Fwd: OpenSSH on Ultrix?
Damien Miller
djm at mindrot.org
Sat Mar 3 00:17:33 EST 2001
On Fri, 2 Mar 2001, Lutz Jaenicke wrote:
> The change needed in entropy.c should not be that large, but the configure
> options need to be decided. --with-egd-port=portnum, than setting some
> EGD_PORT variable. Support could be built into the existing
> get_random_bytes() for EGD_SOCKET with some #ifdef's for EGD_SOCKET or
> EGD_PORT. What do you think?
I think this is exactly what I will do :) Can you give the below patch
a try for both Unix domain and localhost sockets? It replaces the
current --with-egd-pool configure option with --with-prngd-port and
--with-prngd-socket options.
BTW You should apply to the IANA to get a well known port number
assigned for PRNGd.
Index: acconfig.h
===================================================================
RCS file: /var/cvs/openssh/acconfig.h,v
retrieving revision 1.105
diff -u -r1.105 acconfig.h
--- acconfig.h 2001/02/26 21:39:07 1.105
+++ acconfig.h 2001/03/02 13:16:00
@@ -89,8 +89,11 @@
/* Location of random number pool */
#undef RANDOM_POOL
-/* Location of EGD random number socket */
-#undef EGD_SOCKET
+/* Location of PRNGD/EGD random number socket */
+#undef PRNGD_SOCKET
+
+/* Port number of PRNGD/EGD random number socket */
+#undef PRNGD_PORT
/* Builtin PRNG command timeout */
#undef ENTROPY_TIMEOUT_MSEC
Index: configure.in
===================================================================
RCS file: /var/cvs/openssh/configure.in,v
retrieving revision 1.260
diff -u -r1.260 configure.in
--- configure.in 2001/02/28 22:16:12 1.260
+++ configure.in 2001/03/02 13:16:00
@@ -1266,13 +1266,24 @@
]
)
-# Check for EGD pool file
-AC_ARG_WITH(egd-pool,
- [ --with-egd-pool=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
+# Check for PRNGD/EGD pool file
+AC_ARG_WITH(prngd-port,
+ [ --with-prngd-port=PORT read entropy from PRNGD/EGD localhost:PORT],
[
+ if test ! -z "$withval" -a "x$withval" != "xno" ; then
+ PRNGD_PORT="$withval"
+ AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT)
+ fi
+ ]
+)
+
+# Check for PRNGD/EGD pool file
+AC_ARG_WITH(prngd-socket,
+ [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
+ [
if test "x$withval" != "xno" ; then
- EGD_SOCKET="$withval";
- AC_DEFINE_UNQUOTED(EGD_SOCKET, "$EGD_SOCKET")
+ PRNGD_SOCKET="$withval"
+ AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
fi
],
[
@@ -1280,15 +1291,15 @@
if test -z "$RANDOM_POOL" ; then
AC_MSG_CHECKING(for PRNGD/EGD socket)
# Insert other locations here
- for egdsock in /var/run/egd-pool /etc/entropy; do
- if test -r $egdsock && $TEST_MINUS_S_SH -c "test -S $egdsock -o -p $egdsock" ; then
- EGD_SOCKET="$egdsock"
- AC_DEFINE_UNQUOTED(EGD_SOCKET, "$EGD_SOCKET")
+ for sock in /var/run/egd-pool /etc/entropy; do
+ if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
+ PRNGD_SOCKET="$sock"
+ AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
break;
fi
done
- if test ! -z "$EGD_SOCKET" ; then
- AC_MSG_RESULT($EGD_SOCKET)
+ if test ! -z "$PRNGD_SOCKET" ; then
+ AC_MSG_RESULT($PRNGD_SOCKET)
else
AC_MSG_RESULT(not found)
fi
@@ -1300,7 +1311,7 @@
# detect pathnames for entropy gathering commands, if we need them
INSTALL_SSH_PRNG_CMDS=""
rm -f prng_commands
-if (test -z "$RANDOM_POOL" && test -z "$EGD_SOCKET") ; then
+if (test -z "$RANDOM_POOL" && test -z "$PRNGD") ; then
# Use these commands to collect entropy
OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
@@ -1749,8 +1760,10 @@
if test ! -z "$RANDOM_POOL" ; then
RAND_MSG="Device ($RANDOM_POOL)"
else
- if test ! -z "$EGD_SOCKET" ; then
- RAND_MSG="EGD/PRNGD ($EGD_SOCKET)"
+ if test ! -z "$PRNGD_PORT" ; then
+ RAND_MSG="PRNGD/EGD (port localhost:$PRNGD_PORT)"
+ elif test ! -z "$PRNGD_SOCKET" ; then
+ RAND_MSG="PRNGD/EGD (socket $PRNGD_SOCKET)"
else
RAND_MSG="Builtin (timeout $entropy_timeout)"
BUILTIN_RNG=1
Index: entropy.c
===================================================================
RCS file: /var/cvs/openssh/entropy.c,v
retrieving revision 1.34
diff -u -r1.34 entropy.c
