changeset 347:381834084475 debug-unrandom

be sure not to include uninitialised buffers in the unrandom number generator
author Matt Johnston <matt@ucc.asn.au>
date Fri, 04 Aug 2006 17:37:45 +0000
parents ed24dfc44904
children cd14c94fe89c
files options.h random.c
diffstat 2 files changed, 3 insertions(+), 77 deletions(-) [+]
line wrap: on
line diff
--- a/options.h	Fri Aug 04 17:15:35 2006 +0000
+++ b/options.h	Fri Aug 04 17:37:45 2006 +0000
@@ -127,8 +127,8 @@
  * but there's an interface via a PAM module - don't bother using it otherwise.
  * You can't enable both PASSWORD and PAM. */
 
-/*#define ENABLE_SVR_PASSWORD_AUTH*/
-#define ENABLE_SVR_PAM_AUTH 
+#define ENABLE_SVR_PASSWORD_AUTH
+/*#define ENABLE_SVR_PAM_AUTH */
 #define ENABLE_SVR_PUBKEY_AUTH
 
 #define ENABLE_CLI_PASSWORD_AUTH
--- a/random.c	Fri Aug 04 17:15:35 2006 +0000
+++ b/random.c	Fri Aug 04 17:37:45 2006 +0000
@@ -38,86 +38,12 @@
 
 #define INIT_SEED_SIZE 32 /* 256 bits */
 
-static void readrand(unsigned char* buf, unsigned int buflen);
-
-/* The basic setup is we read some data from /dev/(u)random or prngd and hash it
- * into hashpool. To read data, we hash together current hashpool contents,
- * and a counter. We feed more data in by hashing the current pool and new
- * data into the pool.
- *
- * It is important to ensure that counter doesn't wrap around before we
- * feed in new entropy.
- *
- */
-
-static void readrand(unsigned char* buf, unsigned int buflen) {
-
-	static int already_blocked = 0;
-	int readfd;
-	unsigned int readpos;
-	int readlen;
-#ifdef DROPBEAR_PRNGD_SOCKET
-	struct sockaddr_un egdsock;
-	char egdcmd[2];
-#endif
-
-#ifdef DROPBEAR_RANDOM_DEV
-	readfd = open(DROPBEAR_RANDOM_DEV, O_RDONLY);
-	if (readfd < 0) {
-		dropbear_exit("couldn't open random device");
-	}
-#endif
-
-#ifdef DROPBEAR_PRNGD_SOCKET
-	memset((void*)&egdsock, 0x0, sizeof(egdsock));
-	egdsock.sun_family = AF_UNIX;
-	strlcpy(egdsock.sun_path, DROPBEAR_PRNGD_SOCKET,
-			sizeof(egdsock.sun_path));
-
-	readfd = socket(PF_UNIX, SOCK_STREAM, 0);
-	if (readfd < 0) {
-		dropbear_exit("couldn't open random device");
-	}
-	/* todo - try various common locations */
-	if (connect(readfd, (struct sockaddr*)&egdsock, 
-			sizeof(struct sockaddr_un)) < 0) {
-		dropbear_exit("couldn't open random device");
-	}
-
-	if (buflen > 255)
-		dropbear_exit("can't request more than 255 bytes from egd");
-	egdcmd[0] = 0x02;	/* blocking read */
-	egdcmd[1] = (unsigned char)buflen;
-	if (write(readfd, egdcmd, 2) < 0)
-		dropbear_exit("can't send command to egd");
-#endif
-
-	/* read the actual random data */
-
-	close (readfd);
-}
-
 /* initialise the prng from /dev/(u)random or prngd */
 void seedrandom() {
-		
-	unsigned char readbuf[INIT_SEED_SIZE];
-
-	hash_state hs;
 
 	/* initialise so that things won't warn about
 	 * hashing an undefined buffer */
-	if (!donerandinit) {
-		m_burn(hashpool, sizeof(hashpool));
-	}
-
-	/* get the seed data */
-	readrand(readbuf, sizeof(readbuf));
-
-	/* hash in the new seed data */
-	sha1_init(&hs);
-	sha1_process(&hs, (void*)hashpool, sizeof(hashpool));
-	sha1_process(&hs, (void*)readbuf, sizeof(readbuf));
-	sha1_done(&hs, hashpool);
+	m_burn(hashpool, sizeof(hashpool));
 
 	counter = 0;
 	donerandinit = 1;