Attachment #3336 for bug #3082




}

static inline void
_rs_random_buf(void *_buf, size_t n, int restir)
{
	u_char *buf = (u_char *)_buf;
	size_t m;

	if (restir) _rs_stir_if_needed(n);
	while (n > 0) {
		if (rs_have > 0) {
			m = MIN(n, rs_have);

	_ARC4_UNLOCK();
}

void
arc4random_set(void *buf, size_t n)
{
	_rs_init(buf, n);
	rs_have = 0;
	memset(rs_buf, 0, RSBUFSZ);
	rs_count = 1600000;
}

int
arc4random_buf_det(const void *buf, int n)
{
	_rs_random_buf((void *)buf, n, FALSE);
	return 1;
}

u_int32_t
arc4random(void)
{

arc4random_buf(void *buf, size_t n)
{
	_ARC4_LOCK();
	_rs_random_buf(buf, n, TRUE);
	_ARC4_UNLOCK();
}
# endif /* !HAVE_ARC4RANDOM_BUF */

Lines 218-223 void arc4random_buf(void *, size_t); Link Here

(-)openssh-8.1p1/openbsd-compat/openbsd-compat.h (+5 lines)
218	u_int32_t arc4random_uniform(u_int32_t);	218	u_int32_t arc4random_uniform(u_int32_t);
219	#endif	219	#endif
220		220
		221	#ifndef HAVE_ARC4RANDOM_SET
		222	void arc4random_set(void *buf, size_t n);
		223	#endif
		224	int arc4random_buf_det(const void *buf, int n);
		225
221	#ifndef HAVE_ASPRINTF	226	#ifndef HAVE_ASPRINTF
222	int asprintf(char *, const char , ...);	227	int asprintf(char *, const char , ...);
223	#endif	228	#endif

Lines 49-54 Link Here

(-)openssh-8.1p1/ssh-keygen.1 (+3 lines)
49	.Op Fl f Ar output_keyfile	49	.Op Fl f Ar output_keyfile
50	.Op Fl m Ar format	50	.Op Fl m Ar format
51	.Op Fl N Ar new_passphrase	51	.Op Fl N Ar new_passphrase
		52	.Op Fl d Ar data
52	.Op Fl t Cm dsa \| ecdsa \| ed25519 \| rsa	53	.Op Fl t Cm dsa \| ecdsa \| ed25519 \| rsa
53	.Nm ssh-keygen	54	.Nm ssh-keygen
54	.Fl p	55	.Fl p
Lines 291-296 Provides a new comment. Link Here
291	Requests changing the comment in the private and public key files.	292	Requests changing the comment in the private and public key files.
292	The program will prompt for the file containing the private keys, for	293	The program will prompt for the file containing the private keys, for
293	the passphrase if the key has one, and for the new comment.	294	the passphrase if the key has one, and for the new comment.
		295	.It Fl d Ar data
		296	Derive the generated key from the given data deterministically.
294	.It Fl D Ar pkcs11	297	.It Fl D Ar pkcs11
295	Download the public keys provided by the PKCS#11 shared library	298	Download the public keys provided by the PKCS#11 shared library
296	.Ar pkcs11 .	299	.Ar pkcs11 .




#ifdef WITH_OPENSSL
#include <openssl/evp.h>
#include <openssl/pem.h>
#include <openssl/rand.h>
#include "openbsd-compat/openssl-compat.h"
#endif


#include "utf8.h"
#include "authfd.h"
#include "sshsig.h"
#include "crypto_api.h"

#ifdef WITH_OPENSSL
# define DEFAULT_KEY_TYPE_NAME "rsa"

int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *);
int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *, unsigned long,
    unsigned long);

static int ssl_arc4_seed(const void *buf, int n)
{
	arc4random_set((void *)buf, n);
	return 1;
}
static void ssl_arc4_cleanup(void) {}
static int  ssl_arc4_add(const void *buf, int n, double randomness) { return 1; }
static int  ssl_arc4_status(void) { return 1; }
RAND_METHOD ssl_arc4_meth = {
	.seed = ssl_arc4_seed,
	.bytes = arc4random_buf_det,
	.cleanup = ssl_arc4_cleanup,
	.add = ssl_arc4_add,
	.pseudorand = arc4random_buf_det,
	.status = ssl_arc4_status
};
RAND_METHOD *RAND_arc4() { return &ssl_arc4_meth; }
#endif

static void

{
	char dotsshdir[PATH_MAX], comment[1024], *passphrase1, *passphrase2;
	char *rr_hostname = NULL, *ep, *fp, *ra;
	char *derive_from = NULL;
	struct sshkey *private, *public;
	struct passwd *pw;
	struct stat st;


