]
)
+# detect pathnames for entropy gathering commands, if we need them
+INSTALL_SSH_PRNG_CMDS=""
+rm -f prng_commands
if test -z "$RANDOM_POOL" -a -z "$EGD_SOCKET" ; then
# Use these commands to collect entropy
- AC_PATH_PROG(PROG_LS, ls)
- AC_PATH_PROG(PROG_NETSTAT, netstat)
- AC_PATH_PROG(PROG_ARP, arp)
- AC_PATH_PROG(PROG_IFCONFIG, ifconfig)
- AC_PATH_PROG(PROG_PS, ps)
- AC_PATH_PROG(PROG_W, w)
- AC_PATH_PROG(PROG_WHO, who)
- AC_PATH_PROG(PROG_LAST, last)
- AC_PATH_PROG(PROG_LASTLOG, lastlog)
- AC_PATH_PROG(PROG_DF, df)
- AC_PATH_PROG(PROG_VMSTAT, vmstat)
- AC_PATH_PROG(PROG_UPTIME, uptime)
- AC_PATH_PROG(PROG_IPCS, ipcs)
- AC_PATH_PROG(PROG_TAIL, tail)
- AC_PATH_PROG(PROG_LS, ls)
- if test ! -z "$PROG_LS" ; then
- AC_DEFINE_UNQUOTED(PROG_LS, "$PROG_LS")
- fi
- if test ! -z "$PROG_NETSTAT" ; then
- AC_DEFINE_UNQUOTED(PROG_NETSTAT, "$PROG_NETSTAT")
- fi
- if test ! -z "$PROG_ARP" ; then
- AC_DEFINE_UNQUOTED(PROG_ARP, "$PROG_ARP")
- fi
- if test ! -z "$PROG_IFCONFIG" ; then
- AC_DEFINE_UNQUOTED(PROG_IFCONFIG, "$PROG_IFCONFIG")
- fi
- if test ! -z "$PROG_PS" ; then
- AC_DEFINE_UNQUOTED(PROG_PS, "$PROG_PS")
- fi
- if test ! -z "$PROG_W" ; then
- AC_DEFINE_UNQUOTED(PROG_W, "$PROG_W")
- fi
- if test ! -z "$PROG_WHO" ; then
- AC_DEFINE_UNQUOTED(PROG_WHO, "$PROG_WHO")
- fi
- if test ! -z "$PROG_LAST" ; then
- AC_DEFINE_UNQUOTED(PROG_LAST, "$PROG_LAST")
- fi
- if test ! -z "$PROG_LASTLOG" ; then
- AC_DEFINE_UNQUOTED(PROG_LASTLOG, "$PROG_LASTLOG")
- fi
- if test ! -z "$PROG_DF" ; then
- AC_DEFINE_UNQUOTED(PROG_DF, "$PROG_DF")
- fi
- if test ! -z "$PROG_VMSTAT" ; then
- AC_DEFINE_UNQUOTED(PROG_VMSTAT, "$PROG_VMSTAT")
- fi
- if test ! -z "$PROG_UPTIME" ; then
- AC_DEFINE_UNQUOTED(PROG_UPTIME, "$PROG_UPTIME")
- fi
- if test ! -z "$PROG_UPTIME" ; then
- AC_DEFINE_UNQUOTED(PROG_UPTIME, "$PROG_UPTIME")
- fi
- if test ! -z "$PROG_TAIL" ; then
- AC_DEFINE_UNQUOTED(PROG_TAIL, "$PROG_TAIL")
- fi
+ AC_PATH_ENTROPY_PROG(PROG_LS, ls)
+ AC_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
+ AC_PATH_ENTROPY_PROG(PROG_ARP, arp)
+ AC_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
+ AC_PATH_ENTROPY_PROG(PROG_PS, ps)
+ AC_PATH_ENTROPY_PROG(PROG_W, w)
+ AC_PATH_ENTROPY_PROG(PROG_WHO, who)
+ AC_PATH_ENTROPY_PROG(PROG_LAST, last)
+ AC_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
+ AC_PATH_ENTROPY_PROG(PROG_DF, df)
+ AC_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
+ AC_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
+ AC_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
+ AC_PATH_ENTROPY_PROG(PROG_TAIL, tail)
+ AC_PATH_ENTROPY_PROG(PROG_LS, ls)
+
+ INSTALL_SSH_PRNG_CMDS="yes"
