- (djm) Mention PRNGd in documentation, it is nicer than EGD

- (djm) Automatically search for "well-known" EGD/PRNGd sockets in autoconf
author: Damien Miller <djm@mindrot.org> 2001-01-25 10:51:46 +1100
committer: Damien Miller <djm@mindrot.org> 2001-01-25 10:51:46 +1100
commit: 0736c4df83628dcac567d94a73726771706f978e (patch)
tree: 70c201775f291e2a06eb4f482ff042fb39e9f988
parent: 2a5c1cede026faec14b0903a0cdcc4e7ef554e32 (diff)
5 files changed, 47 insertions, 18 deletions
diff --git a/ChangeLog b/ChangeLog
index eafed7e0..71f8b27b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -9,6 +9,8 @@
      [bindresvport.c]
      in bindresvport(), if sin is non-NULL, example sin->sin_family for 
      the actual family being processed
+ - (djm) Mention PRNGd in documentation, it is nicer than EGD
+ - (djm) Automatically search for "well-known" EGD/PRNGd sockets in autoconf
 
 20010124
  - (bal) OpenBSD Resync
diff --git a/INSTALL b/INSTALL
index c1a7eb16..797b7835 100644
--- a/INSTALL
+++ b/INSTALL
@@ -29,10 +29,18 @@ passphrase requester. This is maintained separately at:
 
 http://www.ntrnet.net/~jmknoble/software/x11-ssh-askpass/index.html
 
+PRNGD:
+
+If your system lacks Kernel based random collection, the use of Lutz 
+Jaenicke's PRNGd is recommended.
+
+http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html
+
+EGD:
+
 The Entropy Gathering Daemon (EGD) is supported if you have a system which
 lacks /dev/random and don't want to use OpenSSH's internal entropy collection.
 
-EGD:
 http://www.lothar.com/tech/crypto/
 
 GNU Make:
@@ -110,10 +118,10 @@ headers, for this to work.
 random numbers (the default is /dev/urandom). Unless you are absolutely
 sure of what you are doing, it is best to leave this alone.
 
---with-egd-pool=/some/file allows you to enable Entropy Gathering
-Daemon support and to specify a EGD pool socket. Use this if your
-Unix lacks /dev/random and you don't want to use OpenSSH's builtin
-entropy collection support.
+--with-egd-pool=/some/file allows you to enable EGD or PRNGD support 
+and to specify a EGD pool socket. Use this if your Unix lacks 
+/dev/random and you don't want to use OpenSSH's builtin entropy 
+collection support.
 
 --with-lastlog=FILE will specify the location of the lastlog file. 
 ./configure searches a few locations for lastlog, but may not find
diff --git a/README b/README
index b832652e..46761772 100644
--- a/README
+++ b/README
@@ -14,8 +14,8 @@ Markus Friedl, Niels Provos, Theo de Raadt, and Dug Song. It has a
 homepage at http://www.openssh.com/
 
 This port consists of the re-introduction of autoconf support, PAM
-support (for Linux and Solaris), EGD[1] support and replacements for 
-OpenBSD library functions that are (regrettably) absent from other 
+support (for Linux and Solaris), EGD[1]/PRNGD[2] support and replacements 
+for OpenBSD library functions that are (regrettably) absent from other 
 unices. This port has been best tested on Linux, Solaris, HPUX, NetBSD 
 and Irix. Support for AIX, SCO, NeXT and other Unices is underway. 
 This version actively tracks changes in the OpenBSD CVS repository.
@@ -24,7 +24,7 @@ The PAM support is now more functional than the popular packages of
 commercial ssh-1.2.x. It checks "account" and "session" modules for
 all logins, not just when using password authentication.
 
-OpenSSH depends on Zlib[2], OpenSSL[3] and optionally PAM[4].
+OpenSSH depends on Zlib[3], OpenSSL[4] and optionally PAM[5].
 
 There is now several mailing lists for this port of OpenSSH. Please
 refer to http://www.openssh.com/list.html for details on how to join.
@@ -37,11 +37,11 @@ If you are a citizen of the USA or another country which restricts
 export of cryptographic products, then please refrain from sending 
 crypto-related code or patches to the list. We cannot accept them.
 Other code contribution are accepted, but please follow the OpenBSD
-style guidelines[5].
+style guidelines[6].
 
