kentpeacock / rpms / openssh

Forked from rpms/openssh 2 years ago
Clone
6c5f4d
diff --git a/entropy.c b/entropy.c
6c5f4d
index 2d483b3..b361a04 100644
6c5f4d
--- a/entropy.c
6c5f4d
+++ b/entropy.c
6c5f4d
@@ -234,6 +234,9 @@ seed_rng(void)
6c5f4d
 	}
6c5f4d
 #endif /* OPENSSL_PRNG_ONLY */
6c5f4d
 
6c5f4d
+#ifdef __linux__
6c5f4d
+	linux_seed();
6c5f4d
+#endif /* __linux__ */
6c5f4d
 	if (RAND_status() != 1)
6c5f4d
 		fatal("PRNG is not seeded");
6c5f4d
 
6c5f4d
diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in
6c5f4d
index b912dbe..9206337 100644
6c5f4d
--- a/openbsd-compat/Makefile.in
6c5f4d
+++ b/openbsd-compat/Makefile.in
6c5f4d
@@ -20,6 +20,7 @@ OPENBSD=base64.o basename.o bcrypt_pbkdf.o bindresvport.o blowfish.o daemon.o di
6c5f4d
 	port-solaris.o \
6c5f4d
 	port-net.o \
6c5f4d
 	port-uw.o \
6c5f4d
+	port-linux-prng.o \
6c5f4d
 	port-linux-sshd.o
6c5f4d
 
6c5f4d
 .c.o:
6c5f4d
diff -up openssh-7.4p1/openbsd-compat/port-linux.h.entropy openssh-7.4p1/openbsd-compat/port-linux.h
6c5f4d
--- openssh-7.4p1/openbsd-compat/port-linux.h.entropy	2016-12-23 18:34:27.747753563 +0100
6c5f4d
+++ openssh-7.4p1/openbsd-compat/port-linux.h	2016-12-23 18:34:27.769753570 +0100
6c5f4d
@@ -34,4 +34,6 @@ void oom_adjust_restore(void);
6c5f4d
 void oom_adjust_setup(void);
6c5f4d
 #endif
6c5f4d
 
6c5f4d
+void linux_seed(void);
6c5f4d
+
6c5f4d
 #endif /* ! _PORT_LINUX_H */
6c5f4d
diff --git a/openbsd-compat/port-linux-prng.c b/openbsd-compat/port-linux-prng.c
6c5f4d
new file mode 100644
6c5f4d
index 0000000..92a617c
6c5f4d
--- /dev/null
6c5f4d
+++ b/openbsd-compat/port-linux-prng.c
0d83e7
@@ -0,0 +1,78 @@
6c5f4d
+/*
6c5f4d
+ * Copyright (c) 2011 - 2020 Red Hat, Inc.
6c5f4d
+ *
6c5f4d
+ * Authors:
6c5f4d
+ *  Jan F. Chadima <jchadima@redhat.com>
6c5f4d
+ *  Jakub Jelen <jjelen@redhat.com>
6c5f4d
+ *
6c5f4d
+ * Permission to use, copy, modify, and distribute this software for any
6c5f4d
+ * purpose with or without fee is hereby granted, provided that the above
6c5f4d
+ * copyright notice and this permission notice appear in all copies.
