->cmdstring, strerror(errno)); |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 339 | _exit(-1); |
| 340 | default: /* Parent */ |
| 341 | break; |
| 342 | } |
| 343 | |
| 344 | RAND_add(&pid, sizeof(&pid), 0.0); |
| 345 | |
| 346 | close(p[1]); |
| 347 | |
| 348 | /* Hash output from child */ |
| 349 | SHA1_Init(&sha); |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 350 | |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 351 | cmd_eof = error_abort = msec_elapsed = total_bytes_read = 0; |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 352 | while (!error_abort && !cmd_eof) { |
| 353 | int ret; |
| 354 | struct timeval tv; |
| 355 | int msec_remaining; |
| 356 | |
| 357 | (void) gettimeofday(&tv_current, 0); |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 358 | msec_elapsed = timeval_diff(&tv_start, &tv_current); |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 359 | if (msec_elapsed >= entropy_timeout_current) { |
| 360 | error_abort=1; |
| 361 | continue; |
| 362 | } |
| 363 | msec_remaining = entropy_timeout_current - msec_elapsed; |
| 364 | |
| 365 | FD_ZERO(&rdset); |
| 366 | FD_SET(p[0], &rdset); |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 367 | tv.tv_sec = msec_remaining / 1000; |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 368 | tv.tv_usec = (msec_remaining % 1000) * 1000; |
| 369 | |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 370 | ret = select(p[0] + 1, &rdset, NULL, NULL, &tv); |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 371 | |
| 372 | RAND_add(&tv, sizeof(tv), 0.0); |
| 373 | |
| 374 | switch (ret) { |
| 375 | case 0: |
| 376 | /* timer expired */ |
| 377 | error_abort = 1; |
Damien Miller | 5a5da88 | 2002-10-21 10:13:35 +1000 | [diff] [blame] | 378 | kill(pid, SIGINT); |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 379 | break; |
| 380 | case 1: |
| 381 | /* command input */ |
| 382 | do { |
| 383 | bytes_read = read(p[0], buf, sizeof(buf)); |
| 384 | } while (bytes_read == -1 && errno == EINTR); |
| 385 | RAND_add(&bytes_read, sizeof(&bytes_read), 0.0); |
| 386 | if (bytes_read == -1) { |
| 387 | error_abort = 1; |
| 388 | break; |
| 389 | } else if (bytes_read) { |
| 390 | SHA1_Update(&sha, buf, bytes_read); |
| 391 | total_bytes_read += bytes_read; |
| 392 | } else { |
| 393 | cmd_eof = 1; |
| 394 | } |
| 395 | break; |
| 396 | case -1: |
| 397 | default: |
| 398 | /* error */ |
Damien Miller | a8e06ce | 2003-11-21 23:48:55 +1100 | [diff] [blame] | 399 | debug("Command '%s': select() failed: %s", |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 400 | src->cmdstring, strerror(errno)); |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 401 | error_abort = 1; |
| 402 | break; |
| 403 | } |
| 404 | } |
| 405 | |
| 406 | SHA1_Final(hash, &sha); |
| 407 | |
| 408 | close(p[0]); |
| 409 | |
| 410 | debug3("Time elapsed: %d msec", msec_elapsed); |
| 411 | |
| 412 | if (waitpid(pid, &status, 0) == -1) { |
Damien Miller | b6f72f5 | 2005-07-17 17:26:43 +1000 | [diff] [blame] | 413 | error("Couldn't wait for child '%s' completion: %s", |
| 414 | src->cmdstring, strerror(errno)); |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 415 | return 0.0; |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 416 | } |
| 417 | |
| 418 | RAND_add(&status, sizeof(&status), 0.0); |
| 419 | |
| 420 | if (error_abort) { |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 421 | /* |
| 422 | * Closing p[0] on timeout causes the entropy command to |
Damien Miller | a8e06ce | 2003-11-21 23:48:55 +1100 | [diff] [blame] | 423 | * SIGPIPE. Take whatever output we got, and mark this |
| 424 | * command as slow |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 425 | */ |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 426 | debug2("Command '%s' timed out", src->cmdstring); |
