]>
Commit | Line | Data |
---|---|---|
43c69e28 SS |
1 | diff -up openssh-6.0p1/entropy.c.entropy openssh-6.0p1/entropy.c |
2 | --- openssh-6.0p1/entropy.c.entropy 2012-08-06 20:51:59.131033413 +0200 | |
3 | +++ openssh-6.0p1/entropy.c 2012-08-06 20:51:59.171033257 +0200 | |
4 | @@ -237,6 +237,9 @@ seed_rng(void) | |
9d8fd3ad SS |
5 | memset(buf, '\0', sizeof(buf)); |
6 | ||
7 | #endif /* OPENSSL_PRNG_ONLY */ | |
8 | +#ifdef __linux__ | |
9 | + linux_seed(); | |
10 | +#endif /* __linux__ */ | |
11 | if (RAND_status() != 1) | |
12 | fatal("PRNG is not seeded"); | |
13 | } | |
43c69e28 SS |
14 | diff -up openssh-6.0p1/openbsd-compat/Makefile.in.entropy openssh-6.0p1/openbsd-compat/Makefile.in |
15 | --- openssh-6.0p1/openbsd-compat/Makefile.in.entropy 2012-08-06 20:51:59.100033534 +0200 | |
16 | +++ openssh-6.0p1/openbsd-compat/Makefile.in 2012-08-06 20:51:59.171033257 +0200 | |
9d8fd3ad SS |
17 | @@ -20,7 +20,7 @@ OPENBSD=base64.o basename.o bindresvport |
18 | ||
43c69e28 | 19 | COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o |
9d8fd3ad SS |
20 | |
21 | -PORTS=port-aix.o port-irix.o port-linux.o port-linux_part_2.o port-solaris.o port-tun.o port-uw.o | |
22 | +PORTS=port-aix.o port-irix.o port-linux.o port-linux_part_2.o port-linux-prng.o port-solaris.o port-tun.o port-uw.o | |
23 | ||
24 | .c.o: | |
25 | $(CC) $(CFLAGS) $(CPPFLAGS) -c $< | |
43c69e28 SS |
26 | diff -up openssh-6.0p1/openbsd-compat/port-linux-prng.c.entropy openssh-6.0p1/openbsd-compat/port-linux-prng.c |
27 | --- openssh-6.0p1/openbsd-compat/port-linux-prng.c.entropy 2012-08-06 20:51:59.171033257 +0200 | |
28 | +++ openssh-6.0p1/openbsd-compat/port-linux-prng.c 2012-08-06 20:51:59.171033257 +0200 | |
9d8fd3ad SS |
29 | @@ -0,0 +1,59 @@ |
30 | +/* $Id: port-linux.c,v 1.11.4.2 2011/02/04 00:43:08 djm Exp $ */ | |
31 | + | |
32 | +/* | |
33 | + * Copyright (c) 2011 Jan F. Chadima <jchadima@redhat.com> | |
34 | + * | |
35 | + * Permission to use, copy, modify, and distribute this software for any | |
36 | + * purpose with or without fee is hereby granted, provided that the above | |
37 | + * copyright notice and this permission notice appear in all copies. | |
38 | + * | |
39 | + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | |
40 | + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | |
41 | + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | |
42 | + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | |
43 | + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | |
44 | + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | |
45 | + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | |
46 | + */ | |
47 | + | |
48 | +/* | |
49 | + * Linux-specific portability code - prng support | |
50 | + */ | |
51 | + | |
52 | +#include "includes.h" | |
53 | + | |
54 | +#include <errno.h> | |
55 | +#include <stdarg.h> | |
56 | +#include <string.h> | |
57 | +#include <stdio.h> | |
58 | +#include <openssl/rand.h> | |
59 | + | |
60 | +#include "log.h" | |
61 | +#include "xmalloc.h" | |
62 | +#include "servconf.h" | |
63 | +#include "port-linux.h" | |
64 | +#include "key.h" | |
65 | +#include "hostfile.h" | |
66 | +#include "auth.h" | |
67 | + | |
68 | +void | |
69 | +linux_seed(void) | |
70 | +{ | |
