vishalmishra434 / rpms / openssh

Forked from rpms/openssh 3 months ago
Clone
Petr Lautrbach 94c6f8
diff --git a/entropy.c b/entropy.c
Petr Lautrbach 190035
index 1e9d52a..d24e724 100644
Petr Lautrbach 94c6f8
--- a/entropy.c
Petr Lautrbach 94c6f8
+++ b/entropy.c
Petr Lautrbach 190035
@@ -227,6 +227,9 @@ seed_rng(void)
Jan F. Chadima 69dd72
 	memset(buf, '\0', sizeof(buf));
Jan F. Chadima 69dd72
 
Jan F. Chadima 69dd72
 #endif /* OPENSSL_PRNG_ONLY */
Jan F. Chadima 69dd72
+#ifdef __linux__
Jan F. Chadima 69dd72
+	linux_seed();
Jan F. Chadima 69dd72
+#endif /* __linux__ */
Jan F. Chadima 69dd72
 	if (RAND_status() != 1)
Jan F. Chadima 69dd72
 		fatal("PRNG is not seeded");
Jan F. Chadima 69dd72
 }
Petr Lautrbach 94c6f8
diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in
Petr Lautrbach 190035
index 843225d..041bbab 100644
Petr Lautrbach 94c6f8
--- a/openbsd-compat/Makefile.in
Petr Lautrbach 94c6f8
+++ b/openbsd-compat/Makefile.in
Petr Lautrbach 94c6f8
@@ -20,7 +20,7 @@ OPENBSD=base64.o basename.o bcrypt_pbkdf.o bindresvport.o blowfish.o daemon.o di
Jan F. Chadima 69dd72
 
Petr Lautrbach 190035
 COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o kludge-fd_set.o
Jan F. Chadima 69dd72
 
Petr Lautrbach 94c6f8
-PORTS=port-aix.o port-irix.o port-linux.o port-linux-sshd.o port-solaris.o port-tun.o port-uw.o
Petr Lautrbach 94c6f8
+PORTS=port-aix.o port-irix.o port-linux.o port-linux-sshd.o port-linux-prng.o port-solaris.o port-tun.o port-uw.o
Jan F. Chadima 69dd72
 
Jan F. Chadima 69dd72
 .c.o:
Jan F. Chadima 69dd72
 	$(CC) $(CFLAGS) $(CPPFLAGS) -c $<
Petr Lautrbach 94c6f8
diff --git a/openbsd-compat/port-linux-prng.c b/openbsd-compat/port-linux-prng.c
Petr Lautrbach 94c6f8
new file mode 100644
Petr Lautrbach 190035
index 0000000..da84bf2
Petr Lautrbach 94c6f8
--- /dev/null
Petr Lautrbach 94c6f8
+++ b/openbsd-compat/port-linux-prng.c
Jan F. Chadima 69dd72
@@ -0,0 +1,59 @@
Jan F. Chadima 69dd72
+/* $Id: port-linux.c,v 1.11.4.2 2011/02/04 00:43:08 djm Exp $ */
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+/*
Jan F. Chadima 69dd72
+ * Copyright (c) 2011 Jan F. Chadima <jchadima@redhat.com>
Jan F. Chadima 69dd72
+ *
Jan F. Chadima 69dd72
+ * Permission to use, copy, modify, and distribute this software for any
Jan F. Chadima 69dd72
+ * purpose with or without fee is hereby granted, provided that the above
Jan F. Chadima 69dd72
+ * copyright notice and this permission notice appear in all copies.
