Attachment #2073 for bug #1890

Lines 145-150 seed_rng(void) Link Here

(-)openssh-5.8p2/entropy.c.entropy (+3 lines)
145	memset(buf, '\0', sizeof(buf));	145	memset(buf, '\0', sizeof(buf));
146		146
147	#endif /* OPENSSL_PRNG_ONLY */	147	#endif /* OPENSSL_PRNG_ONLY */
		148	#ifdef __linux__
		149	linux_seed();
		150	#endif /* __linux__ */
148	if (RAND_status() != 1)	151	if (RAND_status() != 1)
149	fatal("PRNG is not seeded");	152	fatal("PRNG is not seeded");
150	}	153	}

Lines 20-26 OPENBSD=base64.o basename.o bindresvport Link Here

(-)openssh-5.8p2/openbsd-compat/Makefile.in.entropy (-1 / +1 lines)
20		20
21	COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o	21	COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
22		22
23	PORTS=port-aix.o port-irix.o port-linux.o port-solaris.o port-tun.o port-uw.o	23	PORTS=port-aix.o port-irix.o port-linux.o port-linux-prng.o port-solaris.o port-tun.o port-uw.o
24		24
25	.c.o:	25	.c.o:
26	$(CC) $(CFLAGS) $(CPPFLAGS) -c $<	26	$(CC) $(CFLAGS) $(CPPFLAGS) -c $<




/* $Id: port-linux.c,v 1.11.4.2 2011/02/04 00:43:08 djm Exp $ */

/*
 * Copyright (c) 2011 Jan F. Chadima <jchadima@redhat.com>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

/*
 * Linux-specific portability code - prng support
 */

#include "includes.h"

#include <errno.h>
#include <stdarg.h>
#include <string.h>
#include <stdio.h>
#include <openssl/rand.h>

#include "log.h"
#include "xmalloc.h"
#include "servconf.h"
#include "port-linux.h"
#include "key.h"
#include "hostfile.h"
#include "auth.h"

void
linux_seed(void)
{
	int len;
	char *env = getenv("SSH_USE_STRONG_RNG");
	char *random = "/dev/random";
	size_t ienv, randlen = 6;

	if (!env || !strcmp(env, "0"))
		random = "/dev/urandom";
	else if ((ienv = atoi(env)) > 6)
		randlen = ienv;

	errno = 0;
	if ((len = RAND_load_file(random, randlen)) != randlen) {
		if (errno)
			fatal ("cannot read from %s, %s", random, strerror(errno));
		else
			fatal ("EOF reading %s", random);
	}
}




.Cm PermitUserEnvironment
option in
.Xr sshd_config 5 .
.Sh ENVIRONMENT
.Bl -tag -width Ds -compact
.It Ev SSH_USE_STRONG_RNG
The reseeding of the OpenSSL random generator is usually done from
.Cm /dev/urandom .
If the 
.Cm SSH_USE_STRONG_RNG
environment variable is set to value other than
.Cm 0
the OpenSSL random generator is reseeded from
.Cm /dev/random .
The number of bytes read is defined by the SSH_USE_STRONG_RNG value. 
Minimum is 6 bytes.
This setting is not recommended on the computers without the hardware
random generator because insufficient entropy causes the connection to 
be blocked until enough entropy is available.
.El
.Sh FILES
.Bl -tag -width Ds -compact
.It Pa ~/.rhosts




.Ux Ns -domain
socket used to communicate with the agent.
.El
.It Ev SSH_USE_STRONG_RNG
The reseeding of the OpenSSL random generator is usually done from
.Cm /dev/urandom .
If the 
.Cm SSH_USE_STRONG_RNG
environment variable is set to value other than
.Cm 0
the OpenSSL random generator is reseeded from
.Cm /dev/random .
The number of bytes read is defined by the SSH_USE_STRONG_RNG value. 
Minimum is 6 bytes.
This setting is not recommended on the computers without the hardware
random generator because insufficient entropy causes the connection to 
be blocked until enough entropy is available.
.Sh FILES
.Bl -tag -width Ds
.It Pa ~/.ssh/identity




