View | Details | Raw Unified | Return to bug 1890 | Differences between
and this patch

Collapse All | Expand All

(-)openssh-5.8p2/entropy.c.entropy (+3 lines)
Lines 145-150 seed_rng(void) Link Here
145
	memset(buf, '\0', sizeof(buf));
145
	memset(buf, '\0', sizeof(buf));
146
146
147
#endif /* OPENSSL_PRNG_ONLY */
147
#endif /* OPENSSL_PRNG_ONLY */
148
#ifdef __linux__
149
	linux_seed();
150
#endif /* __linux__ */
148
	if (RAND_status() != 1)
151
	if (RAND_status() != 1)
149
		fatal("PRNG is not seeded");
152
		fatal("PRNG is not seeded");
150
}
153
}
(-)openssh-5.8p2/openbsd-compat/Makefile.in.entropy (-1 / +1 lines)
Lines 20-26 OPENBSD=base64.o basename.o bindresvport Link Here
20
20
21
COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
21
COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
22
22
23
PORTS=port-aix.o port-irix.o port-linux.o port-solaris.o port-tun.o port-uw.o
23
PORTS=port-aix.o port-irix.o port-linux.o port-linux-prng.o port-solaris.o port-tun.o port-uw.o
24
24
25
.c.o:
25
.c.o:
26
	$(CC) $(CFLAGS) $(CPPFLAGS) -c $<
26
	$(CC) $(CFLAGS) $(CPPFLAGS) -c $<
(-)openssh-5.8p2/openbsd-compat/port-linux-prng.c.entropy (+59 lines)
Line 0 Link Here
1
/* $Id: port-linux.c,v 1.11.4.2 2011/02/04 00:43:08 djm Exp $ */
2
3
/*
4
 * Copyright (c) 2011 Jan F. Chadima <jchadima@redhat.com>
5
 *
6
 * Permission to use, copy, modify, and distribute this software for any
7
 * purpose with or without fee is hereby granted, provided that the above
8
 * copyright notice and this permission notice appear in all copies.
9
 *
10
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
 */
18
19
/*
20
 * Linux-specific portability code - prng support
21
 */
22
23
#include "includes.h"
24
25
#include <errno.h>
26
#include <stdarg.h>
27
#include <string.h>
28
#include <stdio.h>
29
#include <openssl/rand.h>
30
31
#include "log.h"
32
#include "xmalloc.h"
33
#include "servconf.h"
34
#include "port-linux.h"
35
#include "key.h"
36
#include "hostfile.h"
37
#include "auth.h"
38
39
void
40
linux_seed(void)
41
{
42
	int len;
43
	char *env = getenv("SSH_USE_STRONG_RNG");
44
	char *random = "/dev/random";
45
	size_t ienv, randlen = 6;
46
47
	if (!env || !strcmp(env, "0"))
48
		random = "/dev/urandom";
49
	else if ((ienv = atoi(env)) > 6)
50
		randlen = ienv;
51
52
	errno = 0;
53
	if ((len = RAND_load_file(random, randlen)) != randlen) {
54
		if (errno)
55
			fatal ("cannot read from %s, %s", random, strerror(errno));
56
		else
57
			fatal ("EOF reading %s", random);
58
	}
59
}
(-)openssh-5.8p2/ssh.1.entropy (+17 lines)
Lines 1250-1255 For more information, see the Link Here
1250
.Cm PermitUserEnvironment
1250
.Cm PermitUserEnvironment
1251
option in
1251
option in
1252
.Xr sshd_config 5 .
1252
.Xr sshd_config 5 .
1253
.Sh ENVIRONMENT
1254
.Bl -tag -width Ds -compact
1255
.It Ev SSH_USE_STRONG_RNG
1256
The reseeding of the OpenSSL random generator is usually done from
1257
.Cm /dev/urandom .
1258
If the 
1259
.Cm SSH_USE_STRONG_RNG
1260
environment variable is set to value other than
1261
.Cm 0
1262
the OpenSSL random generator is reseeded from
1263
.Cm /dev/random .
1264
The number of bytes read is defined by the SSH_USE_STRONG_RNG value. 
1265
Minimum is 6 bytes.
1266
This setting is not recommended on the computers without the hardware
1267
random generator because insufficient entropy causes the connection to 
1268
be blocked until enough entropy is available.
1269
.El
1253
.Sh FILES
1270
.Sh FILES
1254
.Bl -tag -width Ds -compact
1271
.Bl -tag -width Ds -compact
1255
.It Pa ~/.rhosts
1272
.It Pa ~/.rhosts
(-)openssh-5.8p2/ssh-add.1.entropy (+14 lines)
Lines 158-163 Identifies the path of a Link Here
158
.Ux Ns -domain
158
.Ux Ns -domain
159
socket used to communicate with the agent.
159
socket used to communicate with the agent.
160
.El
160
.El
161
.It Ev SSH_USE_STRONG_RNG
162
The reseeding of the OpenSSL random generator is usually done from
163
.Cm /dev/urandom .
164
If the 
165
.Cm SSH_USE_STRONG_RNG
166
environment variable is set to value other than
167
.Cm 0
168
the OpenSSL random generator is reseeded from
169
.Cm /dev/random .
170
The number of bytes read is defined by the SSH_USE_STRONG_RNG value. 
171
Minimum is 6 bytes.
172
This setting is not recommended on the computers without the hardware
173
random generator because insufficient entropy causes the connection to 
174
be blocked until enough entropy is available.
161
.Sh FILES
175
.Sh FILES
162
.Bl -tag -width Ds
176