Jan F. Chadima 69dd72
+ *
Jan F. Chadima 69dd72
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
Jan F. Chadima 69dd72
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
Jan F. Chadima 69dd72
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
Jan F. Chadima 69dd72
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
Jan F. Chadima 69dd72
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
Jan F. Chadima 69dd72
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
Jan F. Chadima 69dd72
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
Jan F. Chadima 69dd72
+ */
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+/*
Jan F. Chadima 69dd72
+ * Linux-specific portability code - prng support
Jan F. Chadima 69dd72
+ */
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+#include "includes.h"
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+#include <errno.h>
Jan F. Chadima 69dd72
+#include <stdarg.h>
Jan F. Chadima 69dd72
+#include <string.h>
Jan F. Chadima 69dd72
+#include <stdio.h>
Jan F. Chadima 69dd72
+#include <openssl/rand.h>
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+#include "log.h"
Jan F. Chadima 69dd72
+#include "xmalloc.h"
Petr Lautrbach 190035
+#include "misc.h"      /* servconf.h needs misc.h for struct ForwardOptions */
Jan F. Chadima 69dd72
+#include "servconf.h"
Jan F. Chadima 69dd72
+#include "port-linux.h"
Jan F. Chadima 69dd72
+#include "key.h"
Jan F. Chadima 69dd72
+#include "hostfile.h"
Jan F. Chadima 69dd72
+#include "auth.h"
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+void
Jan F. Chadima 69dd72
+linux_seed(void)
Jan F. Chadima 69dd72
+{
Jan F. Chadima 69dd72
+	char *env = getenv("SSH_USE_STRONG_RNG");
Jan F. Chadima 69dd72
+	char *random = "/dev/random";
Petr Lautrbach 190035
+	size_t len, ienv, randlen = 14;
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	if (!env || !strcmp(env, "0"))
Jan F. Chadima 69dd72
+		random = "/dev/urandom";
Petr Lautrbach 9acec0
+	else if ((ienv = atoi(env)) > randlen)
Jan F. Chadima 69dd72
+		randlen = ienv;
Jan F. Chadima 69dd72
+
Jan F. Chadima 69dd72
+	errno = 0;
Jan F. Chadima 69dd72
+	if ((len = RAND_load_file(random, randlen)) != randlen) {
Jan F. Chadima 69dd72
+		if (errno)
Jan F. Chadima 69dd72
+			fatal ("cannot read from %s, %s", random, strerror(errno));
Jan F. Chadima 69dd72
+		else
Jan F. Chadima 69dd72
+			fatal ("EOF reading %s", random);
Jan F. Chadima 69dd72
+	}
Jan F. Chadima 69dd72
+}
Petr Lautrbach 94c6f8
diff --git a/ssh-add.0 b/ssh-add.0
Petr Lautrbach 190035
index f16165a..17d22cf 100644
Petr Lautrbach 94c6f8
--- a/ssh-add.0
Petr Lautrbach 94c6f8
+++ b/ssh-add.0
Petr Lautrbach 8a29de
@@ -82,6 +82,16 @@ ENVIRONMENT
Petr Lautrbach 251c8d
              Identifies the path of a UNIX-domain socket used to communicate
Petr Lautrbach 251c8d
              with the agent.
Petr Lautrbach 251c8d
 
Petr Lautrbach 251c8d
+     SSH_USE_STRONG_RNG
Petr Lautrbach 251c8d
+             The reseeding of the OpenSSL random generator is usually done
Petr Lautrbach 251c8d
+             from /dev/urandom.  If the SSH_USE_STRONG_RNG environment vari-
Petr Lautrbach 251c8d
+             able is set to value other than 0 the OpenSSL random generator is
Petr Lautrbach 251c8d
+             reseeded from /dev/random.  The number of bytes read is defined
Petr Lautrbach 9acec0
+             by the SSH_USE_STRONG_RNG value.  Minimum is 14 bytes.  This set-
Petr Lautrbach 251c8d
+             ting is not recommended on the computers without the hardware
Petr Lautrbach 251c8d
+             random generator because insufficient entropy causes the connec-
Petr Lautrbach 251c8d
+             tion to be blocked until enough entropy is available.
Petr Lautrbach 251c8d
+
Petr Lautrbach 251c8d
 FILES
Petr Lautrbach 251c8d
      ~/.ssh/identity
Petr Lautrbach 251c8d
              Contains the protocol version 1 RSA authentication identity of
Petr Lautrbach 94c6f8
diff --git a/ssh-add.1 b/ssh-add.1
Petr Lautrbach 190035
index 04d1840..db883a4 100644
Petr Lautrbach 94c6f8
--- a/ssh-add.1
Petr Lautrbach 94c6f8
+++ b/ssh-add.1
Petr Lautrbach 190035
@@ -170,6 +170,20 @@ to make this work.)
