tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- (djm) Make EGD failures non-fatal if OpenSSL's entropy pool is still OK 

based on patch from Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
This commit is contained in:
Damien Miller 2000-06-26 13:01:33 +10:00
parent 1f335fb8d8
commit 6468125052
3 changed files with 72 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog
View File

@ -2,6 +2,8 @@
- (djm) Better fix to aclocal tests from Garrick James <garrick@james.net>
- (djm) Account expiry support from Andreas Steinmetz <ast@domdv.de>
- (djm) Added password expiry checking (no password change support)
- (djm) Make EGD failures non-fatal if OpenSSL's entropy pool is still OK
based on patch from Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
- OpenBSD CVS update
- provos@cvs.openbsd.org 2000/06/25 14:17:58
[channels.c]

9
README
View File

@ -37,9 +37,15 @@ There is now several mailing lists for this port of OpenSSH. Please
refer to http://www.openssh.com/list.html for details on how to join.
Please send bug reports and patches to the mailing list
openssh-unix-dev@mindrot.org. The list is currently open to posting by
openssh-unix-dev@mindrot.org. The list is open to posting by
unsubscribed users.
If you are a citizen of the USA or another country which restricts
export of cryptographic products, then please refrain from sending
crypto-related code or patches to the list. We cannot accept them.
Other code contribution are accepted, but please follow the OpenBSD
style guidelines[5].
Please refer to the INSTALL document for information on how to install
OpenSSH on your system. The UPGRADING document details differences
between this port of OpenSSH and F-Secure SSH 1.x.
@ -59,4 +65,5 @@ References -
[2] ftp://ftp.freesoftware.com/pub/infozip/zlib/
[3] http://www.openssl.org/
[4] http://www.kernel.org/pub/linux/libs/pam/ (PAM is standard on Solaris)
[5] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9&apropos=0&manpath=OpenBSD+Current

101
entropy.c
View File

@ -35,7 +35,7 @@
#include <openssl/rand.h>
#include <openssl/sha.h>
RCSID("$Id: entropy.c,v 1.14 2000/06/18 04:07:04 djm Exp $");
RCSID("$Id: entropy.c,v 1.15 2000/06/26 03:01:33 djm Exp $");
#ifndef offsetof
# define offsetof(type, member) ((size_t) &((type *)0)->member)
@ -66,64 +66,83 @@ RCSID("$Id: entropy.c,v 1.14 2000/06/18 04:07:04 djm Exp $");
#ifdef EGD_SOCKET
/* Collect entropy from EGD */
void get_random_bytes(unsigned char *buf, int len)
int get_random_bytes(unsigned char *buf, int len)
{
static int egd_socket = -1;
int c;
char egd_message[2] = { 0x02, 0x00 };
int fd;
char msg[2];
struct sockaddr_un addr;
int addr_len;
memset(&addr, '\0', sizeof(addr));
addr.sun_family = AF_UNIX;
/* FIXME: compile time check? */
/* Sanity checks */
if (sizeof(EGD_SOCKET) > sizeof(addr.sun_path))
fatal("Random pool path is too long");
strlcpy(addr.sun_path, EGD_SOCKET, sizeof(addr.sun_path));
addr_len = offsetof(struct sockaddr_un, sun_path) + sizeof(EGD_SOCKET);
if (egd_socket == -1) {
egd_socket = socket(AF_UNIX, SOCK_STREAM, 0);
if (egd_socket == -1)
fatal("Couldn't create AF_UNIX socket: %s", strerror(errno));
if (connect(egd_socket, (struct sockaddr*)&addr, addr_len) == -1)
fatal("Couldn't connect to EGD socket \"%s\": %s", addr.sun_path, strerror(errno));
}
if (len > 255)
fatal("Too many bytes to read from EGD");
memset(&addr, '\0', sizeof(addr));
addr.sun_family = AF_UNIX;
strlcpy(addr.sun_path, EGD_SOCKET, sizeof(addr.sun_path));
addr_len = offsetof(struct sockaddr_un, sun_path) + sizeof(EGD_SOCKET);
fd = socket(AF_UNIX, SOCK_STREAM, 0);
if (fd == -1) {
error("Couldn't create AF_UNIX socket: %s", strerror(errno));
return(0);
}
if (connect(fd, (struct sockaddr*)&addr, addr_len) == -1) {
error("Couldn't connect to EGD socket \"%s\": %s",
addr.sun_path, strerror(errno));
close(fd);
return(0);
}
/* Send blocking read request to EGD */
egd_message[1] = len;
msg[0] = 0x02;
msg[1] = len;
c = atomicio(write, egd_socket, egd_message, sizeof(egd_message));
if (c == -1)
fatal("Couldn't write to EGD socket \"%s\": %s", EGD_SOCKET, strerror(errno));
if (atomicio(write, fd, msg, sizeof(msg)) != sizeof(msg)) {
error("Couldn't write to EGD socket \"%s\": %s",
EGD_SOCKET, strerror(errno));
close(fd);
return(0);
}
c = atomicio(read, egd_socket, buf, len);
if (c <= 0)
fatal("Couldn't read from EGD socket \"%s\": %s", EGD_SOCKET, strerror(errno));
if (atomicio(read, fd, buf, len) != len) {
error("Couldn't read from EGD socket \"%s\": %s",
EGD_SOCKET, strerror(errno));
close(fd);
return(0);
}
close(fd);
return(1);
}
#else /* !EGD_SOCKET */
#ifdef RANDOM_POOL
/* Collect entropy from /dev/urandom or pipe */
void get_random_bytes(unsigned char *buf, int len)
int get_random_bytes(unsigned char *buf, int len)
{
static int random_pool = -1;
int c;
int random_pool;
random_pool = open(RANDOM_POOL, O_RDONLY);
if (random_pool == -1) {
random_pool = open(RANDOM_POOL, O_RDONLY);
if (random_pool == -1)
fatal("Couldn't open random pool \"%s\": %s", RANDOM_POOL, strerror(errno));
error("Couldn't open random pool \"%s\": %s",
RANDOM_POOL, strerror(errno));
return(0);
}
c = atomicio(read, random_pool, buf, len);
if (c <= 0)
fatal("Couldn't read from random pool \"%s\": %s", RANDOM_POOL, strerror(errno));
if (atomicio(read, random_pool, buf, len) != len) {
error("Couldn't read from random pool \"%s\": %s",
RANDOM_POOL, strerror(errno));
close(random_pool);
return(0);
}
close(random_pool);
return(1);
}
#endif /* RANDOM_POOL */
#endif /* EGD_SOCKET */
@ -138,8 +157,12 @@ seed_rng(void)
char buf[32];
debug("Seeding random number generator");
get_random_bytes(buf, sizeof(buf));
if (!get_random_bytes(buf, sizeof(buf)) && !RAND_status())
fatal("Entropy collection failed and entropy exhausted");
RAND_add(buf, sizeof(buf), sizeof(buf));
memset(buf, '\0', sizeof(buf));
}