crypto/openssh/entropy.c

   1 /*
   2  * Copyright (c) 2001 Damien Miller.  All rights reserved.
   3  *
   4  * Redistribution and use in source and binary forms, with or without
   5  * modification, are permitted provided that the following conditions
   6  * are met:
   7  * 1. Redistributions of source code must retain the above copyright
   8  *    notice, this list of conditions and the following disclaimer.
   9  * 2. Redistributions in binary form must reproduce the above copyright
  10  *    notice, this list of conditions and the following disclaimer in the
  11  *    documentation and/or other materials provided with the distribution.
  12  *
  13  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
  14  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
  15  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
  16  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
  17  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  18  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  19  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  20  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  21  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  22  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  23  */
  24
  25 #include "includes.h"
  26
  27 #define RANDOM_SEED_SIZE 48
  28
  29 #ifdef WITH_OPENSSL
  30
  31 #include <sys/types.h>
  32
  33 #include <errno.h>
  34 #include <signal.h>
  35 #include <stdlib.h>
  36 #include <string.h>
  37 #include <unistd.h>
  38
  39 #include <openssl/rand.h>
  40 #include <openssl/crypto.h>
  41 #include <openssl/err.h>
  42
  43 #include "openbsd-compat/openssl-compat.h"
  44
  45 #include "ssh.h"
  46 #include "misc.h"
  47 #include "xmalloc.h"
  48 #include "atomicio.h"
  49 #include "pathnames.h"
  50 #include "log.h"
  51 #include "sshbuf.h"
  52 #include "ssherr.h"
  53
  54 /*
  55  * Portable OpenSSH PRNG seeding:
  56  * If OpenSSL has not "internally seeded" itself (e.g. pulled data from
  57  * /dev/random), then collect RANDOM_SEED_SIZE bytes of randomness from
  58  * PRNGd.
  59  */
  60 #ifndef OPENSSL_PRNG_ONLY
  61
  62 void
  63 rexec_send_rng_seed(struct sshbuf *m)
  64 {
  65         u_char buf[RANDOM_SEED_SIZE];
  66         size_t len = sizeof(buf);
  67         int r;
  68
  69         if (RAND_bytes(buf, sizeof(buf)) <= 0) {
  70                 error("Couldn't obtain random bytes (error %ld)",
  71                     ERR_get_error());
  72                 len = 0;
  73         }
  74         if ((r = sshbuf_put_string(m, buf, len)) != 0)
  75                 fatal("%s: buffer error: %s", __func__, ssh_err(r));
  76         explicit_bzero(buf, sizeof(buf));
  77 }
  78
  79 void
  80 rexec_recv_rng_seed(struct sshbuf *m)
  81 {
  82         const u_char *buf = NULL;
  83         size_t len = 0;
  84         int r;
  85
  86         if ((r = sshbuf_get_string_direct(m, &buf, &len)) != 0)
  87                 fatal("%s: buffer error: %s", __func__, ssh_err(r));
  88
  89         debug3("rexec_recv_rng_seed: seeding rng with %lu bytes",
  90             (unsigned long)len);
  91         RAND_add(buf, len, len);
  92 }
  93 #endif /* OPENSSL_PRNG_ONLY */
  94
  95 void
  96 seed_rng(void)
  97 {
  98         unsigned char buf[RANDOM_SEED_SIZE];
  99
 100         /* Initialise libcrypto */
 101         ssh_libcrypto_init();
 102
 103         if (!ssh_compatible_openssl(OPENSSL_VERSION_NUMBER,
 104             OpenSSL_version_num()))
 105                 fatal("OpenSSL version mismatch. Built against %lx, you "
 106                     "have %lx", (u_long)OPENSSL_VERSION_NUMBER,
 107                     OpenSSL_version_num());
 108
 109 #ifndef OPENSSL_PRNG_ONLY
 110         if (RAND_status() == 1)
 111                 debug3("RNG is ready, skipping seeding");
 112         else {
 113                 if (seed_from_prngd(buf, sizeof(buf)) == -1)
 114                         fatal("Could not obtain seed from PRNGd");
 115                 RAND_add(buf, sizeof(buf), sizeof(buf));
 116         }
 117 #endif /* OPENSSL_PRNG_ONLY */
 118
 119         if (RAND_status() != 1)
 120                 fatal("PRNG is not seeded");
 121
 122         /* Ensure arc4random() is primed */
 123         arc4random_buf(buf, sizeof(buf));
 124         explicit_bzero(buf, sizeof(buf));
 125 }
 126
 127 #else /* WITH_OPENSSL */
 128
 129 #include <stdlib.h>
 130 #include <string.h>
 131
 132 /* Actual initialisation is handled in arc4random() */
 133 void
 134 seed_rng(void)
 135 {
 136         unsigned char buf[RANDOM_SEED_SIZE];
 137
 138         /* Ensure arc4random() is primed */
 139         arc4random_buf(buf, sizeof(buf));
 140         explicit_bzero(buf, sizeof(buf));
 141 }
 142
 143 #endif /* WITH_OPENSSL */