These sockets should only be readable by the owner.
The sockets should get automatically removed when the agent exits.
.El
.Sh ENVIRONMENT
.Bl -tag -width Ds -compact
.Pp
.It Pa SSH_USE_STRONG_RNG
The reseeding of the OpenSSL random generator is usually done from
.Cm /dev/urandom .
If the 
.Cm SSH_USE_STRONG_RNG
environment variable is set to value other than
.Cm 0
the OpenSSL random generator is reseeded from
.Cm /dev/random .
The number of bytes read is defined by the SSH_USE_STRONG_RNG value. 
Minimum is 6 bytes.
This setting is not recommended on the computers without the hardware
random generator because insufficient entropy causes the connection to 
be blocked until enough entropy is available.
.El
.Sh SEE ALSO
.Xr ssh 1 ,
.Xr ssh-add 1 ,




started last).
The content of this file is not sensitive; it can be world-readable.
.El
.Sh ENVIRONMENT
.Bl -tag -width Ds -compact
.Pp
.It Pa SSH_USE_STRONG_RNG
The reseeding of the OpenSSL random generator is usually done from
.Cm /dev/urandom .
If the 
.Cm SSH_USE_STRONG_RNG
environment variable is set to value other than
.Cm 0
the OpenSSL random generator is reseeded from
.Cm /dev/random .
The number of bytes read is defined by the SSH_USE_STRONG_RNG value. 
Minimum is 6 bytes.
This setting is not recommended on the computers without the hardware
random generator because insufficient entropy causes the connection to 
be blocked until enough entropy is available.
.El
.Sh SEE ALSO
.Xr scp 1 ,
.Xr sftp 1 ,




The file format is described in
.Xr moduli 5 .
.El
.Sh ENVIRONMENT
.Bl -tag -width Ds -compact
.Pp
.It Pa SSH_USE_STRONG_RNG
The reseeding of the OpenSSL random generator is usually done from
.Cm /dev/urandom .
If the 
.Cm SSH_USE_STRONG_RNG
environment variable is set to value other than
.Cm 0
the OpenSSL random generator is reseeded from
.Cm /dev/random .
The number of bytes read is defined by the SSH_USE_STRONG_RNG value. 
Minimum is 6 bytes.
This setting is not recommended on the computers without the hardware
random generator because insufficient entropy causes the connection to 
be blocked until enough entropy is available.
.El
.Sh SEE ALSO
.Xr ssh 1 ,
.Xr ssh-add 1 ,




If these files exist they are assumed to contain public certificate
information corresponding with the private keys above.
.El
.Sh ENVIRONMENT
.Bl -tag -width Ds -compact
.Pp
.It Pa SSH_USE_STRONG_RNG
The reseeding of the OpenSSL random generator is usually done from
.Cm /dev/urandom .
If the 
.Cm SSH_USE_STRONG_RNG
environment variable is set to value other than
.Cm 0
the OpenSSL random generator is reseeded from
.Cm /dev/random .
The number of bytes read is defined by the SSH_USE_STRONG_RNG value. 
Minimum is 6 bytes.
This setting is not recommended on the computers without the hardware
random generator because insufficient entropy causes the connection to 
be blocked until enough entropy is available.
.El
.Sh SEE ALSO
.Xr ssh 1 ,
.Xr ssh-keygen 1 ,

Return to bug 1890

Lines 1250-1255 For more information, see the Link Here

(-)openssh-5.8p2/ssh.1.entropy (+17 lines)
1250	.Cm PermitUserEnvironment	1250	.Cm PermitUserEnvironment
1251	option in	1251	option in
1252	.Xr sshd_config 5 .	1252	.Xr sshd_config 5 .
		1253	.Sh ENVIRONMENT
		1254	.Bl -tag -width Ds -compact
		1255	.It Ev SSH_USE_STRONG_RNG
		1256	The reseeding of the OpenSSL random generator is usually done from
		1257	.Cm /dev/urandom .
		1258	If the
		1259	.Cm SSH_USE_STRONG_RNG
		1260	environment variable is set to value other than
		1261	.Cm 0
		1262	the OpenSSL random generator is reseeded from
		1263	.Cm /dev/random .
		1264	The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
		1265	Minimum is 6 bytes.
		1266	This setting is not recommended on the computers without the hardware
		1267	random generator because insufficient entropy causes the connection to
		1268	be blocked until enough entropy is available.
		1269	.El
1253	.Sh FILES	1270	.Sh FILES
1254	.Bl -tag -width Ds -compact	1271	.Bl -tag -width Ds -compact
1255	.It Pa ~/.rhosts	1272	.It Pa ~/.rhosts