| 427 | src->sticky_badness *= 2; |
| 428 | src->badness = src->sticky_badness; |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 429 | return total_bytes_read; |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 430 | } |
| 431 | |
| 432 | if (WIFEXITED(status)) { |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 433 | if (WEXITSTATUS(status) == 0) { |
| 434 | return total_bytes_read; |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 435 | } else { |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 436 | debug2("Command '%s' exit status was %d", |
| 437 | src->cmdstring, WEXITSTATUS(status)); |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 438 | src->badness = src->sticky_badness = 128; |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 439 | return 0.0; |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 440 | } |
| 441 | } else if (WIFSIGNALED(status)) { |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 442 | debug2("Command '%s' returned on uncaught signal %d !", |
| 443 | src->cmdstring, status); |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 444 | src->badness = src->sticky_badness = 128; |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 445 | return 0.0; |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 446 | } else |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 447 | return 0.0; |
| 448 | } |
| 449 | |
| 450 | double |
| 451 | stir_from_system(void) |
| 452 | { |
| 453 | double total_entropy_estimate; |
| 454 | long int i; |
| 455 | |
| 456 | total_entropy_estimate = 0; |
| 457 | |
| 458 | i = getpid(); |
| 459 | RAND_add(&i, sizeof(i), 0.5); |
| 460 | total_entropy_estimate += 0.1; |
| 461 | |
| 462 | i = getppid(); |
| 463 | RAND_add(&i, sizeof(i), 0.5); |
| 464 | total_entropy_estimate += 0.1; |
| 465 | |
| 466 | i = getuid(); |
| 467 | RAND_add(&i, sizeof(i), 0.0); |
| 468 | i = getgid(); |
| 469 | RAND_add(&i, sizeof(i), 0.0); |
| 470 | |
| 471 | total_entropy_estimate += stir_gettimeofday(1.0); |
| 472 | total_entropy_estimate += stir_clock(0.5); |
| 473 | total_entropy_estimate += stir_rusage(RUSAGE_SELF, 2.0); |
| 474 | |
| 475 | return total_entropy_estimate; |
| 476 | } |
| 477 | |
| 478 | double |
| 479 | stir_from_programs(void) |
| 480 | { |
| 481 | int c; |
| 482 | double entropy, total_entropy; |
Kevin Steves | 4bdb547 | 2002-07-28 20:42:23 +0000 | [diff] [blame] | 483 | unsigned char hash[SHA_DIGEST_LENGTH]; |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 484 | |
| 485 | total_entropy = 0; |
| 486 | for(c = 0; entropy_cmds[c].path != NULL; c++) { |
| 487 | if (!entropy_cmds[c].badness) { |
| 488 | /* Hash output from command */ |
| 489 | entropy = hash_command_output(&entropy_cmds[c], |
| 490 | hash); |
| 491 | |
| 492 | /* Scale back estimate by command's rate */ |
| 493 | entropy *= entropy_cmds[c].rate; |
| 494 | |
| 495 | /* Upper bound of entropy is SHA_DIGEST_LENGTH */ |
| 496 | if (entropy > SHA_DIGEST_LENGTH) |
| 497 | entropy = SHA_DIGEST_LENGTH; |
| 498 | |
| 499 | /* Stir it in */ |
| 500 | RAND_add(hash, sizeof(hash), entropy); |
| 501 | |
Damien Miller | a8e06ce | 2003-11-21 23:48:55 +1100 | [diff] [blame] | 502 | debug3("Got %0.2f bytes of entropy from '%s'", |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 503 | entropy, entropy_cmds[c].cmdstring); |
| 504 | |
| 505 | total_entropy += entropy; |
| 506 | |
| 507 | /* Execution time should be a bit unpredictable */ |
| 508 | total_entropy += stir_gettimeofday(0.05); |
| 509 | total_entropy += stir_clock(0.05); |
| 510 | total_entropy += stir_rusage(RUSAGE_SELF, 0.1); |
| 511 | total_entropy += stir_rusage(RUSAGE_CHILDREN, 0.1); |
| 512 | } else { |
