kentpeacock / rpms / openssh

Forked from rpms/openssh 2 years ago
Clone
aedd00
diff --git a/entropy.c b/entropy.c
aedd00
index 2d483b3..b361a04 100644
aedd00
--- a/entropy.c
aedd00
+++ b/entropy.c
aedd00
@@ -234,6 +234,9 @@ seed_rng(void)
aedd00
 	}
aedd00
 #endif /* OPENSSL_PRNG_ONLY */
aedd00
 
aedd00
+#ifdef __linux__
aedd00
+	linux_seed();
aedd00
+#endif /* __linux__ */
aedd00
 	if (RAND_status() != 1)
aedd00
 		fatal("PRNG is not seeded");
aedd00
 
aedd00
diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in
aedd00
index b912dbe..9206337 100644
aedd00
--- a/openbsd-compat/Makefile.in
aedd00
+++ b/openbsd-compat/Makefile.in
aedd00
@@ -20,6 +20,7 @@ OPENBSD=base64.o basename.o bcrypt_pbkdf.o bindresvport.o blowfish.o daemon.o di
aedd00
 	port-solaris.o \
aedd00
 	port-net.o \
aedd00
 	port-uw.o \
aedd00
+	port-linux-prng.o \
aedd00
 	port-linux-sshd.o
aedd00
 
aedd00
 .c.o:
aedd00
diff -up openssh-7.4p1/openbsd-compat/port-linux.h.entropy openssh-7.4p1/openbsd-compat/port-linux.h
aedd00
--- openssh-7.4p1/openbsd-compat/port-linux.h.entropy	2016-12-23 18:34:27.747753563 +0100
aedd00
+++ openssh-7.4p1/openbsd-compat/port-linux.h	2016-12-23 18:34:27.769753570 +0100
aedd00
@@ -34,4 +34,6 @@ void oom_adjust_restore(void);
aedd00
 void oom_adjust_setup(void);
aedd00
 #endif
aedd00
 