Lines 158-163 Identifies the path of a Link Here

(-)openssh-5.8p2/ssh-add.1.entropy (+14 lines)
158	.Ux Ns -domain	158	.Ux Ns -domain
159	socket used to communicate with the agent.	159	socket used to communicate with the agent.
160	.El	160	.El
		161	.It Ev SSH_USE_STRONG_RNG
		162	The reseeding of the OpenSSL random generator is usually done from
		163	.Cm /dev/urandom .
		164	If the
		165	.Cm SSH_USE_STRONG_RNG
		166	environment variable is set to value other than
		167	.Cm 0
		168	the OpenSSL random generator is reseeded from
		169	.Cm /dev/random .
		170	The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
		171	Minimum is 6 bytes.
		172	This setting is not recommended on the computers without the hardware
		173	random generator because insufficient entropy causes the connection to
		174	be blocked until enough entropy is available.
161	.Sh FILES	175	.Sh FILES
162	.Bl -tag -width Ds	176	.Bl -tag -width Ds
163	.It Pa ~/.ssh/identity	177	.It Pa ~/.ssh/identity

Lines 937-942 concurrently for different ports, this c Link Here

(-)openssh-5.8p2/sshd.8.entropy (+18 lines)
937	started last).	937	started last).
938	The content of this file is not sensitive; it can be world-readable.	938	The content of this file is not sensitive; it can be world-readable.
939	.El	939	.El
		940	.Sh ENVIRONMENT
		941	.Bl -tag -width Ds -compact
		942	.Pp
		943	.It Pa SSH_USE_STRONG_RNG
		944	The reseeding of the OpenSSL random generator is usually done from
		945	.Cm /dev/urandom .
		946	If the
		947	.Cm SSH_USE_STRONG_RNG
		948	environment variable is set to value other than
		949	.Cm 0
		950	the OpenSSL random generator is reseeded from
		951	.Cm /dev/random .
		952	The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
		953	Minimum is 6 bytes.
		954	This setting is not recommended on the computers without the hardware
		955	random generator because insufficient entropy causes the connection to
		956	be blocked until enough entropy is available.
		957	.El
940	.Sh SEE ALSO	958	.Sh SEE ALSO
941	.Xr scp 1 ,	959	.Xr scp 1 ,
942	.Xr sftp 1 ,	960	.Xr sftp 1 ,

Lines 655-660 Contains Diffie-Hellman groups used for Link Here

(-)openssh-5.8p2/ssh-keygen.1.entropy (+18 lines)
655	The file format is described in	655	The file format is described in
656	.Xr moduli 5 .	656	.Xr moduli 5 .
657	.El	657	.El
		658	.Sh ENVIRONMENT
		659	.Bl -tag -width Ds -compact
		660	.Pp
		661	.It Pa SSH_USE_STRONG_RNG
		662	The reseeding of the OpenSSL random generator is usually done from
		663	.Cm /dev/urandom .
		664	If the
		665	.Cm SSH_USE_STRONG_RNG
		666	environment variable is set to value other than
		667	.Cm 0
		668	the OpenSSL random generator is reseeded from
		669	.Cm /dev/random .
		670	The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
		671	Minimum is 6 bytes.
		672	This setting is not recommended on the computers without the hardware
		673	random generator because insufficient entropy causes the connection to
		674	be blocked until enough entropy is available.
		675	.El
658	.Sh SEE ALSO	676	.Sh SEE ALSO
659	.Xr ssh 1 ,	677	.Xr ssh 1 ,
660	.Xr ssh-add 1 ,	678	.Xr ssh-add 1 ,