| 513 | debug2("Command '%s' disabled (badness %d)", |
Damien Miller | a8e06ce | 2003-11-21 23:48:55 +1100 | [diff] [blame] | 514 | entropy_cmds[c].cmdstring, |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 515 | entropy_cmds[c].badness); |
| 516 | |
| 517 | if (entropy_cmds[c].badness > 0) |
| 518 | entropy_cmds[c].badness--; |
| 519 | } |
| 520 | } |
| 521 | |
| 522 | return total_entropy; |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 523 | } |
| 524 | |
| 525 | /* |
| 526 | * prng seedfile functions |
| 527 | */ |
| 528 | int |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 529 | prng_check_seedfile(char *filename) |
| 530 | { |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 531 | struct stat st; |
| 532 | |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 533 | /* |
Damien Miller | a8e06ce | 2003-11-21 23:48:55 +1100 | [diff] [blame] | 534 | * XXX raceable: eg replace seed between this stat and subsequent |
| 535 | * open. Not such a problem because we don't really trust the |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 536 | * seed file anyway. |
| 537 | * XXX: use secure path checking as elsewhere in OpenSSH |
| 538 | */ |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 539 | if (lstat(filename, &st) == -1) { |
| 540 | /* Give up on hard errors */ |
| 541 | if (errno != ENOENT) |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 542 | debug("WARNING: Couldn't stat random seed file " |
| 543 | "\"%.100s\": %s", filename, strerror(errno)); |
| 544 | return 0; |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 545 | } |
| 546 | |
| 547 | /* regular file? */ |
| 548 | if (!S_ISREG(st.st_mode)) |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 549 | fatal("PRNG seedfile %.100s is not a regular file", |
| 550 | filename); |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 551 | |
| 552 | /* mode 0600, owned by root or the current user? */ |
| 553 | if (((st.st_mode & 0177) != 0) || !(st.st_uid == getuid())) { |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 554 | debug("WARNING: PRNG seedfile %.100s must be mode 0600, " |
Damien Miller | c46b6bc | 2003-05-16 15:51:44 +1000 | [diff] [blame] | 555 | "owned by uid %li", filename, (long int)getuid()); |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 556 | return 0; |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 557 | } |
| 558 | |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 559 | return 1; |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 560 | } |
| 561 | |
| 562 | void |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 563 | prng_write_seedfile(void) |
| 564 | { |
Damien Miller | ed462d9 | 2005-02-16 13:02:45 +1100 | [diff] [blame] | 565 | int fd, save_errno; |
Kevin Steves | 4bdb547 | 2002-07-28 20:42:23 +0000 | [diff] [blame] | 566 | unsigned char seed[SEED_FILE_SIZE]; |
Damien Miller | ed462d9 | 2005-02-16 13:02:45 +1100 | [diff] [blame] | 567 | char filename[MAXPATHLEN], tmpseed[MAXPATHLEN]; |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 568 | struct passwd *pw; |
Damien Miller | ed462d9 | 2005-02-16 13:02:45 +1100 | [diff] [blame] | 569 | mode_t old_umask; |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 570 | |
| 571 | pw = getpwuid(getuid()); |
| 572 | if (pw == NULL) |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 573 | fatal("Couldn't get password entry for current user " |
Damien Miller | c46b6bc | 2003-05-16 15:51:44 +1000 | [diff] [blame] | 574 | "(%li): %s", (long int)getuid(), strerror(errno)); |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 575 | |
| 576 | /* Try to ensure that the parent directory is there */ |
| 577 | snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir, |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 578 | _PATH_SSH_USER_DIR); |