Petr Lautrbach 251c8d
 Identifies the path of a
Petr Lautrbach 65ba94
 .Ux Ns -domain
Petr Lautrbach 65ba94
 socket used to communicate with the agent.
Petr Lautrbach 65ba94
+.It Ev SSH_USE_STRONG_RNG
Jan F. Chadima 69dd72
+The reseeding of the OpenSSL random generator is usually done from
Jan F. Chadima 69dd72
+.Cm /dev/urandom .
Jan F. Chadima 69dd72
+If the 
Jan F. Chadima 69dd72
+.Cm SSH_USE_STRONG_RNG
Jan F. Chadima 69dd72
+environment variable is set to value other than
Jan F. Chadima 69dd72
+.Cm 0
Jan F. Chadima 69dd72
+the OpenSSL random generator is reseeded from
Jan F. Chadima 69dd72
+.Cm /dev/random .
Jan F. Chadima 69dd72
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value. 
Petr Lautrbach 9acec0
+Minimum is 14 bytes.
Jan F. Chadima 69dd72
+This setting is not recommended on the computers without the hardware
Jan F. Chadima 69dd72
+random generator because insufficient entropy causes the connection to 
Jan F. Chadima 69dd72
+be blocked until enough entropy is available.
Petr Lautrbach 251c8d
 .El
Petr Lautrbach 65ba94
 .Sh FILES
Petr Lautrbach 65ba94
 .Bl -tag -width Ds
Petr Lautrbach 94c6f8
diff --git a/ssh-agent.1 b/ssh-agent.1
Petr Lautrbach 190035
index d7e791b..7332f0d 100644
Petr Lautrbach 94c6f8
--- a/ssh-agent.1
Petr Lautrbach 94c6f8
+++ b/ssh-agent.1
Petr Lautrbach 190035
@@ -189,6 +189,24 @@ sockets used to contain the connection to the authentication agent.
Petr Lautrbach 65ba94
 These sockets should only be readable by the owner.
Petr Lautrbach 65ba94
 The sockets should get automatically removed when the agent exits.
Jan F. Chadima 69dd72
 .El
Jan F. Chadima 69dd72
+.Sh ENVIRONMENT
Jan F. Chadima 69dd72
+.Bl -tag -width Ds -compact
Jan F. Chadima 69dd72
+.Pp
Jan F. Chadima 69dd72
+.It Pa SSH_USE_STRONG_RNG
Jan F. Chadima 69dd72
+The reseeding of the OpenSSL random generator is usually done from
Jan F. Chadima 69dd72
+.Cm /dev/urandom .
Jan F. Chadima 69dd72
+If the 
Jan F. Chadima 69dd72
+.Cm SSH_USE_STRONG_RNG
Jan F. Chadima 69dd72
+environment variable is set to value other than
Jan F. Chadima 69dd72
+.Cm 0
Jan F. Chadima 69dd72
+the OpenSSL random generator is reseeded from
Jan F. Chadima 69dd72
+.Cm /dev/random .
Jan F. Chadima 69dd72
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value. 
Petr Lautrbach 9acec0
+Minimum is 14 bytes.
Jan F. Chadima 69dd72
+This setting is not recommended on the computers without the hardware
Jan F. Chadima 69dd72
+random generator because insufficient entropy causes the connection to 
Jan F. Chadima 69dd72
+be blocked until enough entropy is available.
Jan F. Chadima 69dd72
+.El
Jan F. Chadima 69dd72
 .Sh SEE ALSO
Jan F. Chadima 69dd72
 .Xr ssh 1 ,
Jan F. Chadima 69dd72
 .Xr ssh-add 1 ,
Petr Lautrbach 94c6f8
diff --git a/ssh-keygen.1 b/ssh-keygen.1
Petr Lautrbach 190035
index 276dacc..a09d9b1 100644
Petr Lautrbach 94c6f8
--- a/ssh-keygen.1
Petr Lautrbach 94c6f8
+++ b/ssh-keygen.1
Petr Lautrbach 190035
@@ -841,6 +841,24 @@ Contains Diffie-Hellman groups used for DH-GEX.
