- (dtucker) [entropy.c entropy.h sshd.c] Pass RNG seed to the reexec'ed

   process when sshd relies on ssh-random-helper.  Should result in faster
   logins on systems without a real random device or prngd.  ok djm@

1 files changed, 31 insertions, 1 deletions

diff --git a/entropy.c b/entropy.c
index 7f4a3078..ff97415a 100644
--- a/entropy.c
+++ b/entropy.c
@@ -26,6 +26,7 @@
 
 #include <openssl/rand.h>
 #include <openssl/crypto.h>
+#include <openssl/err.h>
 
 #include "ssh.h"
 #include "misc.h"
@@ -33,6 +34,8 @@
 #include "atomicio.h"
 #include "pathnames.h"
 #include "log.h"
+#include "buffer.h"
+#include "bufaux.h"
 
 /*
  * Portable OpenSSH PRNG seeding:
@@ -45,7 +48,7 @@
  * XXX: we should tell the child how many bytes we need.
  */
 
-RCSID("$Id: entropy.c,v 1.50 2005/09/27 09:50:25 dtucker Exp $");
+RCSID("$Id: entropy.c,v 1.51 2005/09/27 12:46:32 dtucker Exp $");
 
 #ifndef OPENSSL_PRNG_ONLY
 #define RANDOM_SEED_SIZE 48
@@ -150,3 +153,30 @@ init_rng(void)
 #endif
 }
 
+#ifndef OPENSSL_PRNG_ONLY
+void
+rexec_send_rng_seed(Buffer *m)
+{
+	u_char buf[RANDOM_SEED_SIZE];
+
+	if (RAND_bytes(buf, sizeof(buf)) <= 0) {
+		error("Couldn't obtain random bytes (error %ld)",
+		    ERR_get_error());
+		buffer_put_string(m, "", 0);
+	} else 
+		buffer_put_string(m, buf, sizeof(buf));
+}
+
+void
+rexec_recv_rng_seed(Buffer *m)
+{
+	char *buf;
+	u_int len;
+
+	buf = buffer_get_string_ret(m, &len);
+	if (buf != NULL) {
+		debug3("rexec_recv_rng_seed: seeding rng with %u bytes", len);
+		RAND_add(buf, len, len);
+	}
+}
+#endif