Darren Tucker | daf6ff4 | 2006-07-05 21:35:48 +1000 | [diff] [blame] | 579 | if (mkdir(filename, 0700) < 0 && errno != EEXIST) |
| 580 | fatal("mkdir %.200s: %s", filename, strerror(errno)); |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 581 | |
| 582 | snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir, |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 583 | SSH_PRNG_SEED_FILE); |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 584 | |
Damien Miller | ed462d9 | 2005-02-16 13:02:45 +1100 | [diff] [blame] | 585 | strlcpy(tmpseed, filename, sizeof(tmpseed)); |
| 586 | if (strlcat(tmpseed, ".XXXXXXXXXX", sizeof(tmpseed)) >= |
| 587 | sizeof(tmpseed)) |
| 588 | fatal("PRNG seed filename too long"); |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 589 | |
Damien Miller | cafbcc7 | 2003-03-17 16:13:53 +1100 | [diff] [blame] | 590 | if (RAND_bytes(seed, sizeof(seed)) <= 0) |
Ben Lindstrom | da4d9cf | 2003-09-22 15:36:15 +0000 | [diff] [blame] | 591 | fatal("PRNG seed extraction failed"); |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 592 | |
| 593 | /* Don't care if the seed doesn't exist */ |
| 594 | prng_check_seedfile(filename); |
| 595 | |
Damien Miller | ed462d9 | 2005-02-16 13:02:45 +1100 | [diff] [blame] | 596 | old_umask = umask(0177); |
| 597 | |
| 598 | if ((fd = mkstemp(tmpseed)) == -1) { |
| 599 | debug("WARNING: couldn't make temporary PRNG seedfile %.100s " |
| 600 | "(%.100s)", tmpseed, strerror(errno)); |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 601 | } else { |
Damien Miller | ed462d9 | 2005-02-16 13:02:45 +1100 | [diff] [blame] | 602 | debug("writing PRNG seed to file %.100s", tmpseed); |
| 603 | if (atomicio(vwrite, fd, &seed, sizeof(seed)) < sizeof(seed)) { |
| 604 | save_errno = errno; |
| 605 | close(fd); |
| 606 | unlink(tmpseed); |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 607 | fatal("problem writing PRNG seedfile %.100s " |
Damien Miller | ed462d9 | 2005-02-16 13:02:45 +1100 | [diff] [blame] | 608 | "(%.100s)", filename, strerror(save_errno)); |
| 609 | } |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 610 | close(fd); |
Damien Miller | ed462d9 | 2005-02-16 13:02:45 +1100 | [diff] [blame] | 611 | debug("moving temporary PRNG seed to file %.100s", filename); |
| 612 | if (rename(tmpseed, filename) == -1) { |
| 613 | save_errno = errno; |
| 614 | unlink(tmpseed); |
| 615 | fatal("problem renaming PRNG seedfile from %.100s " |
Damien Miller | 94cf4c8 | 2005-07-17 17:04:47 +1000 | [diff] [blame] | 616 | "to %.100s (%.100s)", tmpseed, filename, |
Damien Miller | ed462d9 | 2005-02-16 13:02:45 +1100 | [diff] [blame] | 617 | strerror(save_errno)); |
| 618 | } |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 619 | } |
Damien Miller | ed462d9 | 2005-02-16 13:02:45 +1100 | [diff] [blame] | 620 | umask(old_umask); |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 621 | } |
| 622 | |
| 623 | void |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 624 | prng_read_seedfile(void) |
| 625 | { |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 626 | int fd; |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 627 | char seed[SEED_FILE_SIZE], filename[MAXPATHLEN]; |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 628 | struct passwd *pw; |
| 629 | |
| 630 | pw = getpwuid(getuid()); |
| 631 | if (pw == NULL) |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 632 | fatal("Couldn't get password entry for current user " |
Damien Miller | c46b6bc | 2003-05-16 15:51:44 +1000 | [diff] [blame] | 633 | "(%li): %s", (long int)getuid(), strerror(errno)); |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 634 | |
| 635 | snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir, |