Line 0 Link Here

(-)openssh-5.8p2/openbsd-compat/port-linux-prng.c.entropy (+59 lines)
	1	/* $Id: port-linux.c,v 1.11.4.2 2011/02/04 00:43:08 djm Exp $ */
	2
	3	/*
	4	* Copyright (c) 2011 Jan F. Chadima <jchadima@redhat.com>
	5	*
	6	* Permission to use, copy, modify, and distribute this software for any
	7	* purpose with or without fee is hereby granted, provided that the above
	8	* copyright notice and this permission notice appear in all copies.
	9	*
	10	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
	11	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
	12	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
	13	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
	14	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
	15	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
	16	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
	17	*/
	18
	19	/*
	20	* Linux-specific portability code - prng support
	21	*/
	22
	23	#include "includes.h"
	24
	25	#include <errno.h>
	26	#include <stdarg.h>
	27	#include <string.h>
	28	#include <stdio.h>
	29	#include <openssl/rand.h>
	30
	31	#include "log.h"
	32	#include "xmalloc.h"
	33	#include "servconf.h"
	34	#include "port-linux.h"
	35	#include "key.h"
	36	#include "hostfile.h"
	37	#include "auth.h"
	38
	39	void
	40	linux_seed(void)
	41	{
	42	int len;
	43	char *env = getenv("SSH_USE_STRONG_RNG");
	44	char *random = "/dev/random";
	45	size_t ienv, randlen = 6;
	46
	47	if (!env \|\| !strcmp(env, "0"))
	48	random = "/dev/urandom";
	49	else if ((ienv = atoi(env)) > 6)
	50	randlen = ienv;
	51
	52	errno = 0;
	53	if ((len = RAND_load_file(random, randlen)) != randlen) {
	54	if (errno)
	55	fatal ("cannot read from %s, %s", random, strerror(errno));
	56	else
	57	fatal ("EOF reading %s", random);
	58	}
	59	}

Lines 198-203 sockets used to contain the connection t Link Here

(-)openssh-5.8p2/ssh-agent.1.entropy (+18 lines)
198	These sockets should only be readable by the owner.	198	These sockets should only be readable by the owner.
199	The sockets should get automatically removed when the agent exits.	199	The sockets should get automatically removed when the agent exits.
200	.El	200	.El
		201	.Sh ENVIRONMENT
		202	.Bl -tag -width Ds -compact
		203	.Pp
		204	.It Pa SSH_USE_STRONG_RNG
		205	The reseeding of the OpenSSL random generator is usually done from
		206	.Cm /dev/urandom .
		207	If the
		208	.Cm SSH_USE_STRONG_RNG
		209	environment variable is set to value other than
		210	.Cm 0
		211	the OpenSSL random generator is reseeded from
		212	.Cm /dev/random .
		213	The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
		214	Minimum is 6 bytes.
		215	This setting is not recommended on the computers without the hardware
		216	random generator because insufficient entropy causes the connection to
		217	be blocked until enough entropy is available.
		218	.El
201	.Sh SEE ALSO	219	.Sh SEE ALSO
202	.Xr ssh 1 ,	220	.Xr ssh 1 ,
203	.Xr ssh-add 1 ,	221	.Xr ssh-add 1 ,

Lines 78-83 must be set-uid root if host-based authe Link Here

(-)openssh-5.8p2/ssh-keysign.8.entropy (+18 lines)
78	If these files exist they are assumed to contain public certificate	78	If these files exist they are assumed to contain public certificate
79	information corresponding with the private keys above.	79	information corresponding with the private keys above.
80	.El	80	.El
		81	.Sh ENVIRONMENT
		82	.Bl -tag -width Ds -compact
		83	.Pp
		84	.It Pa SSH_USE_STRONG_RNG
		85	The reseeding of the OpenSSL random generator is usually done from
		86	.Cm /dev/urandom .
		87	If the
		88	.Cm SSH_USE_STRONG_RNG
		89	environment variable is set to value other than
		90	.Cm 0
		91	the OpenSSL random generator is reseeded from
		92	.Cm /dev/random .
		93	The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
		94	Minimum is 6 bytes.
		95	This setting is not recommended on the computers without the hardware
		96	random generator because insufficient entropy causes the connection to
		97	be blocked until enough entropy is available.
		98	.El
81	.Sh SEE ALSO	99	.Sh SEE ALSO
82	.Xr ssh 1 ,	100	.Xr ssh 1 ,
83	.Xr ssh-keygen 1 ,	101	.Xr ssh-keygen 1 ,