vishalmishra434 / rpms / openssh

Forked from rpms/openssh a month ago
Clone
Petr Lautrbach 8a29de
diff -up openssh-6.2p1/entropy.c.entropy openssh-6.2p1/entropy.c
Petr Lautrbach 8a29de
--- openssh-6.2p1/entropy.c.entropy	2013-03-25 19:31:42.737611051 +0100
Petr Lautrbach 8a29de
+++ openssh-6.2p1/entropy.c	2013-03-25 19:31:42.797611433 +0100
Petr Lautrbach 65ba94
@@ -237,6 +237,9 @@ seed_rng(void)
Jan F. Chadima 69dd72
 	memset(buf, '\0', sizeof(buf));
Jan F. Chadima 69dd72
 
Jan F. Chadima 69dd72
 #endif /* OPENSSL_PRNG_ONLY */
Jan F. Chadima 69dd72
+#ifdef __linux__
Jan F. Chadima 69dd72
+	linux_seed();
Jan F. Chadima 69dd72
+#endif /* __linux__ */
Jan F. Chadima 69dd72
 	if (RAND_status() != 1)
Jan F. Chadima 69dd72
 		fatal("PRNG is not seeded");
Jan F. Chadima 69dd72
 }
Petr Lautrbach 8a29de
diff -up openssh-6.2p1/openbsd-compat/Makefile.in.entropy openssh-6.2p1/openbsd-compat/Makefile.in
Petr Lautrbach 8a29de
--- openssh-6.2p1/openbsd-compat/Makefile.in.entropy	2013-03-25 19:31:42.798611440 +0100
Petr Lautrbach 8a29de
+++ openssh-6.2p1/openbsd-compat/Makefile.in	2013-03-25 19:33:02.042116876 +0100
Jan F. Chadima 69dd72
@@ -20,7 +20,7 @@ OPENBSD=base64.o basename.o bindresvport
Jan F. Chadima 69dd72
 
Petr Lautrbach 8a29de
 COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
Jan F. Chadima 69dd72
 
Jan F. Chadima 69dd72
-PORTS=port-aix.o port-irix.o port-linux.o port-linux_part_2.o port-solaris.o port-tun.o port-uw.o
Jan F. Chadima 69dd72
+PORTS=port-aix.o port-irix.o port-linux.o port-linux_part_2.o port-linux-prng.o port-solaris.o port-tun.o port-uw.o
Jan F. Chadima 69dd72
 
Jan F. Chadima 69dd72
 .c.o:
Jan F. Chadima 69dd72
 	$(CC) $(CFLAGS) $(CPPFLAGS) -c $<
Petr Lautrbach 8a29de
diff -up openssh-6.2p1/openbsd-compat/port-linux-prng.c.entropy openssh-6.2p1/openbsd-compat/port-linux-prng.c
Petr Lautrbach 8a29de
--- openssh-6.2p1/openbsd-compat/port-linux-prng.c.entropy	2013-03-25 19:31:42.798611440 +0100
Petr Lautrbach 8a29de
+++ openssh-6.2p1/openbsd-compat/port-linux-prng.c	2013-03-25 19:31:42.798611440 +0100
Jan F. Chadima 69dd72
@@ -0,0 +1,59 @@
Jan F. Chadima 69dd72
+/* $Id: port-linux.c,v 1.11.4.2 2011/02/04 00:43:08 djm Exp $ */
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+/*
Jan F. Chadima 69dd72
+ * Copyright (c) 2011 Jan F. Chadima <jchadima@redhat.com>
Jan F. Chadima 69dd72
+ *
Jan F. Chadima 69dd72
+ * Permission to use, copy, modify, and distribute this software for any
Jan F. Chadima 69dd72
+ * purpose with or without fee is hereby granted, provided that the above
Jan F. Chadima 69dd72
+ * copyright notice and this permission notice appear in all copies.