| 636 | SSH_PRNG_SEED_FILE); |
| 637 | |
| 638 | debug("loading PRNG seed from file %.100s", filename); |
| 639 | |
| 640 | if (!prng_check_seedfile(filename)) { |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 641 | verbose("Random seed file not found or invalid, ignoring."); |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 642 | return; |
| 643 | } |
| 644 | |
| 645 | /* open the file and read in the seed */ |
| 646 | fd = open(filename, O_RDONLY); |
| 647 | if (fd == -1) |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 648 | fatal("could not open PRNG seedfile %.100s (%.100s)", |
| 649 | filename, strerror(errno)); |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 650 | |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 651 | if (atomicio(read, fd, &seed, sizeof(seed)) < sizeof(seed)) { |
| 652 | verbose("invalid or short read from PRNG seedfile " |
| 653 | "%.100s - ignoring", filename); |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 654 | memset(seed, '\0', sizeof(seed)); |
| 655 | } |
| 656 | close(fd); |
| 657 | |
| 658 | /* stir in the seed, with estimated entropy zero */ |
| 659 | RAND_add(&seed, sizeof(seed), 0.0); |
| 660 | } |
| 661 | |
| 662 | |
| 663 | /* |
| 664 | * entropy command initialisation functions |
| 665 | */ |
| 666 | int |
| 667 | prng_read_commands(char *cmdfilename) |
| 668 | { |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 669 | char cmd[SEED_FILE_SIZE], *cp, line[1024], path[SEED_FILE_SIZE]; |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 670 | double est; |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 671 | entropy_cmd_t *entcmd; |
| 672 | FILE *f; |
| 673 | int cur_cmd, linenum, num_cmds, arg; |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 674 | |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 675 | if ((f = fopen(cmdfilename, "r")) == NULL) { |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 676 | fatal("couldn't read entropy commands file %.100s: %.100s", |
| 677 | cmdfilename, strerror(errno)); |
| 678 | } |
| 679 | |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 680 | num_cmds = 64; |
Darren Tucker | d8093e4 | 2006-05-04 16:24:34 +1000 | [diff] [blame] | 681 | entcmd = xcalloc(num_cmds, sizeof(entropy_cmd_t)); |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 682 | |
| 683 | /* Read in file */ |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 684 | cur_cmd = linenum = 0; |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 685 | while (fgets(line, sizeof(line), f)) { |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 686 | linenum++; |
| 687 | |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 688 | /* Skip leading whitespace, blank lines and comments */ |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 689 | cp = line + strspn(line, WHITESPACE); |
| 690 | if ((*cp == 0) || (*cp == '#')) |
| 691 | continue; /* done with this line */ |
| 692 | |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 693 | /* |
Damien Miller | a8e06ce | 2003-11-21 23:48:55 +1100 | [diff] [blame] | 694 | * The first non-whitespace char should be a double quote |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 695 | * delimiting the commandline |
| 696 | */ |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 697 | if (*cp != '"') { |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 698 | error("bad entropy command, %.100s line %d", |
| 699 | cmdfilename, linenum); |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 700 | continue; |
| 701 | } |
| 702 | |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 703 | /* |
| 704 | * First token, command args (incl. argv[0]) in double |
| 705 | * quotes |