aedd00
+void linux_seed(void);
aedd00
+
aedd00
 #endif /* ! _PORT_LINUX_H */
aedd00
diff --git a/openbsd-compat/port-linux-prng.c b/openbsd-compat/port-linux-prng.c
aedd00
new file mode 100644
aedd00
index 0000000..92a617c
aedd00
--- /dev/null
aedd00
+++ b/openbsd-compat/port-linux-prng.c
aedd00
@@ -0,0 +1,78 @@
aedd00
+/*
aedd00
+ * Copyright (c) 2011 - 2020 Red Hat, Inc.
aedd00
+ *
aedd00
+ * Authors:
aedd00
+ *  Jan F. Chadima <jchadima@redhat.com>
aedd00
+ *  Jakub Jelen <jjelen@redhat.com>
aedd00
+ *
aedd00
+ * Permission to use, copy, modify, and distribute this software for any
aedd00
+ * purpose with or without fee is hereby granted, provided that the above
aedd00
+ * copyright notice and this permission notice appear in all copies.
aedd00
+ *
aedd00
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
aedd00
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
aedd00
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
aedd00
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
aedd00
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
aedd00
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
aedd00
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
aedd00
+ */
aedd00
+
aedd00
+/*
aedd00
+ * Linux-specific portability code - prng support
aedd00
+ */
aedd00
+
aedd00
+#include "includes.h"
aedd00
+
aedd00
+#include <errno.h>
aedd00
+#include <string.h>
aedd00
+#include <openssl/rand.h>
aedd00
+#include <sys/random.h>
aedd00
+
aedd00
+#include "log.h"
aedd00
+
aedd00
+void
aedd00
+linux_seed(void)
aedd00
+{
aedd00
+	char *env = NULL;
aedd00
+	size_t randlen = 14, left;
aedd00
+	unsigned int flags = 0;
aedd00
+	unsigned char buf[256], *p;
aedd00
+
aedd00
+	env = getenv("SSH_USE_STRONG_RNG");
aedd00
+	if (env && strcmp(env, "0") != 0) {
aedd00
+		size_t ienv = atoi(env);
aedd00
+
aedd00
+		/* Max on buffer length */
aedd00
+		if (ienv > sizeof(buf))
aedd00
+			ienv = sizeof(buf);
aedd00
+		/* Minimum is always 14 B */
aedd00
+		if (ienv > randlen)
aedd00
+			randlen = ienv;
aedd00
+		flags = GRND_RANDOM;
aedd00
+	}
aedd00
+
aedd00
+	errno = 0;
aedd00
+	left = randlen;
aedd00
+	p = buf;
aedd00
+	do {
aedd00
+		ssize_t len = getrandom(p, left, flags);
aedd00
+		if (len == -1) {
aedd00
+			if (errno != EINTR) {
aedd00
+				if (flags) {
aedd00
+					/* With the variable present, this is fatal error */
aedd00
+					fatal("Failed to seed from getrandom: %s", strerror(errno));
aedd00
+				} else {
aedd00
+					/* Otherwise we log the issue drop out from here */
aedd00
+					debug("Failed to seed from getrandom: %s", strerror(errno));
aedd00
+					return;
aedd00
+				}
aedd00
+			}
aedd00
+		} else if (len > 0) {
aedd00
+			left -= len;
aedd00
+			p += len;
aedd00
+		}
aedd00
+	} while (left > 0);
aedd00
+
aedd00
+	RAND_seed(buf, randlen);
aedd00
+}
aedd00
diff --git a/ssh-add.1 b/ssh-add.1
aedd00
index 4812448..16305bf 100644
aedd00
--- a/ssh-add.1
aedd00
+++ b/ssh-add.1
aedd00
@@ -161,6 +161,22 @@ to make this work.)
aedd00
 Identifies the path of a
aedd00
 .Ux Ns -domain
aedd00
 socket used to communicate with the agent.
aedd00
+.It Ev SSH_USE_STRONG_RNG
aedd00
+The reseeding of the OpenSSL random generator is usually done from
aedd00
+.Cm getrandom(1)
aedd00
+without any specific flags.
aedd00
+If the
aedd00
+.Cm SSH_USE_STRONG_RNG
aedd00
+environment variable is set to value other than
aedd00
+.Cm 0
aedd00
+the OpenSSL random generator is reseeded from
aedd00
+.Cm getrandom(1)
aedd00
+with GRND_RANDOM flag specified.
aedd00
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
aedd00
+Minimum is 14 bytes.
aedd00
+This setting is not recommended on the computers without the hardware
aedd00
+random generator because insufficient entropy causes the connection to
aedd00
+be blocked until enough entropy is available.
aedd00
 .El
aedd00
 .Sh FILES
aedd00
 .Bl -tag -width Ds
aedd00
diff --git a/ssh-agent.1 b/ssh-agent.1
aedd00
index 281ecbd..1a9a635 100644
aedd00
--- a/ssh-agent.1
aedd00
+++ b/ssh-agent.1
aedd00
@@ -201,6 +201,26 @@ sockets used to contain the connection to the authentication agent.
aedd00
 These sockets should only be readable by the owner.
aedd00
 The sockets should get automatically removed when the agent exits.
aedd00
 .El
aedd00
+.Sh ENVIRONMENT
aedd00
+.Bl -tag -width Ds -compact
aedd00
+.Pp
aedd00
+.It Pa SSH_USE_STRONG_RNG
aedd00
+The reseeding of the OpenSSL random generator is usually done from
aedd00
+.Cm getrandom(1)
aedd00
+without any specific flags.
aedd00
+If the
aedd00
+.Cm SSH_USE_STRONG_RNG
aedd00
+environment variable is set to value other than
aedd00
+.Cm 0
aedd00
+the OpenSSL random generator is reseeded from
aedd00
+.Cm getrandom(1)
aedd00
+with GRND_RANDOM flag specified.
aedd00
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
aedd00
+Minimum is 14 bytes.
aedd00
+This setting is not recommended on the computers without the hardware
aedd00
+random generator because insufficient entropy causes the connection to
aedd00