71 | + int len; | |
72 | + char *env = getenv("SSH_USE_STRONG_RNG"); | |
73 | + char *random = "/dev/random"; | |
74 | + size_t ienv, randlen = 6; | |
75 | + | |
76 | + if (!env || !strcmp(env, "0")) | |
77 | + random = "/dev/urandom"; | |
78 | + else if ((ienv = atoi(env)) > 6) | |
79 | + randlen = ienv; | |
80 | + | |
81 | + errno = 0; | |
82 | + if ((len = RAND_load_file(random, randlen)) != randlen) { | |
83 | + if (errno) | |
84 | + fatal ("cannot read from %s, %s", random, strerror(errno)); | |
85 | + else | |
86 | + fatal ("EOF reading %s", random); | |
87 | + } | |
88 | +} | |
43c69e28 SS |
89 | diff -up openssh-6.0p1/ssh.1.entropy openssh-6.0p1/ssh.1 |
90 | --- openssh-6.0p1/ssh.1.entropy 2012-08-06 20:51:59.139033382 +0200 | |
91 | +++ openssh-6.0p1/ssh.1 2012-08-06 20:51:59.174033245 +0200 | |
92 | @@ -1269,6 +1269,23 @@ For more information, see the | |
93 | .Cm PermitUserEnvironment | |
94 | option in | |
95 | .Xr sshd_config 5 . | |
96 | +.Sh ENVIRONMENT | |
97 | +.Bl -tag -width Ds -compact | |
9d8fd3ad SS |
98 | +.It Ev SSH_USE_STRONG_RNG |
99 | +The reseeding of the OpenSSL random generator is usually done from | |
100 | +.Cm /dev/urandom . | |
101 | +If the | |
102 | +.Cm SSH_USE_STRONG_RNG | |
103 | +environment variable is set to value other than | |
104 | +.Cm 0 | |
105 | +the OpenSSL random generator is reseeded from | |
106 | +.Cm /dev/random . | |
107 | +The number of bytes read is defined by the SSH_USE_STRONG_RNG value. | |
108 | +Minimum is 6 bytes. | |
109 | +This setting is not recommended on the computers without the hardware | |
110 | +random generator because insufficient entropy causes the connection to | |
111 | +be blocked until enough entropy is available. | |
43c69e28 | 112 | +.El |
9d8fd3ad | 113 | .Sh FILES |
43c69e28 SS |
114 | .Bl -tag -width Ds -compact |
115 | .It Pa ~/.rhosts | |
116 | diff -up openssh-6.1p1/ssh-add.0.entropy openssh-6.1p1/ssh-add.0 | |
117 | --- openssh-6.1p1/ssh-add.0.entropy 2012-11-12 13:11:42.717393364 +0100 | |
118 | +++ openssh-6.1p1/ssh-add.0 2012-11-12 13:12:46.288108790 +0100 | |
119 | @@ -81,6 +81,16 @@ ENVIRONMENT | |
120 | Identifies the path of a UNIX-domain socket used to communicate | |
121 | with the agent. | |
122 | ||
123 | + SSH_USE_STRONG_RNG | |
124 | + The reseeding of the OpenSSL random generator is usually done | |
125 | + from /dev/urandom. If the SSH_USE_STRONG_RNG environment vari- | |
126 | + able is set to value other than 0 the OpenSSL random generator is | |
127 | + reseeded from /dev/random. The number of bytes read is defined | |
128 | + by the SSH_USE_STRONG_RNG value. Minimum is 6 bytes. This set- | |
129 | + ting is not recommended on the computers without the hardware | |
130 | + random generator because insufficient entropy causes the connec- | |
131 | + tion to be blocked until enough entropy is available. | |
132 | + | |
133 | FILES | |
134 | ~/.ssh/identity | |
135 | Contains the protocol version 1 RSA authentication identity of | |
136 | diff -up openssh-6.1p1/ssh-add.1.entropy openssh-6.1p1/ssh-add.1 | |
137 | --- openssh-6.1p1/ssh-add.1.entropy 2011-10-18 07:06:33.000000000 +0200 | |
138 | +++ openssh-6.1p1/ssh-add.1 2012-11-12 13:11:24.711476108 +0100 | |
