183d2307dSDag-Erling Smørgrav /*
283d2307dSDag-Erling Smørgrav * Copyright (c) 2001 Damien Miller. All rights reserved.
383d2307dSDag-Erling Smørgrav *
483d2307dSDag-Erling Smørgrav * Redistribution and use in source and binary forms, with or without
583d2307dSDag-Erling Smørgrav * modification, are permitted provided that the following conditions
683d2307dSDag-Erling Smørgrav * are met:
783d2307dSDag-Erling Smørgrav * 1. Redistributions of source code must retain the above copyright
883d2307dSDag-Erling Smørgrav * notice, this list of conditions and the following disclaimer.
983d2307dSDag-Erling Smørgrav * 2. Redistributions in binary form must reproduce the above copyright
1083d2307dSDag-Erling Smørgrav * notice, this list of conditions and the following disclaimer in the
1183d2307dSDag-Erling Smørgrav * documentation and/or other materials provided with the distribution.
1283d2307dSDag-Erling Smørgrav *
1383d2307dSDag-Erling Smørgrav * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
1483d2307dSDag-Erling Smørgrav * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
1583d2307dSDag-Erling Smørgrav * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
1683d2307dSDag-Erling Smørgrav * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
1783d2307dSDag-Erling Smørgrav * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
1883d2307dSDag-Erling Smørgrav * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
1983d2307dSDag-Erling Smørgrav * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
2083d2307dSDag-Erling Smørgrav * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
2183d2307dSDag-Erling Smørgrav * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
2283d2307dSDag-Erling Smørgrav * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
2383d2307dSDag-Erling Smørgrav */
2483d2307dSDag-Erling Smørgrav
2583d2307dSDag-Erling Smørgrav #include "includes.h"
2683d2307dSDag-Erling Smørgrav
27*19261079SEd Maste #define RANDOM_SEED_SIZE 48
28*19261079SEd Maste
29bc5531deSDag-Erling Smørgrav #ifdef WITH_OPENSSL
30bc5531deSDag-Erling Smørgrav
31761efaa7SDag-Erling Smørgrav #include <sys/types.h>
32e146993eSDag-Erling Smørgrav
33e146993eSDag-Erling Smørgrav #include <errno.h>
3492eb0aa1SDag-Erling Smørgrav #include <signal.h>
35*19261079SEd Maste #include <stdlib.h>
36e146993eSDag-Erling Smørgrav #include <string.h>
37d4af9e69SDag-Erling Smørgrav #include <unistd.h>
38761efaa7SDag-Erling Smørgrav
3983d2307dSDag-Erling Smørgrav #include <openssl/rand.h>
4083d2307dSDag-Erling Smørgrav #include <openssl/crypto.h>
41021d409fSDag-Erling Smørgrav #include <openssl/err.h>
4283d2307dSDag-Erling Smørgrav
43a0ee8cc6SDag-Erling Smørgrav #include "openbsd-compat/openssl-compat.h"
44a0ee8cc6SDag-Erling Smørgrav
4583d2307dSDag-Erling Smørgrav #include "ssh.h"
4683d2307dSDag-Erling Smørgrav #include "misc.h"
4783d2307dSDag-Erling Smørgrav #include "xmalloc.h"
4883d2307dSDag-Erling Smørgrav #include "atomicio.h"
4983d2307dSDag-Erling Smørgrav #include "pathnames.h"
5083d2307dSDag-Erling Smørgrav #include "log.h"
51190cef3dSDag-Erling Smørgrav #include "sshbuf.h"
52190cef3dSDag-Erling Smørgrav #include "ssherr.h"
5383d2307dSDag-Erling Smørgrav
5483d2307dSDag-Erling Smørgrav /*
5583d2307dSDag-Erling Smørgrav * Portable OpenSSH PRNG seeding:
5683d2307dSDag-Erling Smørgrav * If OpenSSL has not "internally seeded" itself (e.g. pulled data from
57e146993eSDag-Erling Smørgrav * /dev/random), then collect RANDOM_SEED_SIZE bytes of randomness from
58e146993eSDag-Erling Smørgrav * PRNGd.
5983d2307dSDag-Erling Smørgrav */
60e146993eSDag-Erling Smørgrav
61e146993eSDag-Erling Smørgrav void
seed_rng(void)62e146993eSDag-Erling Smørgrav seed_rng(void)
63e146993eSDag-Erling Smørgrav {
64e146993eSDag-Erling Smørgrav unsigned char buf[RANDOM_SEED_SIZE];
65*19261079SEd Maste
66*19261079SEd Maste /* Initialise libcrypto */
67*19261079SEd Maste ssh_libcrypto_init();
68*19261079SEd Maste
69*19261079SEd Maste if (!ssh_compatible_openssl(OPENSSL_VERSION_NUMBER,
70*19261079SEd Maste OpenSSL_version_num()))
71e146993eSDag-Erling Smørgrav fatal("OpenSSL version mismatch. Built against %lx, you "
72*19261079SEd Maste "have %lx", (u_long)OPENSSL_VERSION_NUMBER,
73*19261079SEd Maste OpenSSL_version_num());
74e146993eSDag-Erling Smørgrav
75e146993eSDag-Erling Smørgrav #ifndef OPENSSL_PRNG_ONLY
76*19261079SEd Maste if (RAND_status() == 1)
77e146993eSDag-Erling Smørgrav debug3("RNG is ready, skipping seeding");
78*19261079SEd Maste else {
79e146993eSDag-Erling Smørgrav if (seed_from_prngd(buf, sizeof(buf)) == -1)
80e146993eSDag-Erling Smørgrav fatal("Could not obtain seed from PRNGd");
81e146993eSDag-Erling Smørgrav RAND_add(buf, sizeof(buf), sizeof(buf));
82*19261079SEd Maste }
83e146993eSDag-Erling Smørgrav #endif /* OPENSSL_PRNG_ONLY */
84*19261079SEd Maste
85e146993eSDag-Erling Smørgrav if (RAND_status() != 1)
86e146993eSDag-Erling Smørgrav fatal("PRNG is not seeded");
87*19261079SEd Maste
88*19261079SEd Maste /* Ensure arc4random() is primed */
89*19261079SEd Maste arc4random_buf(buf, sizeof(buf));
90*19261079SEd Maste explicit_bzero(buf, sizeof(buf));
91e146993eSDag-Erling Smørgrav }
92bc5531deSDag-Erling Smørgrav
93bc5531deSDag-Erling Smørgrav #else /* WITH_OPENSSL */
94bc5531deSDag-Erling Smørgrav
95*19261079SEd Maste #include <stdlib.h>
96*19261079SEd Maste #include <string.h>
97*19261079SEd Maste
98*19261079SEd Maste /* Actual initialisation is handled in arc4random() */
99bc5531deSDag-Erling Smørgrav void
seed_rng(void)100bc5531deSDag-Erling Smørgrav seed_rng(void)
101bc5531deSDag-Erling Smørgrav {
102*19261079SEd Maste unsigned char buf[RANDOM_SEED_SIZE];
103*19261079SEd Maste
104*19261079SEd Maste /* Ensure arc4random() is primed */
105*19261079SEd Maste arc4random_buf(buf, sizeof(buf));
106*19261079SEd Maste explicit_bzero(buf, sizeof(buf));
107bc5531deSDag-Erling Smørgrav }
108bc5531deSDag-Erling Smørgrav
109bc5531deSDag-Erling Smørgrav #endif /* WITH_OPENSSL */
110