diff options
author | dtucker <dtucker> | 2005-09-27 12:46:32 +0000 |
---|---|---|
committer | dtucker <dtucker> | 2005-09-27 12:46:32 +0000 |
commit | 7f373770ff6c5da00c845d4f0bb2ad2d8324ae4a (patch) | |
tree | e71c04395f778bdf9195a792213bddf280cc99e9 /entropy.c | |
parent | 64756ef6b0b7aaa5c67f8ba6db57b832fde90a0c (diff) | |
download | openssh-7f373770ff6c5da00c845d4f0bb2ad2d8324ae4a.tar.gz |
- (dtucker) [entropy.c entropy.h sshd.c] Pass RNG seed to the reexec'ed
process when sshd relies on ssh-random-helper. Should result in faster
logins on systems without a real random device or prngd. ok djm@
Diffstat (limited to 'entropy.c')
-rw-r--r-- | entropy.c | 32 |
1 files changed, 31 insertions, 1 deletions
@@ -26,6 +26,7 @@ #include <openssl/rand.h> #include <openssl/crypto.h> +#include <openssl/err.h> #include "ssh.h" #include "misc.h" @@ -33,6 +34,8 @@ #include "atomicio.h" #include "pathnames.h" #include "log.h" +#include "buffer.h" +#include "bufaux.h" /* * Portable OpenSSH PRNG seeding: @@ -45,7 +48,7 @@ * XXX: we should tell the child how many bytes we need. */ -RCSID("$Id: entropy.c,v 1.50 2005/09/27 09:50:25 dtucker Exp $"); +RCSID("$Id: entropy.c,v 1.51 2005/09/27 12:46:32 dtucker Exp $"); #ifndef OPENSSL_PRNG_ONLY #define RANDOM_SEED_SIZE 48 @@ -150,3 +153,30 @@ init_rng(void) #endif } +#ifndef OPENSSL_PRNG_ONLY +void +rexec_send_rng_seed(Buffer *m) +{ + u_char buf[RANDOM_SEED_SIZE]; + + if (RAND_bytes(buf, sizeof(buf)) <= 0) { + error("Couldn't obtain random bytes (error %ld)", + ERR_get_error()); + buffer_put_string(m, "", 0); + } else + buffer_put_string(m, buf, sizeof(buf)); +} + +void +rexec_recv_rng_seed(Buffer *m) +{ + char *buf; + u_int len; + + buf = buffer_get_string_ret(m, &len); + if (buf != NULL) { + debug3("rexec_recv_rng_seed: seeding rng with %u bytes", len); + RAND_add(buf, len, len); + } +} +#endif |