	__progname = ssh_get_progname(argv[0]);

	seed_rng();

	log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);

	msetlocale();

	if (gethostname(hostname, sizeof(hostname)) == -1)
		fatal("gethostname: %s", strerror(errno));

	/* Remaining characters: w */
	while ((opt = getopt(argc, argv, "ABHLQUXceghiklopquvxy"
	    "C:D:E:F:G:I:J:K:M:N:O:P:R:S:T:V:W:Y:Z:"
	    "a:b:d:f:g:j:m:n:r:s:t:z:")) != -1) {
		switch (opt) {
		case 'A':
			gen_all_hostkeys = 1;

				fatal("Bits has bad value %s (%s)",
					optarg, errstr);
			break;
		case 'd':
			derive_from = optarg;
			break;
		case 'E':
			fingerprint_hash = ssh_digest_alg_by_name(optarg);
			if (fingerprint_hash == -1)

		/* NOTREACHED */
	}

	if (derive_from) {
		unsigned char hbuf[64];
		crypto_hash_sha512(hbuf, derive_from, strlen(derive_from));
#ifdef WITH_OPENSSL
		RAND_set_rand_method(RAND_arc4());
		RAND_seed(hbuf, sizeof(hbuf));
#else
		arc4random_set(hbuf, sizeof(hbuf));
#endif
	} else {
		seed_rng();
	}

	if (ca_key_path != NULL) {
		if (argc < 1 && !gen_krl) {
			error("Too few arguments.");

Return to bug 3082

Lines 175-186 _rs_rekey(u_char *dat, size_t datlen) Link Here

(-)openssh-8.1p1/openbsd-compat/arc4random.c (-3 / +19 lines)
175	}	175	}
176		176
177	static inline void	177	static inline void
178	_rs_random_buf(void *_buf, size_t n)	178	_rs_random_buf(void *_buf, size_t n, int restir)
179	{	179	{
180	u_char buf = (u_char )_buf;	180	u_char buf = (u_char )_buf;
181	size_t m;	181	size_t m;
182		182
183	_rs_stir_if_needed(n);	183	if (restir) _rs_stir_if_needed(n);
184	while (n > 0) {	184	while (n > 0) {
185	if (rs_have > 0) {	185	if (rs_have > 0) {
186	m = MIN(n, rs_have);	186	m = MIN(n, rs_have);
Lines 232-237 arc4random_addrandom(u_char *dat, int da Link Here
232	_ARC4_UNLOCK();	232	_ARC4_UNLOCK();
233	}	233	}
234		234
		235	void
		236	arc4random_set(void *buf, size_t n)
		237	{
		238	_rs_init(buf, n);
		239	rs_have = 0;
		240	memset(rs_buf, 0, RSBUFSZ);
		241	rs_count = 1600000;
		242	}
		243
		244	int
		245	arc4random_buf_det(const void *buf, int n)
		246	{
		247	_rs_random_buf((void *)buf, n, FALSE);
		248	return 1;
		249	}
		250
235	u_int32_t	251	u_int32_t
236	arc4random(void)	252	arc4random(void)
237	{	253	{
Lines 252-258 void Link Here
252	arc4random_buf(void *buf, size_t n)	268	arc4random_buf(void *buf, size_t n)
253	{	269	{
254	_ARC4_LOCK();	270	_ARC4_LOCK();
255	_rs_random_buf(buf, n);	271	_rs_random_buf(buf, n, TRUE);
256	_ARC4_UNLOCK();	272	_ARC4_UNLOCK();
257	}	273	}
258	# endif /* !HAVE_ARC4RANDOM_BUF */	274	# endif /* !HAVE_ARC4RANDOM_BUF */