6c5f4d
+ *
6c5f4d
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
6c5f4d
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
6c5f4d
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
6c5f4d
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
6c5f4d
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
6c5f4d
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
6c5f4d
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
6c5f4d
+ */
6c5f4d
+
6c5f4d
+/*
6c5f4d
+ * Linux-specific portability code - prng support
6c5f4d
+ */
6c5f4d
+
6c5f4d
+#include "includes.h"
6c5f4d
+
6c5f4d
+#include <errno.h>
6c5f4d
+#include <string.h>
6c5f4d
+#include <openssl/rand.h>
6c5f4d
+#include <sys/random.h>
6c5f4d
+
6c5f4d
+#include "log.h"
6c5f4d
+
6c5f4d
+void
6c5f4d
+linux_seed(void)
6c5f4d
+{
6c5f4d
+	char *env = NULL;
6c5f4d
+	size_t randlen = 14, left;
6c5f4d
+	unsigned int flags = 0;
6c5f4d
+	unsigned char buf[256], *p;
6c5f4d
+
6c5f4d
+	env = getenv("SSH_USE_STRONG_RNG");
6c5f4d
+	if (env && strcmp(env, "0") != 0) {
6c5f4d
+		size_t ienv = atoi(env);
6c5f4d
+
6c5f4d
+		/* Max on buffer length */
6c5f4d
+		if (ienv > sizeof(buf))
6c5f4d
+			ienv = sizeof(buf);
6c5f4d
+		/* Minimum is always 14 B */
6c5f4d
+		if (ienv > randlen)
6c5f4d
+			randlen = ienv;
6c5f4d
+		flags = GRND_RANDOM;
6c5f4d
+	}
6c5f4d
+
6c5f4d
+	errno = 0;
6c5f4d
+	left = randlen;
6c5f4d
+	p = buf;
6c5f4d
+	do {
6c5f4d
+		ssize_t len = getrandom(p, left, flags);
6c5f4d
+		if (len == -1) {
0d83e7
+			if (errno != EINTR) {
0d83e7
+				if (flags) {
0d83e7
+					/* With the variable present, this is fatal error */
0d83e7
+					fatal("Failed to seed from getrandom: %s", strerror(errno));
0d83e7
+				} else {
0d83e7
+					/* Otherwise we log the issue drop out from here */
0d83e7
+					debug("Failed to seed from getrandom: %s", strerror(errno));
0d83e7
+					return;
0d83e7
+				}
0d83e7
+			}
6c5f4d
+		} else if (len > 0) {
6c5f4d
+			left -= len;
6c5f4d
+			p += len;
6c5f4d
+		}
6c5f4d
+	} while (left > 0);
6c5f4d
+
6c5f4d
+	RAND_seed(buf, randlen);
6c5f4d
+}
6c5f4d
diff --git a/ssh-add.1 b/ssh-add.1
6c5f4d
index 4812448..16305bf 100644
6c5f4d
--- a/ssh-add.1
6c5f4d
+++ b/ssh-add.1
0d83e7
@@ -161,6 +161,22 @@ to make this work.)
6c5f4d
 Identifies the path of a
6c5f4d
 .Ux Ns -domain
6c5f4d
 socket used to communicate with the agent.
6c5f4d
+.It Ev SSH_USE_STRONG_RNG
6c5f4d
+The reseeding of the OpenSSL random generator is usually done from
0d83e7
+.Cm getrandom(1)
0d83e7
+without any specific flags.
6c5f4d
+If the
6c5f4d
+.Cm SSH_USE_STRONG_RNG
6c5f4d
+environment variable is set to value other than
6c5f4d
+.Cm 0
6c5f4d
+the OpenSSL random generator is reseeded from
0d83e7
+.Cm getrandom(1)
0d83e7
+with GRND_RANDOM flag specified.
6c5f4d
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
6c5f4d
+Minimum is 14 bytes.
6c5f4d
+This setting is not recommended on the computers without the hardware
6c5f4d
+random generator because insufficient entropy causes the connection to
6c5f4d
+be blocked until enough entropy is available.
6c5f4d
 .El
6c5f4d
 .Sh FILES
6c5f4d
 .Bl -tag -width Ds
6c5f4d
diff --git a/ssh-agent.1 b/ssh-agent.1
6c5f4d
index 281ecbd..1a9a635 100644
6c5f4d
--- a/ssh-agent.1
6c5f4d
+++ b/ssh-agent.1
0d83e7
@@ -201,6 +201,26 @@ sockets used to contain the connection to the authentication agent.
6c5f4d
 These sockets should only be readable by the owner.
6c5f4d
 The sockets should get automatically removed when the agent exits.
