]>
Commit | Line | Data |
---|---|---|
9d8fd3ad SS |
1 | diff -up openssh-5.9p0/entropy.c.entropy openssh-5.9p0/entropy.c |
2 | --- openssh-5.9p0/entropy.c.entropy 2011-08-31 13:20:59.660150441 +0200 | |
3 | +++ openssh-5.9p0/entropy.c 2011-08-31 13:21:05.072024970 +0200 | |
4 | @@ -232,6 +232,9 @@ seed_rng(void) | |
5 | memset(buf, '\0', sizeof(buf)); | |
6 | ||
7 | #endif /* OPENSSL_PRNG_ONLY */ | |
8 | +#ifdef __linux__ | |
9 | + linux_seed(); | |
10 | +#endif /* __linux__ */ | |
11 | if (RAND_status() != 1) | |
12 | fatal("PRNG is not seeded"); | |
13 | } | |
14 | diff -up openssh-5.9p0/openbsd-compat/Makefile.in.entropy openssh-5.9p0/openbsd-compat/Makefile.in | |
15 | --- openssh-5.9p0/openbsd-compat/Makefile.in.entropy 2011-08-31 13:20:54.000000000 +0200 | |
16 | +++ openssh-5.9p0/openbsd-compat/Makefile.in 2011-08-31 13:44:25.138151565 +0200 | |
17 | @@ -20,7 +20,7 @@ OPENBSD=base64.o basename.o bindresvport | |
18 | ||
19 | COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o | |
20 | ||
21 | -PORTS=port-aix.o port-irix.o port-linux.o port-linux_part_2.o port-solaris.o port-tun.o port-uw.o | |
22 | +PORTS=port-aix.o port-irix.o port-linux.o port-linux_part_2.o port-linux-prng.o port-solaris.o port-tun.o port-uw.o | |
23 | ||
24 | .c.o: | |
25 | $(CC) $(CFLAGS) $(CPPFLAGS) -c $< | |
26 | diff -up openssh-5.9p0/openbsd-compat/port-linux-prng.c.entropy openssh-5.9p0/openbsd-compat/port-linux-prng.c | |
27 | --- openssh-5.9p0/openbsd-compat/port-linux-prng.c.entropy 2011-08-31 13:21:05.382024083 +0200 | |
28 | +++ openssh-5.9p0/openbsd-compat/port-linux-prng.c 2011-08-31 13:21:05.386024776 +0200 | |
29 | @@ -0,0 +1,59 @@ | |
30 | +/* $Id: port-linux.c,v 1.11.4.2 2011/02/04 00:43:08 djm Exp $ */ | |
31 | + | |
32 | +/* | |
33 | + * Copyright (c) 2011 Jan F. Chadima <jchadima@redhat.com> | |
34 | + * | |
35 | + * Permission to use, copy, modify, and distribute this software for any | |
36 | + * purpose with or without fee is hereby granted, provided that the above | |
37 | + * copyright notice and this permission notice appear in all copies. | |
38 | + * | |
39 | + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | |
40 | + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | |
41 | + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | |
42 | + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | |
43 | + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | |
44 | + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | |
45 | + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | |
46 | + */ | |
47 | + | |
48 | +/* | |
49 | + * Linux-specific portability code - prng support | |
50 | + */ | |
51 | + | |
52 | +#include "includes.h" | |
53 | + | |
54 | +#include <errno.h> | |
55 | +#include <stdarg.h> | |
56 | +#include <string.h> | |
57 | +#include <stdio.h> | |
58 | +#include <openssl/rand.h> | |
59 | + | |
60 | +#include "log.h" | |
61 | +#include "xmalloc.h" | |
62 | +#include "servconf.h" | |
63 | +#include "port-linux.h" | |
64 | +#include "key.h" | |
65 | +#include "hostfile.h" | |
66 | +#include "auth.h" | |
67 | + | |
68 | +void | |
69 | +linux_seed(void) | |
70 | +{ | |
71 | + int len; | |
72 | + char *env = getenv("SSH_USE_STRONG_RNG"); | |
73 | + char *random = "/dev/random"; | |
74 | + size_t ienv, randlen = 6; | |
75 | + | |
76 | + if (!env || !strcmp(env, "0")) | |
77 | + random = "/dev/urandom"; | |
78 | + else if ((ienv = atoi(env)) > 6) | |
79 | + randlen = ienv; | |
80 | + | |
81 | + errno = 0; | |
82 | + if ((len = RAND_load_file(random, randlen)) != randlen) { | |
83 | + if (errno) | |
84 | + fatal ("cannot read from %s, %s", random, strerror(errno)); | |
85 | + else | |
86 | + fatal ("EOF reading %s", random); | |
87 | + } | |
88 | +} | |
89 | diff -up openssh-5.9p0/ssh-add.1.entropy openssh-5.9p0/ssh-add.1 | |