Petr Lautrbach 94c6f8
 The file format is described in
Petr Lautrbach 94c6f8
 .Xr moduli 5 .
Jan F. Chadima 69dd72
 .El
Jan F. Chadima 69dd72
+.Sh ENVIRONMENT
Jan F. Chadima 69dd72
+.Bl -tag -width Ds -compact
Jan F. Chadima 69dd72
+.Pp
Jan F. Chadima 69dd72
+.It Pa SSH_USE_STRONG_RNG
Jan F. Chadima 69dd72
+The reseeding of the OpenSSL random generator is usually done from
Jan F. Chadima 69dd72
+.Cm /dev/urandom .
Jan F. Chadima 69dd72
+If the 
Jan F. Chadima 69dd72
+.Cm SSH_USE_STRONG_RNG
Jan F. Chadima 69dd72
+environment variable is set to value other than
Jan F. Chadima 69dd72
+.Cm 0
Jan F. Chadima 69dd72
+the OpenSSL random generator is reseeded from
Jan F. Chadima 69dd72
+.Cm /dev/random .
Jan F. Chadima 69dd72
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value. 
Petr Lautrbach 9acec0
+Minimum is 14 bytes.
Jan F. Chadima 69dd72
+This setting is not recommended on the computers without the hardware
Jan F. Chadima 69dd72
+random generator because insufficient entropy causes the connection to 
Jan F. Chadima 69dd72
+be blocked until enough entropy is available.
Jan F. Chadima 69dd72
+.El
Jan F. Chadima 69dd72
 .Sh SEE ALSO
Petr Lautrbach 94c6f8
 .Xr ssh 1 ,
Petr Lautrbach 94c6f8
 .Xr ssh-add 1 ,
Petr Lautrbach 94c6f8
diff --git a/ssh-keysign.8 b/ssh-keysign.8
Petr Lautrbach 94c6f8
index 69d0829..02d79f8 100644
Petr Lautrbach 94c6f8
--- a/ssh-keysign.8
Petr Lautrbach 94c6f8
+++ b/ssh-keysign.8
Petr Lautrbach 94c6f8
@@ -80,6 +80,24 @@ must be set-uid root if host-based authentication is used.
Petr Lautrbach 94c6f8
 If these files exist they are assumed to contain public certificate
Petr Lautrbach 94c6f8
 information corresponding with the private keys above.
Petr Lautrbach 65ba94
 .El
Jan F. Chadima 69dd72
+.Sh ENVIRONMENT
Jan F. Chadima 69dd72
+.Bl -tag -width Ds -compact
Petr Lautrbach 65ba94
+.Pp
Petr Lautrbach 65ba94
+.It Pa SSH_USE_STRONG_RNG
Jan F. Chadima 69dd72
+The reseeding of the OpenSSL random generator is usually done from
Jan F. Chadima 69dd72
+.Cm /dev/urandom .
Jan F. Chadima 69dd72
+If the 
Jan F. Chadima 69dd72
+.Cm SSH_USE_STRONG_RNG
Jan F. Chadima 69dd72
+environment variable is set to value other than
Jan F. Chadima 69dd72
+.Cm 0
Jan F. Chadima 69dd72
+the OpenSSL random generator is reseeded from
Jan F. Chadima 69dd72
+.Cm /dev/random .
Jan F. Chadima 69dd72
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value. 
Petr Lautrbach 9acec0
+Minimum is 14 bytes.
Jan F. Chadima 69dd72
+This setting is not recommended on the computers without the hardware
Jan F. Chadima 69dd72
+random generator because insufficient entropy causes the connection to 
Jan F. Chadima 69dd72
+be blocked until enough entropy is available.
Jan F. Chadima 69dd72
+.El
Petr Lautrbach 65ba94
 .Sh SEE ALSO
Petr Lautrbach 65ba94
 .Xr ssh 1 ,
Petr Lautrbach 94c6f8
 .Xr ssh-keygen 1 ,
Petr Lautrbach 94c6f8
diff --git a/ssh.1 b/ssh.1
Petr Lautrbach 190035
index 4a476c2..410a04a 100644
Petr Lautrbach 94c6f8
--- a/ssh.1
Petr Lautrbach 94c6f8
+++ b/ssh.1
Petr Lautrbach 190035
@@ -1299,6 +1299,23 @@ For more information, see the
Petr Lautrbach 94c6f8
 .Cm PermitUserEnvironment
Petr Lautrbach 94c6f8
 option in
Petr Lautrbach 94c6f8
 .Xr sshd_config 5 .