6c5f4d
 .El
6c5f4d
+.Sh ENVIRONMENT
6c5f4d
+.Bl -tag -width Ds -compact
6c5f4d
+.Pp
6c5f4d
+.It Pa SSH_USE_STRONG_RNG
6c5f4d
+The reseeding of the OpenSSL random generator is usually done from
0d83e7
+.Cm getrandom(1)
0d83e7
+without any specific flags.
6c5f4d
+If the
6c5f4d
+.Cm SSH_USE_STRONG_RNG
6c5f4d
+environment variable is set to value other than
6c5f4d
+.Cm 0
6c5f4d
+the OpenSSL random generator is reseeded from
0d83e7
+.Cm getrandom(1)
0d83e7
+with GRND_RANDOM flag specified.
6c5f4d
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
6c5f4d
+Minimum is 14 bytes.
6c5f4d
+This setting is not recommended on the computers without the hardware
6c5f4d
+random generator because insufficient entropy causes the connection to
6c5f4d
+be blocked until enough entropy is available.
6c5f4d
+.El
6c5f4d
 .Sh SEE ALSO
6c5f4d
 .Xr ssh 1 ,
6c5f4d
 .Xr ssh-add 1 ,
6c5f4d
diff --git a/ssh-keygen.1 b/ssh-keygen.1
6c5f4d
index 12e00d4..1b51a4a 100644
6c5f4d
--- a/ssh-keygen.1
6c5f4d
+++ b/ssh-keygen.1
0d83e7
@@ -832,6 +832,26 @@ Contains Diffie-Hellman groups used for DH-GEX.
6c5f4d
 The file format is described in
6c5f4d
 .Xr moduli 5 .
6c5f4d
 .El
6c5f4d
+.Sh ENVIRONMENT
6c5f4d
+.Bl -tag -width Ds -compact
6c5f4d
+.Pp
6c5f4d
+.It Pa SSH_USE_STRONG_RNG
6c5f4d
+The reseeding of the OpenSSL random generator is usually done from
0d83e7
+.Cm getrandom(1)
0d83e7
+without any specific flags.
6c5f4d
+If the
6c5f4d
+.Cm SSH_USE_STRONG_RNG
6c5f4d
+environment variable is set to value other than
6c5f4d
+.Cm 0
6c5f4d
+the OpenSSL random generator is reseeded from
0d83e7
+.Cm getrandom(1)
0d83e7
+with GRND_RANDOM flag specified.
6c5f4d
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
6c5f4d
+Minimum is 14 bytes.
6c5f4d
+This setting is not recommended on the computers without the hardware
6c5f4d
+random generator because insufficient entropy causes the connection to
6c5f4d
+be blocked until enough entropy is available.
6c5f4d
+.El
6c5f4d
 .Sh SEE ALSO
6c5f4d
 .Xr ssh 1 ,
6c5f4d
 .Xr ssh-add 1 ,
6c5f4d
diff --git a/ssh-keysign.8 b/ssh-keysign.8
6c5f4d
index 69d0829..02d79f8 100644
6c5f4d
--- a/ssh-keysign.8
6c5f4d
+++ b/ssh-keysign.8
0d83e7
@@ -80,6 +80,26 @@ must be set-uid root if host-based authentication is used.
6c5f4d
 If these files exist they are assumed to contain public certificate
6c5f4d
 information corresponding with the private keys above.
6c5f4d
 .El
6c5f4d
+.Sh ENVIRONMENT
6c5f4d
+.Bl -tag -width Ds -compact
6c5f4d
+.Pp
6c5f4d
+.It Pa SSH_USE_STRONG_RNG
6c5f4d
+The reseeding of the OpenSSL random generator is usually done from
0d83e7
+.Cm getrandom(1)
0d83e7
+without any specific flags.
6c5f4d
+If the
6c5f4d
+.Cm SSH_USE_STRONG_RNG
6c5f4d
+environment variable is set to value other than
6c5f4d
+.Cm 0
6c5f4d
+the OpenSSL random generator is reseeded from
0d83e7
+.Cm getrandom(1)
0d83e7
+with GRND_RANDOM flag specified.