| 706 | */ |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 707 | cp = strtok(cp, "\""); |
| 708 | if (cp == NULL) { |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 709 | error("missing or bad command string, %.100s " |
| 710 | "line %d -- ignored", cmdfilename, linenum); |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 711 | continue; |
| 712 | } |
| 713 | strlcpy(cmd, cp, sizeof(cmd)); |
| 714 | |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 715 | /* Second token, full command path */ |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 716 | if ((cp = strtok(NULL, WHITESPACE)) == NULL) { |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 717 | error("missing command path, %.100s " |
| 718 | "line %d -- ignored", cmdfilename, linenum); |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 719 | continue; |
| 720 | } |
| 721 | |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 722 | /* Did configure mark this as dead? */ |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 723 | if (strncmp("undef", cp, 5) == 0) |
| 724 | continue; |
| 725 | |
| 726 | strlcpy(path, cp, sizeof(path)); |
| 727 | |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 728 | /* Third token, entropy rate estimate for this command */ |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 729 | if ((cp = strtok(NULL, WHITESPACE)) == NULL) { |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 730 | error("missing entropy estimate, %.100s " |
| 731 | "line %d -- ignored", cmdfilename, linenum); |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 732 | continue; |
| 733 | } |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 734 | est = strtod(cp, NULL); |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 735 | |
| 736 | /* end of line */ |
| 737 | if ((cp = strtok(NULL, WHITESPACE)) != NULL) { |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 738 | error("garbage at end of line %d in %.100s " |
| 739 | "-- ignored", linenum, cmdfilename); |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 740 | continue; |
| 741 | } |
| 742 | |
| 743 | /* save the command for debug messages */ |
| 744 | entcmd[cur_cmd].cmdstring = xstrdup(cmd); |
| 745 | |
| 746 | /* split the command args */ |
| 747 | cp = strtok(cmd, WHITESPACE); |
| 748 | arg = 0; |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 749 | do { |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 750 | entcmd[cur_cmd].args[arg] = xstrdup(cp); |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 751 | arg++; |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 752 | } while(arg < NUM_ARGS && (cp = strtok(NULL, WHITESPACE))); |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 753 | |
| 754 | if (strtok(NULL, WHITESPACE)) |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 755 | error("ignored extra commands (max %d), %.100s " |
| 756 | "line %d", NUM_ARGS, cmdfilename, linenum); |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 757 | |
| 758 | /* Copy the command path and rate estimate */ |
| 759 | entcmd[cur_cmd].path = xstrdup(path); |
| 760 | entcmd[cur_cmd].rate = est; |
| 761 | |
| 762 | /* Initialise other values */ |
| 763 | entcmd[cur_cmd].sticky_badness = 1; |
| 764 | |
| 765 | cur_cmd++; |
| 766 | |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 767 | /* |
| 768 | * If we've filled the array, reallocate it twice the size |
Damien Miller | a8e06ce | 2003-11-21 23:48:55 +1100 | [diff] [blame] | 769 | * Do this now because even if this we're on the last |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 770 | * command we need another slot to mark the last entry |
| 771 | */ |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 772 | if (cur_cmd == num_cmds) { |
| 773 | num_cmds *= 2; |