Jan F. Chadima 69dd72
+.Sh ENVIRONMENT
Jan F. Chadima 69dd72
+.Bl -tag -width Ds -compact
Petr Lautrbach 94c6f8
+.It Ev SSH_USE_STRONG_RNG
Jan F. Chadima 69dd72
+The reseeding of the OpenSSL random generator is usually done from
Jan F. Chadima 69dd72
+.Cm /dev/urandom .
Jan F. Chadima 69dd72
+If the 
Jan F. Chadima 69dd72
+.Cm SSH_USE_STRONG_RNG
Jan F. Chadima 69dd72
+environment variable is set to value other than
Jan F. Chadima 69dd72
+.Cm 0
Jan F. Chadima 69dd72
+the OpenSSL random generator is reseeded from
Jan F. Chadima 69dd72
+.Cm /dev/random .
Jan F. Chadima 69dd72
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value. 
Petr Lautrbach 9acec0
+Minimum is 14 bytes.
Jan F. Chadima 69dd72
+This setting is not recommended on the computers without the hardware
Jan F. Chadima 69dd72
+random generator because insufficient entropy causes the connection to 
Jan F. Chadima 69dd72
+be blocked until enough entropy is available.
Jan F. Chadima 69dd72
+.El
Petr Lautrbach 94c6f8
 .Sh FILES
Petr Lautrbach 94c6f8
 .Bl -tag -width Ds -compact
Petr Lautrbach 94c6f8
 .It Pa ~/.rhosts
Petr Lautrbach 94c6f8
diff --git a/sshd.8 b/sshd.8
Petr Lautrbach 190035
index cb866b5..adcaaf9 100644
Petr Lautrbach 94c6f8
--- a/sshd.8
Petr Lautrbach 94c6f8
+++ b/sshd.8
Petr Lautrbach 190035
@@ -945,6 +945,24 @@ concurrently for different ports, this contains the process ID of the one
Petr Lautrbach 94c6f8
 started last).
Petr Lautrbach 94c6f8
 The content of this file is not sensitive; it can be world-readable.
Petr Lautrbach 94c6f8
 .El
Petr Lautrbach 8a29de
+.Sh ENVIRONMENT
Petr Lautrbach 8a29de
+.Bl -tag -width Ds -compact
Petr Lautrbach 94c6f8
+.Pp
Petr Lautrbach 94c6f8
+.It Pa SSH_USE_STRONG_RNG
Petr Lautrbach 8a29de
+The reseeding of the OpenSSL random generator is usually done from
Petr Lautrbach 8a29de
+.Cm /dev/urandom .
Petr Lautrbach 8a29de
+If the 
Petr Lautrbach 8a29de
+.Cm SSH_USE_STRONG_RNG
Petr Lautrbach 8a29de
+environment variable is set to value other than
Petr Lautrbach 8a29de
+.Cm 0
Petr Lautrbach 8a29de
+the OpenSSL random generator is reseeded from
Petr Lautrbach 8a29de
+.Cm /dev/random .
Petr Lautrbach 8a29de
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value. 
Petr Lautrbach 9acec0
+Minimum is 14 bytes.
Petr Lautrbach 8a29de
+This setting is not recommended on the computers without the hardware
Petr Lautrbach 8a29de
+random generator because insufficient entropy causes the connection to 
Petr Lautrbach 8a29de
+be blocked until enough entropy is available.
Petr Lautrbach 8a29de
+.El
Petr Lautrbach 94c6f8
 .Sh IPV6
Petr Lautrbach 94c6f8
 IPv6 address can be used everywhere where IPv4 address. In all entries must be the IPv6 address enclosed in square brackets. Note: The square brackets are metacharacters for the shell and must be escaped in shell.
Petr Lautrbach 94c6f8
 .Sh SEE ALSO