fi
+AC_SUBST(INSTALL_SSH_PRNG_CMDS)
+
AC_ARG_WITH(catman,
[ --with-catman=man|cat Install preformatted manpages[no]],
AC_MSG_WARN([Please check and edit -blibpath in LDFLAGS in Makefile])
fi
-AC_OUTPUT(Makefile)
+AC_OUTPUT(Makefile ssh_prng_cmds)
+
+
#include <openssl/rand.h>
#include <openssl/sha.h>
-RCSID("$Id: entropy.c,v 1.7 2000/05/01 14:03:56 damien Exp $");
+RCSID("$Id: entropy.c,v 1.8 2000/05/01 23:56:41 damien Exp $");
#ifdef EGD_SOCKET
#ifndef offsetof
* FIXME: proper entropy estimations. All current values are guesses
* FIXME: (ATL) do estimates at compile time?
* FIXME: More entropy sources
- * FIXME: (ATL) bring in entropy sources from file
- * FIXME: (ATL) add heuristic to increase the timeout if needed
*/
/* slow command timeouts (all in milliseconds) */
static int entropy_timeout_current = ENTROPY_TIMEOUT_MSEC;
static int prng_seed_loaded = 0;
-static int prng_seed_saved = 0;
+static int prng_seed_saved = 0;
+static int prng_commands_loaded = 0;
typedef struct
{
/* Increases by factor of two each timeout */
unsigned int sticky_badness;
/* Path to executable */
- const char *path;
+ char *path;
/* argv to pass to executable */
- const char *args[5];
+ char *args[5];
} entropy_source_t;
double stir_from_system(void);
double stir_rusage(int who, double entropy_estimate);
double hash_output_from_command(entropy_source_t *src, char *hash);
-entropy_source_t entropy_sources[] = {
-#ifdef PROG_LS
- { 0.002, 0, 1, PROG_LS, { "ls", "-alni", "/var/log", NULL } },
- { 0.002, 0, 1, PROG_LS, { "ls", "-alni", "/var/adm", NULL } },
- { 0.002, 0, 1, PROG_LS, { "ls", "-alni", "/var/mail", NULL } },
- { 0.002, 0, 1, PROG_LS, { "ls", "-alni", "/var/spool/mail", NULL } },
- { 0.002, 0, 1, PROG_LS, { "ls", "-alni", "/proc", NULL } },
- { 0.002, 0, 1, PROG_LS, { "ls", "-alni", "/tmp", NULL } },
-#endif
-#ifdef PROG_NETSTAT
- { 0.005, 0, 1, PROG_NETSTAT, { "netstat","-an", NULL, NULL } },
- { 0.010, 0, 1, PROG_NETSTAT, { "netstat","-in", NULL, NULL } },
- { 0.002, 0, 1, PROG_NETSTAT, { "netstat","-rn", NULL, NULL } },
- { 0.002, 0, 1, PROG_NETSTAT, { "netstat","-s", NULL, NULL } },
-#endif
-#ifdef PROG_ARP
- { 0.002, 0, 1, PROG_ARP, { "arp","-a","-n", NULL } },
-#endif
-#ifdef PROG_IFCONFIG
- { 0.002, 0, 1, PROG_IFCONFIG, { "ifconfig", "-a", NULL, NULL } },
-#endif
-#ifdef PROG_PS
- { 0.003, 0, 1, PROG_PS, { "ps", "laxww", NULL, NULL } },
- { 0.003, 0, 1, PROG_PS, { "ps", "-al", NULL, NULL } },
- { 0.003, 0, 1, PROG_PS, { "ps", "-efl", NULL, NULL } },
-#endif
-#ifdef PROG_W
- { 0.005, 0, 1, PROG_W, { "w", NULL, NULL, NULL } },
-#endif
-#ifdef PROG_WHO
