Mercurial > dropbear
comparison random.c @ 694:c85bb68e1db6
add loadavg and entropy_avail as sources
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Sat, 23 Feb 2013 10:27:49 +0800 |
| parents | c3de235d9506 |
| children | 5f2d16d3e598 |
comparison
equal
deleted
inserted
replaced
| 692:c58a15983808 | 694:c85bb68e1db6 |
|---|---|
| 71 if (readfd < 0) { | 71 if (readfd < 0) { |
| 72 goto out; | 72 goto out; |
| 73 } | 73 } |
| 74 | 74 |
| 75 readcount = 0; | 75 readcount = 0; |
| 76 while (readcount < len) | 76 while (len == 0 || readcount < len) |
| 77 { | 77 { |
| 78 int readlen, wantread; | 78 int readlen, wantread; |
| 79 unsigned char readbuf[128]; | 79 unsigned char readbuf[2048]; |
| 80 if (!already_blocked) | 80 if (!already_blocked) |
| 81 { | 81 { |
| 82 int ret; | 82 int ret; |
| 83 struct timeval timeout = { .tv_sec = 2, .tv_usec = 0}; | 83 struct timeval timeout = { .tv_sec = 2, .tv_usec = 0}; |
| 84 fd_set read_fds; | 84 fd_set read_fds; |
| 91 dropbear_log(LOG_WARNING, "Warning: Reading the randomness source '%s' seems to have blocked.\nYou may need to find a better entropy source.", filename); | 91 dropbear_log(LOG_WARNING, "Warning: Reading the randomness source '%s' seems to have blocked.\nYou may need to find a better entropy source.", filename); |
| 92 already_blocked = 1; | 92 already_blocked = 1; |
| 93 } | 93 } |
| 94 } | 94 } |
| 95 | 95 |
| 96 wantread = MIN(sizeof(readbuf), len-readcount); | 96 if (len == 0) |
| 97 { | |
| 98 wantread = sizeof(readbuf); | |
| 99 } | |
| 100 else | |
| 101 { | |
| 102 wantread = MIN(sizeof(readbuf), len-readcount); | |
| 103 } | |
| 97 | 104 |
| 98 #ifdef DROPBEAR_PRNGD_SOCKET | 105 #ifdef DROPBEAR_PRNGD_SOCKET |
| 99 if (prngd) | 106 if (prngd) |
| 100 { | 107 { |
| 101 char egdcmd[2]; | 108 char egdcmd[2]; |
| 183 dropbear_exit("Failure reading random device %s", | 190 dropbear_exit("Failure reading random device %s", |
| 184 DROPBEAR_URANDOM_DEV); | 191 DROPBEAR_URANDOM_DEV); |
| 185 } | 192 } |
| 186 #endif | 193 #endif |
| 187 | 194 |
| 188 /* A few other sources to fall back on. Add more here for other platforms */ | 195 /* A few other sources to fall back on. |
| 196 * Add more here for other platforms */ | |
| 189 #ifdef __linux__ | 197 #ifdef __linux__ |
| 190 /* Seems to be a reasonable source of entropy from timers. Possibly hard | 198 /* Seems to be a reasonable source of entropy from timers. Possibly hard |
| 191 * for even local attackers to reproduce */ | 199 * for even local attackers to reproduce */ |
| 192 process_file(&hs, "/proc/timer_list", 0, 0); | 200 process_file(&hs, "/proc/timer_list", 0, 0); |
| 193 /* Might help on systems with wireless */ | 201 /* Might help on systems with wireless */ |
| 194 process_file(&hs, "/proc/interrupts", 0, 0); | 202 process_file(&hs, "/proc/interrupts", 0, 0); |
| 195 | 203 |
| 204 process_file(&hs, "/proc/loadavg", 0, 0); | |
| 205 process_file(&hs, "/proc/sys/kernel/random/entropy_avail", 0, 0); | |
| 206 | |
| 196 /* Mostly network visible but useful in some situations */ | 207 /* Mostly network visible but useful in some situations */ |
| 197 process_file(&hs, "/proc/net/netstat", 0, 0); | 208 process_file(&hs, "/proc/net/netstat", 0, 0); |
| 198 process_file(&hs, "/proc/net/dev", 0, 0); | 209 process_file(&hs, "/proc/net/dev", 0, 0); |
| 199 process_file(&hs, "/proc/net/tcp", 0, 0); | 210 process_file(&hs, "/proc/net/tcp", 0, 0); |
| 200 /* Also includes interface lo */ | 211 /* Also includes interface lo */ |