139 | @@ -160,6 +160,20 @@ to make this work.) | |
140 | Identifies the path of a | |
141 | .Ux Ns -domain | |
142 | socket used to communicate with the agent. | |
143 | +.It Ev SSH_USE_STRONG_RNG | |
9d8fd3ad SS |
144 | +The reseeding of the OpenSSL random generator is usually done from |
145 | +.Cm /dev/urandom . | |
146 | +If the | |
147 | +.Cm SSH_USE_STRONG_RNG | |
148 | +environment variable is set to value other than | |
149 | +.Cm 0 | |
150 | +the OpenSSL random generator is reseeded from | |
151 | +.Cm /dev/random . | |
152 | +The number of bytes read is defined by the SSH_USE_STRONG_RNG value. | |
153 | +Minimum is 6 bytes. | |
154 | +This setting is not recommended on the computers without the hardware | |
155 | +random generator because insufficient entropy causes the connection to | |
156 | +be blocked until enough entropy is available. | |
43c69e28 SS |
157 | .El |
158 | .Sh FILES | |
159 | .Bl -tag -width Ds | |
160 | .It Pa ~/.ssh/identity | |
161 | diff -up openssh-6.0p1/ssh-agent.1.entropy openssh-6.0p1/ssh-agent.1 | |
162 | --- openssh-6.0p1/ssh-agent.1.entropy 2010-12-01 01:50:35.000000000 +0100 | |
163 | +++ openssh-6.0p1/ssh-agent.1 2012-08-06 20:51:59.172033253 +0200 | |
164 | @@ -198,6 +198,24 @@ sockets used to contain the connection t | |
165 | These sockets should only be readable by the owner. | |
166 | The sockets should get automatically removed when the agent exits. | |
9d8fd3ad SS |
167 | .El |
168 | +.Sh ENVIRONMENT | |
169 | +.Bl -tag -width Ds -compact | |
170 | +.Pp | |
171 | +.It Pa SSH_USE_STRONG_RNG | |
172 | +The reseeding of the OpenSSL random generator is usually done from | |
173 | +.Cm /dev/urandom . | |
174 | +If the | |
175 | +.Cm SSH_USE_STRONG_RNG | |
176 | +environment variable is set to value other than | |
177 | +.Cm 0 | |
178 | +the OpenSSL random generator is reseeded from | |
179 | +.Cm /dev/random . | |
180 | +The number of bytes read is defined by the SSH_USE_STRONG_RNG value. | |
181 | +Minimum is 6 bytes. | |
182 | +This setting is not recommended on the computers without the hardware | |
183 | +random generator because insufficient entropy causes the connection to | |
184 | +be blocked until enough entropy is available. | |
185 | +.El | |
186 | .Sh SEE ALSO | |
187 | .Xr ssh 1 , | |
188 | .Xr ssh-add 1 , | |
43c69e28 SS |
189 | diff -up openssh-6.0p1/sshd.8.entropy openssh-6.0p1/sshd.8 |
190 | --- openssh-6.0p1/sshd.8.entropy 2012-08-06 20:51:59.139033382 +0200 | |
191 | +++ openssh-6.0p1/sshd.8 2012-08-06 20:51:59.174033245 +0200 | |
192 | @@ -943,6 +943,24 @@ concurrently for different ports, this c | |
193 | started last). | |
194 | The content of this file is not sensitive; it can be world-readable. | |
9d8fd3ad SS |
195 | .El |
196 | +.Sh ENVIRONMENT | |
197 | +.Bl -tag -width Ds -compact | |
198 | +.Pp | |
199 | +.It Pa SSH_USE_STRONG_RNG | |
200 | +The reseeding of the OpenSSL random generator is usually done from | |
201 | +.Cm /dev/urandom . | |
202 | +If the | |
203 | +.Cm SSH_USE_STRONG_RNG | |
204 | +environment variable is set to value other than | |
205 | +.Cm 0 | |
206 | +the OpenSSL random generator is reseeded from | |
207 | +.Cm /dev/random . | |
208 | +The number of bytes read is defined by the SSH_USE_STRONG_RNG value. | |