Jan F. Chadima 69dd72
+ *
Jan F. Chadima 69dd72
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
Jan F. Chadima 69dd72
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
Jan F. Chadima 69dd72
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
Jan F. Chadima 69dd72
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
Jan F. Chadima 69dd72
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
Jan F. Chadima 69dd72
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
Jan F. Chadima 69dd72
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
Jan F. Chadima 69dd72
+ */
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+/*
Jan F. Chadima 69dd72
+ * Linux-specific portability code - prng support
Jan F. Chadima 69dd72
+ */
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+#include "includes.h"
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+#include <errno.h>
Jan F. Chadima 69dd72
+#include <stdarg.h>
Jan F. Chadima 69dd72
+#include <string.h>
Jan F. Chadima 69dd72
+#include <stdio.h>
Jan F. Chadima 69dd72
+#include <openssl/rand.h>
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+#include "log.h"
Jan F. Chadima 69dd72
+#include "xmalloc.h"
Jan F. Chadima 69dd72
+#include "servconf.h"
Jan F. Chadima 69dd72
+#include "port-linux.h"
Jan F. Chadima 69dd72
+#include "key.h"
Jan F. Chadima 69dd72
+#include "hostfile.h"
Jan F. Chadima 69dd72
+#include "auth.h"
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+void
Jan F. Chadima 69dd72
+linux_seed(void)
Jan F. Chadima 69dd72
+{
Jan F. Chadima 69dd72
+	int len;
Jan F. Chadima 69dd72
+	char *env = getenv("SSH_USE_STRONG_RNG");
Jan F. Chadima 69dd72
+	char *random = "/dev/random";
Petr Lautrbach 9acec0
+	size_t ienv, randlen = 14;
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	if (!env || !strcmp(env, "0"))
Jan F. Chadima 69dd72
+		random = "/dev/urandom";
Petr Lautrbach 9acec0
+	else if ((ienv = atoi(env)) > randlen)
Jan F. Chadima 69dd72
+		randlen = ienv;
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	errno = 0;
Jan F. Chadima 69dd72
+	if ((len = RAND_load_file(random, randlen)) != randlen) {
Jan F. Chadima 69dd72
+		if (errno)
Jan F. Chadima 69dd72
+			fatal ("cannot read from %s, %s", random, strerror(errno));
Jan F. Chadima 69dd72
+		else
Jan F. Chadima 69dd72
+			fatal ("EOF reading %s", random);
Jan F. Chadima 69dd72
+	}
Jan F. Chadima 69dd72
+}
Petr Lautrbach 8a29de
diff -up openssh-6.2p1/ssh-add.0.entropy openssh-6.2p1/ssh-add.0
Petr Lautrbach 8a29de
--- openssh-6.2p1/ssh-add.0.entropy	2013-03-22 00:38:29.000000000 +0100
Petr Lautrbach 8a29de
+++ openssh-6.2p1/ssh-add.0	2013-03-25 19:31:42.799611446 +0100
Petr Lautrbach 8a29de
@@ -82,6 +82,16 @@ ENVIRONMENT
Petr Lautrbach 251c8d
              Identifies the path of a UNIX-domain socket used to communicate
Petr Lautrbach 251c8d
              with the agent.
Petr Lautrbach 251c8d
 
Petr Lautrbach 251c8d
+     SSH_USE_STRONG_RNG
Petr Lautrbach 251c8d
+             The reseeding of the OpenSSL random generator is usually done
Petr Lautrbach 251c8d
+             from /dev/urandom.  If the SSH_USE_STRONG_RNG environment vari-
Petr Lautrbach 251c8d
+             able is set to value other than 0 the OpenSSL random generator is
Petr Lautrbach 251c8d
+             reseeded from /dev/random.  The number of bytes read is defined
Petr Lautrbach 9acec0
+             by the SSH_USE_STRONG_RNG value.  Minimum is 14 bytes.  This set-
Petr Lautrbach 251c8d
+             ting is not recommended on the computers without the hardware
Petr Lautrbach 251c8d
+             random generator because insufficient entropy causes the connec-
Petr Lautrbach 251c8d
+             tion to be blocked until enough entropy is available.
Petr Lautrbach 251c8d
+
Petr Lautrbach 251c8d
 FILES
Petr Lautrbach 251c8d
      ~/.ssh/identity
Petr Lautrbach 251c8d
              Contains the protocol version 1 RSA authentication identity of
Petr Lautrbach 8a29de
diff -up openssh-6.2p1/ssh-add.1.entropy openssh-6.2p1/ssh-add.1
Petr Lautrbach 8a29de
--- openssh-6.2p1/ssh-add.1.entropy	2012-12-07 03:06:13.000000000 +0100
Petr Lautrbach 8a29de
+++ openssh-6.2p1/ssh-add.1	2013-03-25 19:31:42.799611446 +0100
Petr Lautrbach 251c8d
@@ -160,6 +160,20 @@ to make this work.)