- { 0.001, 0, 1, PROG_WHO, { "who","-i", NULL, NULL } },
-#endif
-#ifdef PROG_LAST
- { 0.001, 0, 1, PROG_LAST, { "last", NULL, NULL, NULL } },
-#endif
-#ifdef PROG_LASTLOG
- { 0.001, 0, 1, PROG_LASTLOG, { "lastlog", NULL, NULL, NULL } },
-#endif
-#ifdef PROG_DF
- { 0.010, 0, 1, PROG_DF, { "df", NULL, NULL, NULL } },
- { 0.010, 0, 1, PROG_DF, { "df", "-i", NULL, NULL } },
-#endif
-#ifdef PROG_VMSTAT
- { 0.010, 0, 1, PROG_VMSTAT, { "vmstat", NULL, NULL, NULL } },
-#endif
-#ifdef PROG_UPTIME
- { 0.001, 0, 1, PROG_UPTIME, { "uptime", NULL, NULL, NULL } },
-#endif
-#ifdef PROG_IPCS
- { 0.001, 0, 1, PROG_IPCS, { "-a", NULL, NULL, NULL } },
-#endif
-#ifdef PROG_TAIL
- { 0.001, 0, 1, PROG_TAIL, { "tail", "-200", "/var/log/messages", NULL, NULL } },
- { 0.001, 0, 1, PROG_TAIL, { "tail", "-200", "/var/log/syslog", NULL, NULL } },
- { 0.001, 0, 1, PROG_TAIL, { "tail", "-200", "/var/adm/messages", NULL, NULL } },
- { 0.001, 0, 1, PROG_TAIL, { "tail", "-200", "/var/adm/syslog", NULL, NULL } },
- { 0.001, 0, 1, PROG_TAIL, { "tail", "-200", "/var/log/maillog", NULL, NULL } },
- { 0.001, 0, 1, PROG_TAIL, { "tail", "-200", "/var/adm/maillog", NULL, NULL } },
-#endif
- { 0.000, 0, 0, NULL, { NULL, NULL, NULL, NULL, NULL } },
-};
+/* this is initialised from a file, by prng_read_commands() */
+entropy_source_t *entropy_sources = NULL;
+#define MIN_ENTROPY_SOURCES 16
+
double
stir_from_system(void)
RAND_add(&seed, sizeof(seed), 0.0);
}
+
+/*
+ * entropy command initialisation functions
+ */
+#define WHITESPACE " \t\n"
+
+int
+prng_read_commands(char *cmdfilename)
+{
+ FILE *f;
+ char line[1024];
+ char cmd[1024], path[256];
+ double est;
+ char *cp;
+ int linenum;
+ entropy_source_t *entcmd;
+ int num_cmds = 64;
+ int cur_cmd = 0;
+
+ f = fopen(cmdfilename, "r");
+ if (!f) {
+ fatal("couldn't read entropy commands file %.100s: %.100s",
+ cmdfilename, strerror(errno));
+ }
+
+ linenum = 0;
+
+ entcmd = (entropy_source_t *)xmalloc(num_cmds * sizeof(entropy_source_t));
+ memset(entcmd, '\0', num_cmds * sizeof(entropy_source_t));
+
+ while (fgets(line, sizeof(line), f)) {
+ linenum++;
+
+ /* skip leading whitespace, test for blank line or comment */
+ cp = line + strspn(line, WHITESPACE);
+ if ((*cp == 0) || (*cp == '#'))
+ continue; /* done with this line */
+
+ switch (*cp) {
+ int arg;
+ char *argv;
+
+ case '"':
+ /* first token, command args (incl. argv[0]) in double quotes */
+ cp = strtok(cp, "\"");
+ if (cp==NULL) {
+ error("missing or bad command string, %.100s line %d -- ignored",
+ cmdfilename, linenum);
+ continue;
+ }
+ strncpy(cmd, cp, sizeof(cmd));
+ /* second token, full command path */