--- entropy.c 2001/02/27 00:00:52 1.34
+++ entropy.c 2001/03/02 13:16:00
@@ -68,6 +68,9 @@
# define SAVED_IDS_WORK_WITH_SETEUID
#endif
+#define SOCK_AF_INET(x) (*((struct sockaddr_in*)(&(x))))
+#define SOCK_AF_UNIX(x) (*((struct sockaddr_un*)(&(x))))
+
void check_openssl_version(void)
{
if (SSLeay() != OPENSSL_VERSION_NUMBER)
@@ -75,47 +78,65 @@
"have %lx", OPENSSL_VERSION_NUMBER, SSLeay());
}
+#if defined(PRNGD_SOCKET) || defined(PRNGD_PORT)
+# define USE_PRNGD
+#endif
-#if defined(EGD_SOCKET) || defined(RANDOM_POOL)
+#if defined(USE_PRNGD) || defined(RANDOM_POOL)
-#ifdef EGD_SOCKET
-/* Collect entropy from EGD */
+#ifdef USE_PRNGD
+/* Collect entropy from PRNGD/EGD */
int get_random_bytes(unsigned char *buf, int len)
{
int fd;
char msg[2];
- struct sockaddr_un addr;
+ struct sockaddr addr;
int addr_len, rval, errors;
mysig_t old_sigpipe;
+ memset(&addr, '\0', sizeof(addr));
+
+#ifdef PRNGD_PORT
+ addr.sa_family = AF_INET;
+ SOCK_AF_INET(addr).sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+ SOCK_AF_INET(addr).sin_port = htons(PRNGD_PORT);
+ addr_len = sizeof(struct sockaddr_in);
+#else /* use IP socket PRNGD_SOCKET instead */
/* Sanity checks */
- if (sizeof(EGD_SOCKET) > sizeof(addr.sun_path))
+ if (sizeof(PRNGD_SOCKET) > sizeof(SOCK_AF_UNIX(addr).sun_path))
fatal("Random pool path is too long");
if (len > 255)
- fatal("Too many bytes to read from EGD");
+ fatal("Too many bytes to read from PRNGD");
- memset(&addr, '\0', sizeof(addr));
- addr.sun_family = AF_UNIX;
- strlcpy(addr.sun_path, EGD_SOCKET, sizeof(addr.sun_path));
- addr_len = offsetof(struct sockaddr_un, sun_path) + sizeof(EGD_SOCKET);
+ addr.sa_family = AF_UNIX;
+ strlcpy(SOCK_AF_UNIX(addr).sun_path, PRNGD_SOCKET,
+ sizeof(SOCK_AF_UNIX(addr).sun_path));
+ addr_len = offsetof(struct sockaddr_un, sun_path) +
+ sizeof(PRNGD_SOCKET);
+#endif
old_sigpipe = mysignal(SIGPIPE, SIG_IGN);
errors = rval = 0;
reopen:
- fd = socket(AF_UNIX, SOCK_STREAM, 0);
+ fd = socket(addr.sa_family, SOCK_STREAM, 0);
if (fd == -1) {
error("Couldn't create AF_UNIX socket: %s", strerror(errno));
goto done;
}
if (connect(fd, (struct sockaddr*)&addr, addr_len) == -1) {
- error("Couldn't connect to EGD socket \"%s\": %s",
- addr.sun_path, strerror(errno));
+#ifdef PRNGD_PORT
+ error("Couldn't connect to PRNGD port %d: %s",
+ PRNGD_PORT, strerror(errno));
+#else
+ error("Couldn't connect to PRNGD socket \"%s\": %s",
+ SOCK_AF_UNIX(addr).sun_path, strerror(errno));
+#endif
goto done;
}
- /* Send blocking read request to EGD */
+ /* Send blocking read request to PRNGD */
msg[0] = 0x02;
msg[1] = len;
@@ -125,8 +146,8 @@
errors++;
goto reopen;
}
- error("Couldn't write to EGD socket \"%s\": %s",
- EGD_SOCKET, strerror(errno));
+ error("Couldn't write to PRNGD socket: %s",
+ strerror(errno));
goto done;
}
@@ -136,8 +157,8 @@
errors++;
goto reopen;
}
- error("Couldn't read from EGD socket \"%s\": %s",
- EGD_SOCKET, strerror(errno));
+ error("Couldn't read from PRNGD socket: %s",
+ strerror(errno));
goto done;
}
@@ -148,7 +169,7 @@
close(fd);
return(rval);
}
-#else /* !EGD_SOCKET */
+#else /* !USE_PRNGD */
#ifdef RANDOM_POOL
/* Collect entropy from /dev/urandom or pipe */
int get_random_bytes(unsigned char *buf, int len)
@@ -174,11 +195,11 @@
return(1);
}
#endif /* RANDOM_POOL */
-#endif /* EGD_SOCKET */
+#endif /* USE_PRNGD */
/*
* Seed OpenSSL's random number pool from Kernel random number generator
- * or EGD
+ * or PRNGD/EGD
*/
void
seed_rng(void)
@@ -202,7 +223,7 @@
check_openssl_version();
}
-#else /* defined(EGD_SOCKET) || defined(RANDOM_POOL) */
+#else /* defined(USE_PRNGD) || defined(RANDOM_POOL) */
/*
* FIXME: proper entropy estimations. All current values are guesses
@@ -877,4 +898,4 @@
prng_initialised = 1;
}
-#endif /* defined(EGD_SOCKET) || defined(RANDOM_POOL) */
+#endif /* defined(USE_PRNGD) || defined(RANDOM_POOL) */
--
| Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's
| http://www.mindrot.org / distributed filesystem'' - Dan Geer
More information about the openssh-unix-dev
mailing list