+be blocked until enough entropy is available.
aedd00
+.El
aedd00
 .Sh SEE ALSO
aedd00
 .Xr ssh 1 ,
aedd00
 .Xr ssh-add 1 ,
aedd00
diff --git a/ssh-keygen.1 b/ssh-keygen.1
aedd00
index 12e00d4..1b51a4a 100644
aedd00
--- a/ssh-keygen.1
aedd00
+++ b/ssh-keygen.1
aedd00
@@ -832,6 +832,26 @@ Contains Diffie-Hellman groups used for DH-GEX.
aedd00
 The file format is described in
aedd00
 .Xr moduli 5 .
aedd00
 .El
aedd00
+.Sh ENVIRONMENT
aedd00
+.Bl -tag -width Ds -compact
aedd00
+.Pp
aedd00
+.It Pa SSH_USE_STRONG_RNG
aedd00
+The reseeding of the OpenSSL random generator is usually done from
aedd00
+.Cm getrandom(1)
aedd00
+without any specific flags.
aedd00
+If the
aedd00
+.Cm SSH_USE_STRONG_RNG
aedd00
+environment variable is set to value other than
aedd00
+.Cm 0
aedd00
+the OpenSSL random generator is reseeded from
aedd00
+.Cm getrandom(1)
aedd00
+with GRND_RANDOM flag specified.
aedd00
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
aedd00
+Minimum is 14 bytes.
aedd00
+This setting is not recommended on the computers without the hardware
aedd00
+random generator because insufficient entropy causes the connection to
aedd00
+be blocked until enough entropy is available.
aedd00
+.El
aedd00
 .Sh SEE ALSO
aedd00
 .Xr ssh 1 ,
aedd00
 .Xr ssh-add 1 ,
aedd00
diff --git a/ssh-keysign.8 b/ssh-keysign.8
aedd00
index 69d0829..02d79f8 100644
aedd00
--- a/ssh-keysign.8
aedd00
+++ b/ssh-keysign.8
aedd00
@@ -80,6 +80,26 @@ must be set-uid root if host-based authentication is used.
aedd00
 If these files exist they are assumed to contain public certificate
aedd00
 information corresponding with the private keys above.
aedd00
 .El
aedd00
+.Sh ENVIRONMENT
aedd00
+.Bl -tag -width Ds -compact
aedd00
+.Pp
aedd00
+.It Pa SSH_USE_STRONG_RNG
aedd00
+The reseeding of the OpenSSL random generator is usually done from
aedd00
+.Cm getrandom(1)
aedd00
+without any specific flags.
aedd00
+If the
aedd00
+.Cm SSH_USE_STRONG_RNG
aedd00
+environment variable is set to value other than
aedd00
+.Cm 0
aedd00
+the OpenSSL random generator is reseeded from
aedd00
+.Cm getrandom(1)
aedd00
+with GRND_RANDOM flag specified.
aedd00
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
aedd00
+Minimum is 14 bytes.
aedd00
+This setting is not recommended on the computers without the hardware
aedd00
+random generator because insufficient entropy causes the connection to
aedd00
+be blocked until enough entropy is available.
aedd00
+.El
aedd00
 .Sh SEE ALSO
aedd00
 .Xr ssh 1 ,
aedd00
 .Xr ssh-keygen 1 ,
aedd00
diff --git a/ssh.1 b/ssh.1
aedd00
index 929904b..f65e42f 100644
aedd00
--- a/ssh.1
aedd00
+++ b/ssh.1
aedd00
@@ -1309,6 +1309,25 @@ For more information, see the
aedd00
 .Cm PermitUserEnvironment
aedd00
 option in
aedd00
 .Xr sshd_config 5 .
aedd00
+.Bl -tag -width "SSH_ORIGINAL_COMMAND"
aedd00
+.Pp
aedd00
+.It Ev SSH_USE_STRONG_RNG
aedd00
+The reseeding of the OpenSSL random generator is usually done from
aedd00
+.Cm getrandom(1)
aedd00
+without any specific flags.
aedd00
+If the
aedd00
+.Cm SSH_USE_STRONG_RNG
aedd00
+environment variable is set to value other than
aedd00
+.Cm 0
aedd00
+the OpenSSL random generator is reseeded from
aedd00
+.Cm getrandom(1)
aedd00
+with GRND_RANDOM flag specified.
aedd00
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
aedd00
+Minimum is 14 bytes.
aedd00
+This setting is not recommended on the computers without the hardware
aedd00
+random generator because insufficient entropy causes the connection to
aedd00
+be blocked until enough entropy is available.
aedd00
+.El
aedd00
 .Sh FILES
aedd00
 .Bl -tag -width Ds -compact
aedd00
 .It Pa ~/.rhosts
aedd00
diff --git a/sshd.8 b/sshd.8
aedd00
index c2c237f..058d37a 100644
aedd00
--- a/sshd.8
aedd00
+++ b/sshd.8
aedd00
@@ -951,6 +951,26 @@ concurrently for different ports, this contains the process ID of the one
aedd00
 started last).
aedd00
 The content of this file is not sensitive; it can be world-readable.
aedd00
 .El
aedd00
+.Sh ENVIRONMENT
aedd00
+.Bl -tag -width Ds -compact
aedd00
+.Pp
aedd00
+.It Ev SSH_USE_STRONG_RNG
aedd00
+The reseeding of the OpenSSL random generator is usually done from
aedd00
+.Cm getrandom(1)
aedd00
+without any specific flags.
aedd00
+If the
aedd00
+.Cm SSH_USE_STRONG_RNG
aedd00
+environment variable is set to value other than
aedd00
+.Cm 0
aedd00
+the OpenSSL random generator is reseeded from
aedd00
+.Cm getrandom(1)
aedd00
+with GRND_RANDOM flag specified.
aedd00
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
aedd00
+Minimum is 14 bytes.
aedd00
+This setting is not recommended on the computers without the hardware
aedd00
+random generator because insufficient entropy causes the connection to
aedd00
+be blocked until enough entropy is available.
aedd00
+.El
aedd00
 .Sh IPV6
aedd00
 IPv6 address can be used everywhere where IPv4 address. In all entries must be the IPv6 address enclosed in square brackets. Note: The square brackets are metacharacters for the shell and must be escaped in shell.
aedd00
 .Sh SEE ALSO
aedd00