 Please refer to the INSTALL document for information on how to install
 OpenSSH on your system. There are a number of differences between this 
-port of OpenSSH and F-Secure SSH 1.x, please refer to the OpenSSH FAQ[6]
+port of OpenSSH and F-Secure SSH 1.x, please refer to the OpenSSH FAQ[7]
 for details and general tips.
 
 Damien Miller <djm@mindrot.org>
@@ -56,8 +56,9 @@ References -
 
 [0] http://www.openssh.com/faq.html
 [1] http://www.lothar.com/tech/crypto/
-[2] ftp://ftp.freesoftware.com/pub/infozip/zlib/
-[3] http://www.openssl.org/
-[4] http://www.kernel.org/pub/linux/libs/pam/ (PAM is standard on Solaris)
-[5] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9&apropos=0&manpath=OpenBSD+Current
-[6] http://www.openssh.com/faq.html
+[2] http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html
+[3] ftp://ftp.freesoftware.com/pub/infozip/zlib/
+[4] http://www.openssl.org/
+[5] http://www.kernel.org/pub/linux/libs/pam/ (PAM is standard on Solaris)
+[6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9
+[7] http://www.openssh.com/faq.html
diff --git a/WARNING.RNG b/WARNING.RNG
index 21f4901c..44e606d5 100644
--- a/WARNING.RNG
+++ b/WARNING.RNG
@@ -16,6 +16,8 @@ key and impersonate you or your hosts.
 
 If you are using the builtin random number support (configure will
 tell you if this is the case), then read this document in its entirety.
+Alternately, you can use Lutz Jaenicke's PRNGd - a small daemon which
+collects random numbers and makes them available by a socket.
 
 Please also request that your OS vendor provides a kernel-based random
 number collector (/dev/random) in future versions of your operating
diff --git a/configure.in b/configure.in
index f217e5ae..798e327b 100644
--- a/configure.in
+++ b/configure.in
@@ -1043,7 +1043,7 @@ AC_CHECK_FILE("/dev/ptc",
 
 # Check for user-specified random device, otherwise check /dev/urandom
 AC_ARG_WITH(random,
-	[  --with-random=FILE      read randomness from FILE (default=/dev/urandom)],
+	[  --with-random=FILE      read entropy from FILE (default=/dev/urandom)],
 	[
 		if test "x$withval" != "xno" ; then
 			RANDOM_POOL="$withval";
@@ -1064,15 +1064,31 @@ AC_ARG_WITH(random,
 
 # Check for EGD pool file
 AC_ARG_WITH(egd-pool,
-	[  --with-egd-pool=FILE    read randomness from EGD pool FILE (default none)],
+	[  --with-egd-pool=FILE    read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
 	[
 		if test "x$withval" != "xno" ; then
 			EGD_SOCKET="$withval";
 			AC_DEFINE_UNQUOTED(EGD_SOCKET, "$EGD_SOCKET")
 		fi
+	],
+	[
+		# Check for existing socket only if we don't have a random device already
+		if test -z "$RANDOM_POOL" ; then
+			AC_MSG_CHECKING(for PRNGD/EGD socket)
+			# Insert other locations here
+			for egdsock in /var/run/egd-pool /etc/entropy ; do
+				if test -S $egdsock ; then
+					EGD_SOCKET="$egdsock"
+					AC_DEFINE_UNQUOTED(EGD_SOCKET, "$EGD_SOCKET")
+					AC_MSG_RESULT($egdsock)
+					break;
+				fi
+			done
+		fi
 	]
 )
 
+
 # detect pathnames for entropy gathering commands, if we need them
 INSTALL_SSH_PRNG_CMDS=""
 rm -f prng_commands
@@ -1629,7 +1645,7 @@ if test ! -z "$RANDOM_POOL" ; then
 	RAND_MSG="Device ($RANDOM_POOL)"
 else
 	if test ! -z "$EGD_SOCKET" ; then
-		RAND_MSG="EGD ($EGD_SOCKET)"
+		RAND_MSG="EGD/PRNGD ($EGD_SOCKET)"
 	else
 		RAND_MSG="Builtin (timeout $entropy_timeout)"
 		BUILTIN_RNG=1
author	Damien Miller <djm@mindrot.org>	2001-01-25 10:51:46 +1100
committer	Damien Miller <djm@mindrot.org>	2001-01-25 10:51:46 +1100
commit	0736c4df83628dcac567d94a73726771706f978e (patch)
tree	70c201775f291e2a06eb4f482ff042fb39e9f988
parent	2a5c1cede026faec14b0903a0cdcc4e7ef554e32 (diff)