Petr Lautrbach 251c8d
 Identifies the path of a
Petr Lautrbach 65ba94
 .Ux Ns -domain
Petr Lautrbach 65ba94
 socket used to communicate with the agent.
Petr Lautrbach 65ba94
+.It Ev SSH_USE_STRONG_RNG
Jan F. Chadima 69dd72
+The reseeding of the OpenSSL random generator is usually done from
Jan F. Chadima 69dd72
+.Cm /dev/urandom .
Jan F. Chadima 69dd72
+If the 
Jan F. Chadima 69dd72
+.Cm SSH_USE_STRONG_RNG
Jan F. Chadima 69dd72
+environment variable is set to value other than
Jan F. Chadima 69dd72
+.Cm 0
Jan F. Chadima 69dd72
+the OpenSSL random generator is reseeded from
Jan F. Chadima 69dd72
+.Cm /dev/random .
Jan F. Chadima 69dd72
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value. 
Petr Lautrbach 9acec0
+Minimum is 14 bytes.
Jan F. Chadima 69dd72
+This setting is not recommended on the computers without the hardware
Jan F. Chadima 69dd72
+random generator because insufficient entropy causes the connection to 
Jan F. Chadima 69dd72
+be blocked until enough entropy is available.
Petr Lautrbach 251c8d
 .El
Petr Lautrbach 65ba94
 .Sh FILES
Petr Lautrbach 65ba94
 .Bl -tag -width Ds
Petr Lautrbach 8a29de
diff -up openssh-6.2p1/ssh-agent.1.entropy openssh-6.2p1/ssh-agent.1
Petr Lautrbach 8a29de
--- openssh-6.2p1/ssh-agent.1.entropy	2010-12-01 01:50:35.000000000 +0100
Petr Lautrbach 8a29de
+++ openssh-6.2p1/ssh-agent.1	2013-03-25 19:31:42.800611452 +0100
Petr Lautrbach 65ba94
@@ -198,6 +198,24 @@ sockets used to contain the connection t
Petr Lautrbach 65ba94
 These sockets should only be readable by the owner.
Petr Lautrbach 65ba94
 The sockets should get automatically removed when the agent exits.
Jan F. Chadima 69dd72
 .El
Jan F. Chadima 69dd72
+.Sh ENVIRONMENT
Jan F. Chadima 69dd72
+.Bl -tag -width Ds -compact
Jan F. Chadima 69dd72
+.Pp
Jan F. Chadima 69dd72
+.It Pa SSH_USE_STRONG_RNG
Jan F. Chadima 69dd72
+The reseeding of the OpenSSL random generator is usually done from
Jan F. Chadima 69dd72
+.Cm /dev/urandom .
Jan F. Chadima 69dd72
+If the 
Jan F. Chadima 69dd72
+.Cm SSH_USE_STRONG_RNG
Jan F. Chadima 69dd72
+environment variable is set to value other than
Jan F. Chadima 69dd72
+.Cm 0
Jan F. Chadima 69dd72
+the OpenSSL random generator is reseeded from
Jan F. Chadima 69dd72
+.Cm /dev/random .
Jan F. Chadima 69dd72
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value. 
Petr Lautrbach 9acec0
+Minimum is 14 bytes.
Jan F. Chadima 69dd72
+This setting is not recommended on the computers without the hardware
Jan F. Chadima 69dd72
+random generator because insufficient entropy causes the connection to 
Jan F. Chadima 69dd72
+be blocked until enough entropy is available.
Jan F. Chadima 69dd72
+.El
Jan F. Chadima 69dd72
 .Sh SEE ALSO
Jan F. Chadima 69dd72
 .Xr ssh 1 ,
Jan F. Chadima 69dd72
 .Xr ssh-add 1 ,
Petr Lautrbach 8a29de
diff -up openssh-6.2p1/sshd.8.entropy openssh-6.2p1/sshd.8
Petr Lautrbach 8a29de
--- openssh-6.2p1/sshd.8.entropy	2013-03-25 19:31:42.752611146 +0100
Petr Lautrbach 8a29de
+++ openssh-6.2p1/sshd.8	2013-03-25 19:31:42.800611452 +0100
Petr Lautrbach 8a29de
@@ -945,6 +945,24 @@ concurrently for different ports, this c
Petr Lautrbach 65ba94
 started last).
