diff --git a/entropy.c b/entropy.c index 2d483b3..b361a04 100644 --- a/entropy.c +++ b/entropy.c @@ -234,6 +234,9 @@ seed_rng(void) } #endif /* OPENSSL_PRNG_ONLY */ +#ifdef __linux__ + linux_seed(); +#endif /* __linux__ */ if (RAND_status() != 1) fatal("PRNG is not seeded"); diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in index b912dbe..9206337 100644 --- a/openbsd-compat/Makefile.in +++ b/openbsd-compat/Makefile.in @@ -20,6 +20,7 @@ OPENBSD=base64.o basename.o bcrypt_pbkdf.o bindresvport.o blowfish.o daemon.o di port-solaris.o \ port-net.o \ port-uw.o \ + port-linux-prng.o \ port-linux-sshd.o .c.o: diff -up openssh-7.4p1/openbsd-compat/port-linux.h.entropy openssh-7.4p1/openbsd-compat/port-linux.h --- openssh-7.4p1/openbsd-compat/port-linux.h.entropy 2016-12-23 18:34:27.747753563 +0100 +++ openssh-7.4p1/openbsd-compat/port-linux.h 2016-12-23 18:34:27.769753570 +0100 @@ -34,4 +34,6 @@ void oom_adjust_restore(void); void oom_adjust_setup(void); #endif +void linux_seed(void); + #endif /* ! _PORT_LINUX_H */ diff --git a/openbsd-compat/port-linux-prng.c b/openbsd-compat/port-linux-prng.c new file mode 100644 index 0000000..92a617c --- /dev/null +++ b/openbsd-compat/port-linux-prng.c @@ -0,0 +1,78 @@ +/* + * Copyright (c) 2011 - 2020 Red Hat, Inc. + * + * Authors: + * Jan F. Chadima <jchadima@redhat.com> + * Jakub Jelen <jjelen@redhat.com> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * Linux-specific portability code - prng support + */ + +#include "includes.h" + +#include <errno.h> +#include <string.h> +#include <openssl/rand.h> +#include <sys/random.h> + +#include "log.h" + +void +linux_seed(void) +{ + char *env = NULL; + size_t randlen = 14, left; + unsigned int flags = 0; + unsigned char buf[256], *p; + + env = getenv("SSH_USE_STRONG_RNG"); + if (env && strcmp(env, "0") != 0) { + size_t ienv = atoi(env); + + /* Max on buffer length */ + if (ienv > sizeof(buf)) + ienv = sizeof(buf); + /* Minimum is always 14 B */ + if (ienv > randlen) + randlen = ienv; + flags = GRND_RANDOM; + } + + errno = 0; + left = randlen; + p = buf; + do { + ssize_t len = getrandom(p, left, flags); + if (len == -1) { + if (errno != EINTR) { + if (flags) { + /* With the variable present, this is fatal error */ + fatal("Failed to seed from getrandom: %s", strerror(errno)); + } else { + /* Otherwise we log the issue drop out from here */ + debug("Failed to seed from getrandom: %s", strerror(errno)); + return; + } + } + } else if (len > 0) { + left -= len; + p += len; + } + } while (left > 0); + + RAND_seed(buf, randlen); +} diff --git a/ssh-add.1 b/ssh-add.1 index 4812448..16305bf 100644 --- a/ssh-add.1 +++ b/ssh-add.1 @@ -161,6 +161,22 @@ to make this work.) Identifies the path of a .Ux Ns -domain socket used to communicate with the agent. +.It Ev SSH_USE_STRONG_RNG +The reseeding of the OpenSSL random generator is usually done from +.Cm getrandom(1) +without any specific flags. +If the +.Cm SSH_USE_STRONG_RNG +environment variable is set to value other than +.Cm 0 +the OpenSSL random generator is reseeded from +.Cm getrandom(1) +with GRND_RANDOM flag specified. +The number of bytes read is defined by the SSH_USE_STRONG_RNG value. +Minimum is 14 bytes. +This setting is not recommended on the computers without the hardware +random generator because insufficient entropy causes the connection to +be blocked until enough entropy is available. .El .Sh FILES .Bl -tag -width Ds diff --git a/ssh-agent.1 b/ssh-agent.1 index 281ecbd..1a9a635 100644 --- a/ssh-agent.1 +++ b/ssh-agent.1 @@ -201,6 +201,26 @@ sockets used to contain the connection to the authentication agent. These sockets should only be readable by the owner. The sockets should get automatically removed when the agent exits. .El +.Sh ENVIRONMENT +.Bl -tag -width Ds -compact +.Pp +.It Pa SSH_USE_STRONG_RNG +The reseeding of the OpenSSL random generator is usually done from +.Cm getrandom(1) +without any specific flags. +If the +.Cm SSH_USE_STRONG_RNG +environment variable is set to value other than +.Cm 0 +the OpenSSL random generator is reseeded from +.Cm getrandom(1) +with GRND_RANDOM flag specified. +The number of bytes read is defined by the SSH_USE_STRONG_RNG value. +Minimum is 14 bytes. +This setting is not recommended on the