Only read /dev/random once when the program starts

rather than for every connection, to "conserve entropy".

--HG--
extra : convert_revision : 21df240b71c0af8454725dec9abb428dd4bb97a2

1 files changed, 28 insertions, 3 deletions

diff --git a/random.c b/random.c
index d58c8a8..cbbe016 100644
--- a/random.c
+++ b/random.c
@@ -30,8 +30,8 @@
 static int donerandinit = 0;
 
 /* this is used to generate unique output from the same hashpool */
-static unsigned int counter = 0;
-#define MAX_COUNTER 1000000/* the max value for the counter, so it won't loop */
+static uint32_t counter = 0;
+#define MAX_COUNTER 1<<31 /* the max value for the counter, so it won't loop */
 
 static unsigned char hashpool[SHA1_HASH_SIZE];
 
@@ -132,7 +132,8 @@ void seedrandom() {
 
 	hash_state hs;
 
-	/* initialise so compilers will be happy about hashing it */
+	/* initialise so that things won't warn about
+     * hashing an undefined buffer */
 	if (!donerandinit) {
 		m_burn(hashpool, sizeof(hashpool));
 	}
@@ -150,6 +151,30 @@ void seedrandom() {
 	donerandinit = 1;
 }
 
+/* hash the current random pool with some unique identifiers
+ * for this process and point-in-time. this is used to separate
+ * the random pools for fork()ed processes. */
+void reseedrandom() {
+
+    pid_t pid;
+    struct timeval tv;
+
+	if (!donerandinit) {
+		dropbear_exit("seedrandom not done");
+	}
+
+    pid = getpid();
+    gettimeofday(&tv, NULL);
+
+	hash_state hs;
+	unsigned char hash[SHA1_HASH_SIZE];
+	sha1_init(&hs);
+	sha1_process(&hs, (void*)hashpool, sizeof(hashpool));
+	sha1_process(&hs, (void*)&pid, sizeof(pid));
+	sha1_process(&hs, (void*)&tv, sizeof(tv));
+	sha1_done(&hs, hashpool);
+}
+
 /* return len bytes of pseudo-random data */
 void genrandom(unsigned char* buf, unsigned int len) {