Damien Miller | 3681209 | 2006-03-26 14:22:47 +1100 | [diff] [blame] | 774 | entcmd = xrealloc(entcmd, num_cmds, |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 775 | sizeof(entropy_cmd_t)); |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 776 | } |
| 777 | } |
| 778 | |
| 779 | /* zero the last entry */ |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 780 | memset(&entcmd[cur_cmd], '\0', sizeof(entropy_cmd_t)); |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 781 | |
| 782 | /* trim to size */ |
Damien Miller | 3681209 | 2006-03-26 14:22:47 +1100 | [diff] [blame] | 783 | entropy_cmds = xrealloc(entcmd, (cur_cmd + 1), |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 784 | sizeof(entropy_cmd_t)); |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 785 | |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 786 | debug("Loaded %d entropy commands from %.100s", cur_cmd, |
| 787 | cmdfilename); |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 788 | |
Darren Tucker | f58b29d | 2006-05-17 22:24:56 +1000 | [diff] [blame] | 789 | fclose(f); |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 790 | return cur_cmd < MIN_ENTROPY_SOURCES ? -1 : 0; |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 791 | } |
| 792 | |
Damien Miller | 32e4818 | 2002-04-14 19:27:12 +1000 | [diff] [blame] | 793 | void |
| 794 | usage(void) |
| 795 | { |
| 796 | fprintf(stderr, "Usage: %s [options]\n", __progname); |
| 797 | fprintf(stderr, " -v Verbose; display verbose debugging messages.\n"); |
| 798 | fprintf(stderr, " Multiple -v increases verbosity.\n"); |
Damien Miller | 7daf044 | 2004-08-23 21:52:08 +1000 | [diff] [blame] | 799 | fprintf(stderr, " -x Force output in hexadecimal (for debugging)\n"); |
Damien Miller | 32e4818 | 2002-04-14 19:27:12 +1000 | [diff] [blame] | 800 | fprintf(stderr, " -X Force output in binary\n"); |
| 801 | fprintf(stderr, " -b bytes Number of bytes to output (default %d)\n", |
| 802 | OUTPUT_SEED_SIZE); |
| 803 | } |
| 804 | |
Damien Miller | a8e06ce | 2003-11-21 23:48:55 +1100 | [diff] [blame] | 805 | int |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 806 | main(int argc, char **argv) |
| 807 | { |
Damien Miller | 32e4818 | 2002-04-14 19:27:12 +1000 | [diff] [blame] | 808 | unsigned char *buf; |
| 809 | int ret, ch, debug_level, output_hex, bytes; |
| 810 | extern char *optarg; |
| 811 | LogLevel ll; |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 812 | |
Damien Miller | 59d3d5b | 2003-08-22 09:34:41 +1000 | [diff] [blame] | 813 | __progname = ssh_get_progname(argv[0]); |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 814 | log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1); |
| 815 | |
Damien Miller | 32e4818 | 2002-04-14 19:27:12 +1000 | [diff] [blame] | 816 | ll = SYSLOG_LEVEL_INFO; |
| 817 | debug_level = output_hex = 0; |
| 818 | bytes = OUTPUT_SEED_SIZE; |
| 819 | |
| 820 | /* Don't write binary data to a tty, unless we are forced to */ |
| 821 | if (isatty(STDOUT_FILENO)) |
| 822 | output_hex = 1; |
Damien Miller | 787b2ec | 2003-11-21 23:56:47 +1100 | [diff] [blame] | 823 | |
Damien Miller | 32e4818 | 2002-04-14 19:27:12 +1000 | [diff] [blame] | 824 | while ((ch = getopt(argc, argv, "vxXhb:")) != -1) { |
| 825 | switch (ch) { |
| 826 | case 'v': |
| 827 | if (debug_level < 3) |
| 828 | ll = SYSLOG_LEVEL_DEBUG1 + debug_level++; |
| 829 | break; |
| 830 | case 'x': |
| 831 | output_hex = 1; |
| 832 | break; |
| 833 | case 'X': |
| 834 | output_hex = 0; |
| 835 | break; |
| 836 | case 'b': |
| 837 | if ((bytes = atoi(optarg)) <= 0) |
| 838 | fatal("Invalid number of output bytes"); |
| 839 | break; |
| 840 | case 'h': |
| 841 | usage(); |
| 842 | exit(0); |
| 843 | default: |
| 844 | error("Invalid commandline option"); |