computers without the hardware +random generator because insufficient entropy causes the connection to +be blocked until enough entropy is available. +.El .Sh SEE ALSO .Xr ssh 1 , .Xr ssh-add 1 , diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 12e00d4..1b51a4a 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 @@ -832,6 +832,26 @@ Contains Diffie-Hellman groups used for DH-GEX. The file format is described in .Xr moduli 5 . .El +.Sh ENVIRONMENT +.Bl -tag -width Ds -compact +.Pp +.It Pa SSH_USE_STRONG_RNG +The reseeding of the OpenSSL random generator is usually done from +.Cm getrandom(1) +without any specific flags. +If the +.Cm SSH_USE_STRONG_RNG +environment variable is set to value other than +.Cm 0 +the OpenSSL random generator is reseeded from +.Cm getrandom(1) +with GRND_RANDOM flag specified. +The number of bytes read is defined by the SSH_USE_STRONG_RNG value. +Minimum is 14 bytes. +This setting is not recommended on the computers without the hardware +random generator because insufficient entropy causes the connection to +be blocked until enough entropy is available. +.El .Sh SEE ALSO .Xr ssh 1 , .Xr ssh-add 1 , diff --git a/ssh-keysign.8 b/ssh-keysign.8 index 69d0829..02d79f8 100644 --- a/ssh-keysign.8 +++ b/ssh-keysign.8 @@ -80,6 +80,26 @@ must be set-uid root if host-based authentication is used. If these files exist they are assumed to contain public certificate information corresponding with the private keys above. .El +.Sh ENVIRONMENT +.Bl -tag -width Ds -compact +.Pp +.It Pa SSH_USE_STRONG_RNG +The reseeding of the OpenSSL random generator is usually done from +.Cm getrandom(1) +without any specific flags. +If the +.Cm SSH_USE_STRONG_RNG +environment variable is set to value other than +.Cm 0 +the OpenSSL random generator is reseeded from +.Cm getrandom(1) +with GRND_RANDOM flag specified. +The number of bytes read is defined by the SSH_USE_STRONG_RNG value. +Minimum is 14 bytes. +This setting is not recommended on the computers without the hardware +random generator because insufficient entropy causes the connection to +be blocked until enough entropy is available. +.El .Sh SEE ALSO .Xr ssh 1 , .Xr ssh-keygen 1 , diff --git a/ssh.1 b/ssh.1 index 929904b..f65e42f 100644 --- a/ssh.1 +++ b/ssh.1 @@ -1309,6 +1309,25 @@ For more information, see the .Cm PermitUserEnvironment option in .Xr sshd_config 5 . +.Bl -tag -width "SSH_ORIGINAL_COMMAND" +.Pp +.It Ev SSH_USE_STRONG_RNG +The reseeding of the OpenSSL random generator is usually done from +.Cm getrandom(1) +without any specific flags. +If the +.Cm SSH_USE_STRONG_RNG +environment variable is set to value other than +.Cm 0 +the OpenSSL random generator is reseeded from +.Cm getrandom(1) +with GRND_RANDOM flag specified. +The number of bytes read is defined by the SSH_USE_STRONG_RNG value. +Minimum is 14 bytes. +This setting is not recommended on the computers without the hardware +random generator because insufficient entropy causes the connection to +be blocked until enough entropy is available. +.El .Sh FILES .Bl -tag -width Ds -compact .It Pa ~/.rhosts diff --git a/sshd.8 b/sshd.8 index c2c237f..058d37a 100644 --- a/sshd.8 +++ b/sshd.8 @@ -951,6 +951,26 @@ concurrently for different ports, this contains the process ID of the one started last). The content of this file is not sensitive; it can be world-readable. .El +.Sh ENVIRONMENT +.Bl -tag -width Ds -compact +.Pp +.It Ev SSH_USE_STRONG_RNG +The reseeding of the OpenSSL random generator is usually done from +.Cm getrandom(1) +without any specific flags. +If the +.Cm SSH_USE_STRONG_RNG +environment variable is set to value other than +.Cm 0 +the OpenSSL random generator is reseeded from +.Cm getrandom(1) +with GRND_RANDOM flag specified. +The number of bytes read is defined by the SSH_USE_STRONG_RNG value. +Minimum is 14 bytes. +This setting is not recommended on the computers without the hardware +random generator because insufficient entropy causes the connection to +be blocked until enough entropy is available. +.El .Sh IPV6 IPv6 address can be used everywhere where IPv4 address. In all entries must be the IPv6 address enclosed in square brackets. Note: The square brackets are metacharacters for the shell and must be escaped in shell. .Sh SEE ALSO