Factor out RNG reseeding in to a single function.

sshd and sshd-session both reseed the RNG after a fork.  Move the
existing reseed_prngs() function into entropy.c and use for both.
Clean up entropy.h too.  ok djm@

Author: daztucker

entropy.c

@@ -108,3 +108,24 @@ seed_rng(void)
 }
 
 #endif /* WITH_OPENSSL */
+
+void
+reseed_prngs(void)
+{
+	u_int32_t rnd[256];
+
+#ifdef WITH_OPENSSL
+	RAND_poll();
+#endif
+	arc4random_stir(); /* noop on recent arc4random() implementations */
+	arc4random_buf(rnd, sizeof(rnd)); /* let arc4random notice PID change */
+
+#ifdef WITH_OPENSSL
+	RAND_seed(rnd, sizeof(rnd));
+	/* give libcrypto a chance to notice the PID change */
+	if ((RAND_bytes((u_char *)rnd, 1)) != 1)
+		fatal_f("RAND_bytes failed");
+#endif
+
+	explicit_bzero(rnd, sizeof(rnd));
+}

entropy.h

@@ -22,13 +22,12 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-#ifndef _RANDOMS_H
-#define _RANDOMS_H
+#ifndef _ENTROPY_H
+#define _ENTROPY_H
 
 struct sshbuf;
 
 void seed_rng(void);
-void rexec_send_rng_seed(struct sshbuf *);
-void rexec_recv_rng_seed(struct sshbuf *);
+void reseed_prngs(void);
 
-#endif /* _RANDOMS_H */
+#endif /* _ENTROPY_H */

sshd-session.c

@@ -262,27 +262,6 @@ demote_sensitive_data(void)
 	}
 }
 
-static void
-reseed_prngs(void)
-{
-	u_int32_t rnd[256];
-
-#ifdef WITH_OPENSSL
-	RAND_poll();
-#endif
-	arc4random_stir(); /* noop on recent arc4random() implementations */
-	arc4random_buf(rnd, sizeof(rnd)); /* let arc4random notice PID change */
-
-#ifdef WITH_OPENSSL
-	RAND_seed(rnd, sizeof(rnd));
-	/* give libcrypto a chance to notice the PID change */
-	if ((RAND_bytes((u_char *)rnd, 1)) != 1)
-		fatal_f("RAND_bytes failed");
-#endif
-
-	explicit_bzero(rnd, sizeof(rnd));
-}
-
 struct sshbuf *
 pack_hostkeys(void)
 {

sshd.c

@@ -922,7 +922,6 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s,
 	struct early_child *child;
 	struct sshbuf *buf;
 	socklen_t fromlen;
-	u_char rnd[256];
 	sigset_t nsigset, osigset;
 
 	/* pipes connected to unauthenticated child sshd processes */
@@ -1219,14 +1218,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s,
 			 * Ensure that our random state differs
 			 * from that of the child
 			 */
-			arc4random_stir();
-			arc4random_buf(rnd, sizeof(rnd));
-#ifdef WITH_OPENSSL
-			RAND_seed(rnd, sizeof(rnd));
-			if ((RAND_bytes((u_char *)rnd, 1)) != 1)
-				fatal_f("RAND_bytes failed");
-#endif
-			explicit_bzero(rnd, sizeof(rnd));
+			reseed_prngs();
 		}
 	}
 }