.Bl -tag -width Ds
163
.It Pa ~/.ssh/identity
177
.It Pa ~/.ssh/identity
(-)openssh-5.8p2/ssh-agent.1.entropy (+18 lines)
Lines 198-203 sockets used to contain the connection t Link Here
198
These sockets should only be readable by the owner.
198
These sockets should only be readable by the owner.
199
The sockets should get automatically removed when the agent exits.
199
The sockets should get automatically removed when the agent exits.
200
.El
200
.El
201
.Sh ENVIRONMENT
202
.Bl -tag -width Ds -compact
203
.Pp
204
.It Pa SSH_USE_STRONG_RNG
205
The reseeding of the OpenSSL random generator is usually done from
206
.Cm /dev/urandom .
207
If the 
208
.Cm SSH_USE_STRONG_RNG
209
environment variable is set to value other than
210
.Cm 0
211
the OpenSSL random generator is reseeded from
212
.Cm /dev/random .
213
The number of bytes read is defined by the SSH_USE_STRONG_RNG value. 
214
Minimum is 6 bytes.
215
This setting is not recommended on the computers without the hardware
216
random generator because insufficient entropy causes the connection to 
217
be blocked until enough entropy is available.
218
.El
201
.Sh SEE ALSO
219
.Sh SEE ALSO
202
.Xr ssh 1 ,
220
.Xr ssh 1 ,
203
.Xr ssh-add 1 ,
221
.Xr ssh-add 1 ,
(-)openssh-5.8p2/sshd.8.entropy (+18 lines)
Lines 937-942 concurrently for different ports, this c Link Here
937
started last).
937
started last).
938
The content of this file is not sensitive; it can be world-readable.
938
The content of this file is not sensitive; it can be world-readable.
939
.El
939
.El
940
.Sh ENVIRONMENT
941
.Bl -tag -width Ds -compact
942
.Pp
943
.It Pa SSH_USE_STRONG_RNG
944
The reseeding of the OpenSSL random generator is usually done from
945
.Cm /dev/urandom .
946
If the 
947
.Cm SSH_USE_STRONG_RNG
948
environment variable is set to value other than
949
.Cm 0
950
the OpenSSL random generator is reseeded from
951
.Cm /dev/random .
952
The number of bytes read is defined by the SSH_USE_STRONG_RNG value. 
953
Minimum is 6 bytes.
954
This setting is not recommended on the computers without the hardware
955
random generator because insufficient entropy causes the connection to 
956
be blocked until enough entropy is available.
957
.El
940
.Sh SEE ALSO
958
.Sh SEE ALSO
941
.Xr scp 1 ,
959
.Xr scp 1 ,
942
.Xr sftp 1 ,
960
.Xr sftp 1 ,
(-)openssh-5.8p2/ssh-keygen.1.entropy (+18 lines)
Lines 655-660 Contains Diffie-Hellman groups used for Link Here
655
The file format is described in
655
The file format is described in
656
.Xr moduli 5 .
656
.Xr moduli 5 .
657
.El
657
.El
658
.Sh ENVIRONMENT
659
.Bl -tag -width Ds -compact
660
.Pp
661
.It Pa SSH_USE_STRONG_RNG
662
The reseeding of the OpenSSL random generator is usually done from
663
.Cm /dev/urandom .
664
If the 
665
.Cm SSH_USE_STRONG_RNG
666
environment variable is set to value other than
667
.Cm 0
668
the OpenSSL random generator is reseeded from
669
.Cm /dev/random .
670
The number of bytes read is defined by the SSH_USE_STRONG_RNG value. 
671
Minimum is 6 bytes.
672
This setting is not recommended on the computers without the hardware
673
random generator because insufficient entropy causes the connection to 
674
be blocked until enough entropy is available.
675
.El
658
.Sh SEE ALSO
676
.Sh SEE ALSO
659
.Xr ssh 1 ,
677
.Xr ssh 1 ,
660
.Xr ssh-add 1 ,
678
.Xr ssh-add 1 ,
(-)openssh-5.8p2/ssh-keysign.8.entropy (+18 lines)
Lines 78-83 must be set-uid root if host-based authe Link Here
78
If these files exist they are assumed to contain public certificate
78
If these files exist they are assumed to contain public certificate
79
information corresponding with the private keys above.
79
information corresponding with the private keys above.
80
.El
80
.El
81
.Sh ENVIRONMENT
82
.Bl -tag -width Ds -compact
83
.Pp
84
.It Pa SSH_USE_STRONG_RNG
85
The reseeding of the OpenSSL random generator is usually done from
86
.Cm /dev/urandom .
87
If the 
88
.Cm SSH_USE_STRONG_RNG
89
environment variable is set to value other than
90
.Cm 0
91
the OpenSSL random generator is reseeded from
92
.Cm /dev/random .
93
The number of bytes read is defined by the SSH_USE_STRONG_RNG value. 
94
Minimum is 6 bytes.
95
This setting is not recommended on the computers without the hardware
96
random generator because insufficient entropy causes the connection to 
97
be blocked until enough entropy is available.
98
.El
81
.Sh SEE ALSO
99
.Sh SEE ALSO
82
.Xr ssh 1 ,
100
.Xr ssh 1 ,
83
.Xr ssh-keygen 1 ,
101
.Xr ssh-keygen 1 ,

Return to bug 1890