209 | +Minimum is 6 bytes. | |
210 | +This setting is not recommended on the computers without the hardware | |
211 | +random generator because insufficient entropy causes the connection to | |
212 | +be blocked until enough entropy is available. | |
213 | +.El | |
43c69e28 SS |
214 | .Sh IPV6 |
215 | IPv6 address can be used everywhere where IPv4 address. In all entries must be the IPv6 address enclosed in square brackets. Note: The square brackets are metacharacters for the shell and must be escaped in shell. | |
9d8fd3ad | 216 | .Sh SEE ALSO |
43c69e28 SS |
217 | diff -up openssh-6.0p1/ssh-keygen.1.entropy openssh-6.0p1/ssh-keygen.1 |
218 | --- openssh-6.0p1/ssh-keygen.1.entropy 2011-10-18 07:05:21.000000000 +0200 | |
219 | +++ openssh-6.0p1/ssh-keygen.1 2012-08-06 20:51:59.173033249 +0200 | |
220 | @@ -675,6 +675,24 @@ Contains Diffie-Hellman groups used for | |
221 | The file format is described in | |
222 | .Xr moduli 5 . | |
223 | .El | |
9d8fd3ad SS |
224 | +.Sh ENVIRONMENT |
225 | +.Bl -tag -width Ds -compact | |
43c69e28 SS |
226 | +.Pp |
227 | +.It Pa SSH_USE_STRONG_RNG | |
9d8fd3ad SS |
228 | +The reseeding of the OpenSSL random generator is usually done from |
229 | +.Cm /dev/urandom . | |
230 | +If the | |
231 | +.Cm SSH_USE_STRONG_RNG | |
232 | +environment variable is set to value other than | |
233 | +.Cm 0 | |
234 | +the OpenSSL random generator is reseeded from | |
235 | +.Cm /dev/random . | |
236 | +The number of bytes read is defined by the SSH_USE_STRONG_RNG value. | |
237 | +Minimum is 6 bytes. | |
238 | +This setting is not recommended on the computers without the hardware | |
239 | +random generator because insufficient entropy causes the connection to | |
240 | +be blocked until enough entropy is available. | |
241 | +.El | |
43c69e28 SS |
242 | .Sh SEE ALSO |
243 | .Xr ssh 1 , | |
244 | .Xr ssh-add 1 , | |
245 | diff -up openssh-6.0p1/ssh-keysign.8.entropy openssh-6.0p1/ssh-keysign.8 | |
246 | --- openssh-6.0p1/ssh-keysign.8.entropy 2010-08-31 14:41:14.000000000 +0200 | |
247 | +++ openssh-6.0p1/ssh-keysign.8 2012-08-06 20:51:59.173033249 +0200 | |
248 | @@ -78,6 +78,24 @@ must be set-uid root if host-based authe | |
249 | If these files exist they are assumed to contain public certificate | |
250 | information corresponding with the private keys above. | |
9d8fd3ad SS |
251 | .El |
252 | +.Sh ENVIRONMENT | |
253 | +.Bl -tag -width Ds -compact | |
254 | +.Pp | |
255 | +.It Pa SSH_USE_STRONG_RNG | |
256 | +The reseeding of the OpenSSL random generator is usually done from | |
257 | +.Cm /dev/urandom . | |
258 | +If the | |
259 | +.Cm SSH_USE_STRONG_RNG | |
260 | +environment variable is set to value other than | |
261 | +.Cm 0 | |
262 | +the OpenSSL random generator is reseeded from | |
263 | +.Cm /dev/random . | |
264 | +The number of bytes read is defined by the SSH_USE_STRONG_RNG value. | |
265 | +Minimum is 6 bytes. | |
266 | +This setting is not recommended on the computers without the hardware | |
267 | +random generator because insufficient entropy causes the connection to | |
268 | +be blocked until enough entropy is available. | |
269 | +.El | |
9d8fd3ad | 270 | .Sh SEE ALSO |
43c69e28 SS |
271 | .Xr ssh 1 , |
272 | .Xr ssh-keygen 1 , |