Patch to enable multiple possible sources of entropy

Tue Jun 12 00:19:47 EST 2001

On Sun, Jun 10, 2001 at 10:41:14PM -0400, Michael Stone wrote:
> On Sun, Jun 10, 2001 at 12:49:18PM -0500, mouring at etoh.eviladmin.org wrote:
> > Hmm.. my only complaints about the patch is that seed_rng and init_rng are
> > pretty unreadable due to #ifdef/#end

I could make it a lot more readable by having it always do access() to
probe for RANDOM_POOOL and PRNGD_SOCKET even if one of them is the only
choice.  I initially elected to trade off exact compatibility for
readability, but I'd be happy to change it.  I've included the more
readable init_rng() below for you to take a look at.  The difference is
that even if only one of RANDOM_POOL or PRNGD_SOCKET is compiled in, if it
isn't there the error message will be the more generic
    Couldn't find source for random number generator seed
rather than a message about the problem accessing the specific source.  I
put in some debug level 2 messages to help debugging that case (those are
good even if you choose to keep the extra ifdefs), and I slightly improved
the fatal error message.

Also, the ifdefs for PRNGD_SOCKET and USE_BUILTIN_ENTROPY do not really
need to be in the else case of PRNGD_PORT because configure enforces that
already, but I think it's more understandable this way.

> > and that I don't know if I like the
> > idea of ssh/sshd stepping down in entropy quality on a whim.  Which is
> > what this patch would do if for some odd reason prngd is offline at
> > startup of sshd/ssh.
> 
> What if there were some kind of warning message? We've already seen the
> obnoxious key-is-1023 message, what's one more? 

I don't mind a debug message but I really would not want a warning message
because that's going to be the normal case on a lot of my systems.  My
answer is that most likely even if prngd is offline, the PRNGD_SOCKET will
still exist even though there's no process listening on the other side.  In
that case, ssh will go ahead into the prngd_get_random_bytes case but get a
Connection Refused error (this happened during my testing).

Another idea would be to improve the fatal error message by saving some
information when the access() calls fail rather than just printing debug
messages.  For example, there could be a variable that points to the error
message to use if it gets to the fatal condition at the end.  Do you like
that better?  I don't think that complication is necessary.

> Obviously the entropy
> requirement depends on the application, but there are a lot of machines
> where I'm far more concerned about not getting in at all (because prngd
> is busted) than I am about bad entropy in that case. It's no worse than
> if prngd weren't being used at all, and might make it easier to accept
> prngd.

Good point.

- Dave Dykstra

------ more readable init_rng() follows ------------------------

void
init_rng(void)
{
	check_openssl_version();

#ifdef RANDOM_POOL
	if (access(RANDOM_POOL, F_OK) == 0) {
		seed_source = POOL_SOURCE;
		return;
	}
	else {
		debug2("Random pool %s does not exist", RANDOM_POOL);
	}
#endif /* RANDOM_POOL */

/* it's not trivial to probe for an open port so just make it
 *  take priority over the other sources if it is defined
 */
#ifdef PRNGD_PORT
	seed_source = PRNGD_SOURCE;
#else 

#ifdef PRNGD_SOCKET
	if (access(PRNGD_SOCKET, F_OK) == 0) {
		seed_source = PRNGD_SOURCE;
		return;
	}
	else {
		debug2("Entropy socket %s does not exist", PRNGD_SOCKET);
	}
#endif /* PRNGD_SOCKET */

#ifdef USE_BUILTIN_ENTROPY
	seed_source = BUILTIN_SOURCE;
	prng_init_rng();
#endif

#endif /* PRNGD_PORT */

	if (seed_source == 0)
		fatal("Couldn't find entropy source for random number generator");
}