90 | --- openssh-5.9p0/ssh-add.1.entropy 2010-11-05 00:20:14.000000000 +0100 | |
91 | +++ openssh-5.9p0/ssh-add.1 2011-08-31 13:21:05.597122030 +0200 | |
92 | @@ -158,6 +158,20 @@ Identifies the path of a | |
93 | .Ux Ns -domain | |
94 | socket used to communicate with the agent. | |
95 | .El | |
96 | +.It Ev SSH_USE_STRONG_RNG | |
97 | +The reseeding of the OpenSSL random generator is usually done from | |
98 | +.Cm /dev/urandom . | |
99 | +If the | |
100 | +.Cm SSH_USE_STRONG_RNG | |
101 | +environment variable is set to value other than | |
102 | +.Cm 0 | |
103 | +the OpenSSL random generator is reseeded from | |
104 | +.Cm /dev/random . | |
105 | +The number of bytes read is defined by the SSH_USE_STRONG_RNG value. | |
106 | +Minimum is 6 bytes. | |
107 | +This setting is not recommended on the computers without the hardware | |
108 | +random generator because insufficient entropy causes the connection to | |
109 | +be blocked until enough entropy is available. | |
110 | .Sh FILES | |
111 | .Bl -tag -width Ds | |
112 | .It Pa ~/.ssh/identity | |
113 | diff -up openssh-5.9p0/ssh-agent.1.entropy openssh-5.9p0/ssh-agent.1 | |
114 | --- openssh-5.9p0/ssh-agent.1.entropy 2010-12-01 01:50:35.000000000 +0100 | |
115 | +++ openssh-5.9p0/ssh-agent.1 2011-08-31 13:21:05.735150196 +0200 | |
116 | @@ -198,6 +198,24 @@ sockets used to contain the connection t | |
117 | These sockets should only be readable by the owner. | |
118 | The sockets should get automatically removed when the agent exits. | |
119 | .El | |
120 | +.Sh ENVIRONMENT | |
121 | +.Bl -tag -width Ds -compact | |
122 | +.Pp | |
123 | +.It Pa SSH_USE_STRONG_RNG | |
124 | +The reseeding of the OpenSSL random generator is usually done from | |
125 | +.Cm /dev/urandom . | |
126 | +If the | |
127 | +.Cm SSH_USE_STRONG_RNG | |
128 | +environment variable is set to value other than | |
129 | +.Cm 0 | |
130 | +the OpenSSL random generator is reseeded from | |
131 | +.Cm /dev/random . | |
132 | +The number of bytes read is defined by the SSH_USE_STRONG_RNG value. | |
133 | +Minimum is 6 bytes. | |
134 | +This setting is not recommended on the computers without the hardware | |
135 | +random generator because insufficient entropy causes the connection to | |
136 | +be blocked until enough entropy is available. | |
137 | +.El | |
138 | .Sh SEE ALSO | |
139 | .Xr ssh 1 , | |
140 | .Xr ssh-add 1 , | |
141 | diff -up openssh-5.9p0/ssh-keygen.1.entropy openssh-5.9p0/ssh-keygen.1 | |
142 | --- openssh-5.9p0/ssh-keygen.1.entropy 2011-08-31 13:20:59.200212619 +0200 | |
143 | +++ openssh-5.9p0/ssh-keygen.1 2011-08-31 13:21:06.077150115 +0200 | |
144 | @@ -669,6 +669,24 @@ Contains Diffie-Hellman groups used for | |
145 | The file format is described in | |
146 | .Xr moduli 5 . | |
147 | .El | |
148 | +.Sh ENVIRONMENT | |
149 | +.Bl -tag -width Ds -compact | |
150 | +.Pp | |
151 | +.It Pa SSH_USE_STRONG_RNG | |
152 | +The reseeding of the OpenSSL random generator is usually done from | |
153 | +.Cm /dev/urandom . | |
154 | +If the | |
155 | +.Cm SSH_USE_STRONG_RNG | |
156 | +environment variable is set to value other than | |
157 | +.Cm 0 | |
158 | +the OpenSSL random generator is reseeded from | |
159 | +.Cm /dev/random . | |
160 | +The number of bytes read is defined by the SSH_USE_STRONG_RNG value. | |
161 | +Minimum is 6 bytes. | |
162 | +This setting is not recommended on the computers without the hardware | |
163 | +random generator because insufficient entropy causes the connection to | |
164 | +be blocked until enough entropy is available. | |
165 | +.El | |
166 | .Sh SEE ALSO | |
167 | .Xr ssh 1 , | |
168 | .Xr ssh-add 1 , | |
169 | diff -up openssh-5.9p0/ssh-keysign.8.entropy openssh-5.9p0/ssh-keysign.8 | |
170 | --- openssh-5.9p0/ssh-keysign.8.entropy 2010-08-31 14:41:14.000000000 +0200 | |