Petr Lautrbach 65ba94
 The content of this file is not sensitive; it can be world-readable.
Jan F. Chadima 69dd72
 .El
Jan F. Chadima 69dd72
+.Sh ENVIRONMENT
Jan F. Chadima 69dd72
+.Bl -tag -width Ds -compact
Jan F. Chadima 69dd72
+.Pp
Jan F. Chadima 69dd72
+.It Pa SSH_USE_STRONG_RNG
Jan F. Chadima 69dd72
+The reseeding of the OpenSSL random generator is usually done from
Jan F. Chadima 69dd72
+.Cm /dev/urandom .
Jan F. Chadima 69dd72
+If the 
Jan F. Chadima 69dd72
+.Cm SSH_USE_STRONG_RNG
Jan F. Chadima 69dd72
+environment variable is set to value other than
Jan F. Chadima 69dd72
+.Cm 0
Jan F. Chadima 69dd72
+the OpenSSL random generator is reseeded from
Jan F. Chadima 69dd72
+.Cm /dev/random .
Jan F. Chadima 69dd72
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value. 
Petr Lautrbach 9acec0
+Minimum is 14 bytes.
Jan F. Chadima 69dd72
+This setting is not recommended on the computers without the hardware
Jan F. Chadima 69dd72
+random generator because insufficient entropy causes the connection to 
Jan F. Chadima 69dd72
+be blocked until enough entropy is available.
Jan F. Chadima 69dd72
+.El
Petr Lautrbach 65ba94
 .Sh IPV6
Petr Lautrbach 65ba94
 IPv6 address can be used everywhere where IPv4 address. In all entries must be the IPv6 address enclosed in square brackets. Note: The square brackets are metacharacters for the shell and must be escaped in shell.
Jan F. Chadima 69dd72
 .Sh SEE ALSO
Petr Lautrbach 8a29de
diff -up openssh-6.2p1/ssh-keygen.1.entropy openssh-6.2p1/ssh-keygen.1
Petr Lautrbach 8a29de
--- openssh-6.2p1/ssh-keygen.1.entropy	2013-01-20 12:35:06.000000000 +0100
Petr Lautrbach 8a29de
+++ openssh-6.2p1/ssh-keygen.1	2013-03-25 19:31:42.801611459 +0100
Petr Lautrbach 8a29de
@@ -806,6 +806,24 @@ Contains Diffie-Hellman groups used for
Petr Lautrbach 65ba94
 The file format is described in
Petr Lautrbach 65ba94
 .Xr moduli 5 .
Petr Lautrbach 65ba94
 .El
Jan F. Chadima 69dd72
+.Sh ENVIRONMENT
Jan F. Chadima 69dd72
+.Bl -tag -width Ds -compact
Petr Lautrbach 65ba94
+.Pp
Petr Lautrbach 65ba94
+.It Pa SSH_USE_STRONG_RNG
Jan F. Chadima 69dd72
+The reseeding of the OpenSSL random generator is usually done from
Jan F. Chadima 69dd72
+.Cm /dev/urandom .
Jan F. Chadima 69dd72
+If the 
Jan F. Chadima 69dd72
+.Cm SSH_USE_STRONG_RNG
Jan F. Chadima 69dd72
+environment variable is set to value other than
Jan F. Chadima 69dd72
+.Cm 0
Jan F. Chadima 69dd72
+the OpenSSL random generator is reseeded from
Jan F. Chadima 69dd72
+.Cm /dev/random .
Jan F. Chadima 69dd72
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value. 
Petr Lautrbach 9acec0
+Minimum is 14 bytes.
Jan F. Chadima 69dd72
+This setting is not recommended on the computers without the hardware
Jan F. Chadima 69dd72
+random generator because insufficient entropy causes the connection to 
Jan F. Chadima 69dd72
+be blocked until enough entropy is available.
