Patch to enable multiple possible sources of entropy

Dave Dykstra dwd at bell-labs.com
Sat Jun 9 01:29:29 EST 2001


On Thu, Jun 07, 2001 at 12:50:14PM -0500, Dave Dykstra wrote:
> I have a need to have the same OpenSSH binaries run on multiple machines
> which are administered by different people.  That means on Solaris, for
> example, there will be some with /dev/random, some on which I can run prngd
> because they'll be installing my binaries as root, and some which will have
> neither because they will be only installed as non-root.  Below is a patch
> to enable choosing all 3 possible sources at compile time, with the
> available source selected at run time.  If no configure parameters are
> given, it will still determine the entropy source at compile time and only
> the code for the one type, exactly as it does today.  The patch adds a
> configure option called --with-builtin-entropy.
> 
> I have tested this in all possible combinations of entropy sources, and on
> 6 different flavors of Unix (linux, solaris, sunos4, hpux, irix, and
> unixware1).

Argh, there's one minor modification needed for unixware1 (my test there
hadn't been complete enough): unix-domain sockets on unixware1 are
implemented as named pipes that have to be mode 000, so the call to
access(PRNGD_SOCKET, R_OK) doesn't work.  Change that R_OK to F_OK; that
works on all platforms.

- Dave Dykstra



More information about the openssh-unix-dev mailing list