+ if ((cp = strtok(NULL, WHITESPACE)) == NULL) {
+ error("missing command path, %.100s line %d -- ignored",
+ cmdfilename, linenum);
+ continue;
+ }
+ if (strncmp("undef", cp, 5)==0) /* did configure mark this as dead? */
+ continue;
+
+ strncpy(path, cp, sizeof(path));
+ /* third token, entropy rate estimate for this command */
+ if ( (cp = strtok(NULL, WHITESPACE)) == NULL) {
+ error("missing entropy estimate, %.100s line %d -- ignored",
+ cmdfilename, linenum);
+ continue;
+ }
+ est = strtod(cp, &argv);/* FIXME: (ATL) no error checking here */
+
+ /* end of line */
+ if ((cp = strtok(NULL, WHITESPACE)) != NULL) {
+ error("garbage at end of line %d in %.100s -- ignored",
+ linenum, cmdfilename);
+ continue;
+ }
+
+ /* split the command args */
+ cp = strtok(cmd, WHITESPACE);
+ arg = 0; argv = NULL;
+ do {
+ char *s = (char*)xmalloc(strlen(cp)+1);
+ strncpy(s, cp, strlen(cp)+1);
+ entcmd[cur_cmd].args[arg] = s;
+ arg++;
+ } while ((arg < 5) && (cp = strtok(NULL, WHITESPACE)));
+ if (strtok(NULL, WHITESPACE))
+ error("ignored extra command elements (max 5), %.100s line %d",
+ cmdfilename, linenum);
+
+ /* copy the command path and rate estimate */
+ entcmd[cur_cmd].path = (char *)xmalloc(strlen(path)+1);
+ strncpy(entcmd[cur_cmd].path, path, strlen(path)+1);
+ entcmd[cur_cmd].rate = est;
+ /* initialise other values */
+ entcmd[cur_cmd].sticky_badness = 1;
+
+ cur_cmd++;
+
+ /* If we've filled the array, reallocate it twice the size */
+ /* Do this now because even if this we're on the last command,
+ we need another slot to mark the last entry */
+ if (cur_cmd == num_cmds) {
+ num_cmds *= 2;
+ entcmd = xrealloc(entcmd, num_cmds * sizeof(entropy_source_t));
+ }
+ break;
+
+ default:
+ error("bad entropy command, %.100s line %d", cmdfilename,
+ linenum);
+ continue;
+ }
+ }
+
+ /* zero the last entry */
+ memset(&entcmd[cur_cmd], '\0', sizeof(entropy_source_t));
+ /* trim to size */
+ entropy_sources = xrealloc(entcmd, (cur_cmd+1) * sizeof(entropy_source_t));
+
+ debug("loaded %d entropy commands from %.100s", cur_cmd, cmdfilename);
+
+ return (cur_cmd >= MIN_ENTROPY_SOURCES);
+}
+
+
#endif /* defined(EGD_SOCKET) || defined(RANDOM_POOL) */
#if defined(EGD_SOCKET) || defined(RANDOM_POOL)
void
seed_rng(void)
{
+ if (!prng_commands_loaded) {
+ if (!prng_read_commands(SSH_PRNG_COMMAND_FILE))
+ fatal("PRNG initialisation failed -- exiting.");
+ prng_commands_loaded = 1;
+ }
+
debug("Seeding random number generator.");
debug("OpenSSL random status is now %i\n", RAND_status());
debug("%i bytes from system calls", (int)stir_from_system());
projects / thirdparty / openssh-portable.git / commitdiff