Jan F. Chadima 69dd72
+.El
Petr Lautrbach 65ba94
 .Sh SEE ALSO
Petr Lautrbach 65ba94
 .Xr ssh 1 ,
Petr Lautrbach 65ba94
 .Xr ssh-add 1 ,
Petr Lautrbach 8a29de
diff -up openssh-6.2p1/ssh-keysign.8.entropy openssh-6.2p1/ssh-keysign.8
Petr Lautrbach 8a29de
--- openssh-6.2p1/ssh-keysign.8.entropy	2010-08-31 14:41:14.000000000 +0200
Petr Lautrbach 8a29de
+++ openssh-6.2p1/ssh-keysign.8	2013-03-25 19:31:42.801611459 +0100
Petr Lautrbach 65ba94
@@ -78,6 +78,24 @@ must be set-uid root if host-based authe
Petr Lautrbach 65ba94
 If these files exist they are assumed to contain public certificate
Petr Lautrbach 65ba94
 information corresponding with the private keys above.
Jan F. Chadima 69dd72
 .El
Jan F. Chadima 69dd72
+.Sh ENVIRONMENT
Jan F. Chadima 69dd72
+.Bl -tag -width Ds -compact
Jan F. Chadima 69dd72
+.Pp
Jan F. Chadima 69dd72
+.It Pa SSH_USE_STRONG_RNG
Jan F. Chadima 69dd72
+The reseeding of the OpenSSL random generator is usually done from
Jan F. Chadima 69dd72
+.Cm /dev/urandom .
Jan F. Chadima 69dd72
+If the 
Jan F. Chadima 69dd72
+.Cm SSH_USE_STRONG_RNG
Jan F. Chadima 69dd72
+environment variable is set to value other than
Jan F. Chadima 69dd72
+.Cm 0
Jan F. Chadima 69dd72
+the OpenSSL random generator is reseeded from
Jan F. Chadima 69dd72
+.Cm /dev/random .
Jan F. Chadima 69dd72
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value. 
Petr Lautrbach 9acec0
+Minimum is 14 bytes.
Jan F. Chadima 69dd72
+This setting is not recommended on the computers without the hardware
Jan F. Chadima 69dd72
+random generator because insufficient entropy causes the connection to 
Jan F. Chadima 69dd72
+be blocked until enough entropy is available.
Jan F. Chadima 69dd72
+.El
Jan F. Chadima 69dd72
 .Sh SEE ALSO
Petr Lautrbach 65ba94
 .Xr ssh 1 ,
Petr Lautrbach 65ba94
 .Xr ssh-keygen 1 ,
Petr Lautrbach 8a29de
diff -up openssh-6.2p1/ssh.1.entropy openssh-6.2p1/ssh.1
Petr Lautrbach 8a29de
--- openssh-6.2p1/ssh.1.entropy	2013-03-25 19:31:42.752611146 +0100
Petr Lautrbach 8a29de
+++ openssh-6.2p1/ssh.1	2013-03-25 19:31:42.799611446 +0100
Petr Lautrbach 8a29de
@@ -1277,6 +1277,23 @@ For more information, see the
Petr Lautrbach 8a29de
 .Cm PermitUserEnvironment
Petr Lautrbach 8a29de
 option in
Petr Lautrbach 8a29de
 .Xr sshd_config 5 .
Petr Lautrbach 8a29de
+.Sh ENVIRONMENT
Petr Lautrbach 8a29de
+.Bl -tag -width Ds -compact
Petr Lautrbach 8a29de
+.It Ev SSH_USE_STRONG_RNG
Petr Lautrbach 8a29de
+The reseeding of the OpenSSL random generator is usually done from
Petr Lautrbach 8a29de
+.Cm /dev/urandom .
Petr Lautrbach 8a29de
+If the 
Petr Lautrbach 8a29de
+.Cm SSH_USE_STRONG_RNG
Petr Lautrbach 8a29de
+environment variable is set to value other than
Petr Lautrbach 8a29de
+.Cm 0
Petr Lautrbach 8a29de
+the OpenSSL random generator is reseeded from
Petr Lautrbach 8a29de
+.Cm /dev/random .
Petr Lautrbach 8a29de
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value. 
Petr Lautrbach 9acec0
+Minimum is 14 bytes.
Petr Lautrbach 8a29de
+This setting is not recommended on the computers without the hardware
Petr Lautrbach 8a29de
+random generator because insufficient entropy causes the connection to 
Petr Lautrbach 8a29de
+be blocked until enough entropy is available.
Petr Lautrbach 8a29de
+.El
Petr Lautrbach 8a29de
 .Sh FILES
Petr Lautrbach 8a29de
 .Bl -tag -width Ds -compact
Petr Lautrbach 8a29de
 .It Pa ~/.rhosts