171 | +++ openssh-5.9p0/ssh-keysign.8 2011-08-31 13:21:06.207024356 +0200 | |
172 | @@ -78,6 +78,24 @@ must be set-uid root if host-based authe | |
173 | If these files exist they are assumed to contain public certificate | |
174 | information corresponding with the private keys above. | |
175 | .El | |
176 | +.Sh ENVIRONMENT | |
177 | +.Bl -tag -width Ds -compact | |
178 | +.Pp | |
179 | +.It Pa SSH_USE_STRONG_RNG | |
180 | +The reseeding of the OpenSSL random generator is usually done from | |
181 | +.Cm /dev/urandom . | |
182 | +If the | |
183 | +.Cm SSH_USE_STRONG_RNG | |
184 | +environment variable is set to value other than | |
185 | +.Cm 0 | |
186 | +the OpenSSL random generator is reseeded from | |
187 | +.Cm /dev/random . | |
188 | +The number of bytes read is defined by the SSH_USE_STRONG_RNG value. | |
189 | +Minimum is 6 bytes. | |
190 | +This setting is not recommended on the computers without the hardware | |
191 | +random generator because insufficient entropy causes the connection to | |
192 | +be blocked until enough entropy is available. | |
193 | +.El | |
194 | .Sh SEE ALSO | |
195 | .Xr ssh 1 , | |
196 | .Xr ssh-keygen 1 , | |
197 | diff -up openssh-5.9p0/ssh.1.entropy openssh-5.9p0/ssh.1 | |
198 | --- openssh-5.9p0/ssh.1.entropy 2011-08-31 13:21:00.835103535 +0200 | |
199 | +++ openssh-5.9p0/ssh.1 2011-08-31 13:21:05.482032754 +0200 | |
200 | @@ -1255,6 +1255,23 @@ For more information, see the | |
201 | .Cm PermitUserEnvironment | |
202 | option in | |
203 | .Xr sshd_config 5 . | |
204 | +.Sh ENVIRONMENT | |
205 | +.Bl -tag -width Ds -compact | |
206 | +.It Ev SSH_USE_STRONG_RNG | |
207 | +The reseeding of the OpenSSL random generator is usually done from | |
208 | +.Cm /dev/urandom . | |
209 | +If the | |
210 | +.Cm SSH_USE_STRONG_RNG | |
211 | +environment variable is set to value other than | |
212 | +.Cm 0 | |
213 | +the OpenSSL random generator is reseeded from | |
214 | +.Cm /dev/random . | |
215 | +The number of bytes read is defined by the SSH_USE_STRONG_RNG value. | |
216 | +Minimum is 6 bytes. | |
217 | +This setting is not recommended on the computers without the hardware | |
218 | +random generator because insufficient entropy causes the connection to | |
219 | +be blocked until enough entropy is available. | |
220 | +.El | |
221 | .Sh FILES | |
222 | .Bl -tag -width Ds -compact | |
223 | .It Pa ~/.rhosts | |
224 | diff -up openssh-5.9p0/sshd.8.entropy openssh-5.9p0/sshd.8 | |
225 | --- openssh-5.9p0/sshd.8.entropy 2011-08-31 13:21:00.000000000 +0200 | |
226 | +++ openssh-5.9p0/sshd.8 2011-08-31 13:46:27.341025537 +0200 | |
227 | @@ -940,6 +940,24 @@ concurrently for different ports, this c | |
228 | started last). | |
229 | The content of this file is not sensitive; it can be world-readable. | |
230 | .El | |
231 | +.Sh ENVIRONMENT | |
232 | +.Bl -tag -width Ds -compact | |
233 | +.Pp | |
234 | +.It Pa SSH_USE_STRONG_RNG | |
235 | +The reseeding of the OpenSSL random generator is usually done from | |
236 | +.Cm /dev/urandom . | |
237 | +If the | |
238 | +.Cm SSH_USE_STRONG_RNG | |
239 | +environment variable is set to value other than | |
240 | +.Cm 0 | |
241 | +the OpenSSL random generator is reseeded from | |
242 | +.Cm /dev/random . | |
243 | +The number of bytes read is defined by the SSH_USE_STRONG_RNG value. | |
244 | +Minimum is 6 bytes. | |
245 | +This setting is not recommended on the computers without the hardware | |
246 | +random generator because insufficient entropy causes the connection to | |
247 | +be blocked until enough entropy is available. | |
248 | +.El | |
249 | .Sh IPV6 | |
250 | IPv6 address can be used everywhere where IPv4 address. In all entries must be the IPv6 address enclosed in square brackets. Note: The square brackets are metacharacters for the shell and must be escaped in shell. | |
251 | .Sh SEE ALSO |