| 845 | usage(); |
| 846 | } |
| 847 | } |
| 848 | |
| 849 | log_init(argv[0], ll, SYSLOG_FACILITY_USER, 1); |
Damien Miller | 787b2ec | 2003-11-21 23:56:47 +1100 | [diff] [blame] | 850 | |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 851 | #ifdef USE_SEED_FILES |
| 852 | prng_read_seedfile(); |
| 853 | #endif |
| 854 | |
Damien Miller | 32e4818 | 2002-04-14 19:27:12 +1000 | [diff] [blame] | 855 | buf = xmalloc(bytes); |
| 856 | |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 857 | /* |
| 858 | * Seed the RNG from wherever we can |
| 859 | */ |
Damien Miller | 787b2ec | 2003-11-21 23:56:47 +1100 | [diff] [blame] | 860 | |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 861 | /* Take whatever is on the stack, but don't credit it */ |
Damien Miller | 32e4818 | 2002-04-14 19:27:12 +1000 | [diff] [blame] | 862 | RAND_add(buf, bytes, 0); |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 863 | |
Damien Miller | a8e06ce | 2003-11-21 23:48:55 +1100 | [diff] [blame] | 864 | debug("Seeded RNG with %i bytes from system calls", |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 865 | (int)stir_from_system()); |
| 866 | |
Darren Tucker | 8686ed7 | 2004-12-20 12:05:08 +1100 | [diff] [blame] | 867 | /* try prngd, fall back to commands if prngd fails or not configured */ |
| 868 | if (seed_from_prngd(buf, bytes) == 0) { |
| 869 | RAND_add(buf, bytes, bytes); |
| 870 | } else { |
| 871 | /* Read in collection commands */ |
| 872 | if (prng_read_commands(SSH_PRNG_COMMAND_FILE) == -1) |
| 873 | fatal("PRNG initialisation failed -- exiting."); |
| 874 | debug("Seeded RNG with %i bytes from programs", |
| 875 | (int)stir_from_programs()); |
| 876 | } |
Damien Miller | 7b10ef4 | 2002-01-21 23:44:12 +1100 | [diff] [blame] | 877 | |
| 878 | #ifdef USE_SEED_FILES |
| 879 | prng_write_seedfile(); |
| 880 | #endif |
| 881 | |
| 882 | /* |
| 883 | * Write the seed to stdout |
| 884 | */ |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 885 | |
| 886 | if (!RAND_status()) |
| 887 | fatal("Not enough entropy in RNG"); |
| 888 | |
Damien Miller | cafbcc7 | 2003-03-17 16:13:53 +1100 | [diff] [blame] | 889 | if (RAND_bytes(buf, bytes) <= 0) |
| 890 | fatal("Couldn't extract entropy from PRNG"); |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 891 | |
Damien Miller | 32e4818 | 2002-04-14 19:27:12 +1000 | [diff] [blame] | 892 | if (output_hex) { |
| 893 | for(ret = 0; ret < bytes; ret++) |
| 894 | printf("%02x", (unsigned char)(buf[ret])); |
| 895 | printf("\n"); |
| 896 | } else |
Darren Tucker | 8661b56 | 2003-07-06 15:20:46 +1000 | [diff] [blame] | 897 | ret = atomicio(vwrite, STDOUT_FILENO, buf, bytes); |
Damien Miller | 787b2ec | 2003-11-21 23:56:47 +1100 | [diff] [blame] | 898 | |
Damien Miller | 32e4818 | 2002-04-14 19:27:12 +1000 | [diff] [blame] | 899 | memset(buf, '\0', bytes); |
| 900 | xfree(buf); |
Damien Miller | 787b2ec | 2003-11-21 23:56:47 +1100 | [diff] [blame] | 901 | |
Damien Miller | 32e4818 | 2002-04-14 19:27:12 +1000 | [diff] [blame] | 902 | return ret == bytes ? 0 : 1; |
Damien Miller | 62116dc | 2001-12-24 01:41:47 +1100 | [diff] [blame] | 903 | } |
Darren Tucker | 7b48d25 | 2005-02-16 13:20:07 +1100 | [diff] [blame] | 904 | |
| 905 | /* |
| 906 | * We may attempt to re-seed during mkstemp if we are using the one in the |
Darren Tucker | 7a8619a | 2005-02-16 13:32:30 +1100 | [diff] [blame] | 907 | * compat library (via mkstemp -> _gettemp -> arc4random -> seed_rng) so we |
| 908 | * need our own seed_rng(). We must also check that we have enough entropy. |
Darren Tucker | 7b48d25 | 2005-02-16 13:20:07 +1100 | [diff] [blame] | 909 | */ |
| 910 | void |
| 911 | seed_rng(void) |
| 912 | { |
| 913 | if (!RAND_status()) |
| 914 | fatal("Not enough entropy in RNG"); |
| 915 | } |