6c5f4d
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
6c5f4d
+Minimum is 14 bytes.
6c5f4d
+This setting is not recommended on the computers without the hardware
6c5f4d
+random generator because insufficient entropy causes the connection to
6c5f4d
+be blocked until enough entropy is available.
6c5f4d
+.El
6c5f4d
 .Sh SEE ALSO
6c5f4d
 .Xr ssh 1 ,
6c5f4d
 .Xr ssh-keygen 1 ,
6c5f4d
diff --git a/ssh.1 b/ssh.1
6c5f4d
index 929904b..f65e42f 100644
6c5f4d
--- a/ssh.1
6c5f4d
+++ b/ssh.1
0d83e7
@@ -1309,6 +1309,25 @@ For more information, see the
6c5f4d
 .Cm PermitUserEnvironment
6c5f4d
 option in
6c5f4d
 .Xr sshd_config 5 .
0d83e7
+.Bl -tag -width "SSH_ORIGINAL_COMMAND"
0d83e7
+.Pp
6c5f4d
+.It Ev SSH_USE_STRONG_RNG
6c5f4d
+The reseeding of the OpenSSL random generator is usually done from
0d83e7
+.Cm getrandom(1)
0d83e7
+without any specific flags.
6c5f4d
+If the
6c5f4d
+.Cm SSH_USE_STRONG_RNG
6c5f4d
+environment variable is set to value other than
6c5f4d
+.Cm 0
6c5f4d
+the OpenSSL random generator is reseeded from
0d83e7
+.Cm getrandom(1)
0d83e7
+with GRND_RANDOM flag specified.
6c5f4d
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
6c5f4d
+Minimum is 14 bytes.
6c5f4d
+This setting is not recommended on the computers without the hardware
6c5f4d
+random generator because insufficient entropy causes the connection to
6c5f4d
+be blocked until enough entropy is available.
6c5f4d
+.El
6c5f4d
 .Sh FILES
6c5f4d
 .Bl -tag -width Ds -compact
6c5f4d
 .It Pa ~/.rhosts
6c5f4d
diff --git a/sshd.8 b/sshd.8
6c5f4d
index c2c237f..058d37a 100644
6c5f4d
--- a/sshd.8
6c5f4d
+++ b/sshd.8
0d83e7
@@ -951,6 +951,26 @@ concurrently for different ports, this contains the process ID of the one
6c5f4d
 started last).
6c5f4d
 The content of this file is not sensitive; it can be world-readable.
6c5f4d
 .El
6c5f4d
+.Sh ENVIRONMENT
6c5f4d
+.Bl -tag -width Ds -compact
6c5f4d
+.Pp
0d83e7
+.It Ev SSH_USE_STRONG_RNG
6c5f4d
+The reseeding of the OpenSSL random generator is usually done from
0d83e7
+.Cm getrandom(1)
0d83e7
+without any specific flags.
6c5f4d
+If the
6c5f4d
+.Cm SSH_USE_STRONG_RNG
6c5f4d
+environment variable is set to value other than
6c5f4d
+.Cm 0
6c5f4d
+the OpenSSL random generator is reseeded from
0d83e7
+.Cm getrandom(1)
0d83e7
+with GRND_RANDOM flag specified.
6c5f4d
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
6c5f4d
+Minimum is 14 bytes.
6c5f4d
+This setting is not recommended on the computers without the hardware
6c5f4d
+random generator because insufficient entropy causes the connection to
6c5f4d
+be blocked until enough entropy is available.
6c5f4d
+.El
6c5f4d
 .Sh IPV6
6c5f4d
 IPv6 address can be used everywhere where IPv4 address. In all entries must be the IPv6 address enclosed in square brackets. Note: The square brackets are metacharacters for the shell and must be escaped in shell.
6c5f4d
 .Sh SEE ALSO
6c5f4d