Lines 21-26 Link Here

(-)openssh-8.1p1/ssh-keygen.c (-4 / +39 lines)
21	#ifdef WITH_OPENSSL	21	#ifdef WITH_OPENSSL
22	#include <openssl/evp.h>	22	#include <openssl/evp.h>
23	#include <openssl/pem.h>	23	#include <openssl/pem.h>
		24	#include <openssl/rand.h>
24	#include "openbsd-compat/openssl-compat.h"	25	#include "openbsd-compat/openssl-compat.h"
25	#endif	26	#endif
26		27
Lines 63-68 Link Here
63	#include "utf8.h"	64	#include "utf8.h"
64	#include "authfd.h"	65	#include "authfd.h"
65	#include "sshsig.h"	66	#include "sshsig.h"
		67	#include "crypto_api.h"
66		68
67	#ifdef WITH_OPENSSL	69	#ifdef WITH_OPENSSL
68	# define DEFAULT_KEY_TYPE_NAME "rsa"	70	# define DEFAULT_KEY_TYPE_NAME "rsa"
Lines 172-177 static char hostname[NI_MAXHOST]; Link Here
172	int gen_candidates(FILE , u_int32_t, u_int32_t, BIGNUM );	174	int gen_candidates(FILE , u_int32_t, u_int32_t, BIGNUM );
173	int prime_test(FILE , FILE , u_int32_t, u_int32_t, char *, unsigned long,	175	int prime_test(FILE , FILE , u_int32_t, u_int32_t, char *, unsigned long,
174	unsigned long);	176	unsigned long);
		177
		178	static int ssl_arc4_seed(const void *buf, int n)
		179	{
		180	arc4random_set((void *)buf, n);
		181	return 1;
		182	}
		183	static void ssl_arc4_cleanup(void) {}
		184	static int ssl_arc4_add(const void *buf, int n, double randomness) { return 1; }
		185	static int ssl_arc4_status(void) { return 1; }
		186	RAND_METHOD ssl_arc4_meth = {
		187	.seed = ssl_arc4_seed,
		188	.bytes = arc4random_buf_det,
		189	.cleanup = ssl_arc4_cleanup,
		190	.add = ssl_arc4_add,
		191	.pseudorand = arc4random_buf_det,
		192	.status = ssl_arc4_status
		193	};
		194	RAND_METHOD *RAND_arc4() { return &ssl_arc4_meth; }
175	#endif	195	#endif
176		196
177	static void	197	static void
Lines 2757-2762 main(int argc, char **argv) Link Here
2757	{	2777	{
2758	char dotsshdir[PATH_MAX], comment[1024], passphrase1, passphrase2;	2778	char dotsshdir[PATH_MAX], comment[1024], passphrase1, passphrase2;
2759	char rr_hostname = NULL, ep, fp, ra;	2779	char rr_hostname = NULL, ep, fp, ra;
		2780	char *derive_from = NULL;
2760	struct sshkey private, public;	2781	struct sshkey private, public;
2761	struct passwd *pw;	2782	struct passwd *pw;
2762	struct stat st;	2783	struct stat st;
Lines 2790-2797 main(int argc, char **argv) Link Here
2790		2811
2791	__progname = ssh_get_progname(argv[0]);	2812	__progname = ssh_get_progname(argv[0]);
2792		2813
2793	seed_rng();
2794
2795	log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);	2814	log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);
2796		2815
2797	msetlocale();	2816	msetlocale();
Lines 2803-2812 main(int argc, char **argv) Link Here
2803	if (gethostname(hostname, sizeof(hostname)) == -1)	2822	if (gethostname(hostname, sizeof(hostname)) == -1)
2804	fatal("gethostname: %s", strerror(errno));	2823	fatal("gethostname: %s", strerror(errno));
2805		2824
2806	/* Remaining characters: dw */	2825	/* Remaining characters: w */
2807	while ((opt = getopt(argc, argv, "ABHLQUXceghiklopquvxy"	2826	while ((opt = getopt(argc, argv, "ABHLQUXceghiklopquvxy"
2808	"C:D:E:F:G:I:J:K:M:N:O:P:R:S:T:V:W:Y:Z:"	2827	"C:D:E:F:G:I:J:K:M:N:O:P:R:S:T:V:W:Y:Z:"
2809	"a:b:f:g:j:m:n:r:s:t:z:")) != -1) {	2828	"a:b:d:f:g:j:m:n:r:s:t:z:")) != -1) {
2810	switch (opt) {	2829	switch (opt) {
2811	case 'A':	2830	case 'A':
2812	gen_all_hostkeys = 1;	2831	gen_all_hostkeys = 1;
Lines 2818-2823 main(int argc, char **argv) Link Here
2818	fatal("Bits has bad value %s (%s)",	2837	fatal("Bits has bad value %s (%s)",
2819	optarg, errstr);	2838	optarg, errstr);
2820	break;	2839	break;
		2840	case 'd':
		2841	derive_from = optarg;
		2842	break;
2821	case 'E':	2843	case 'E':
2822	fingerprint_hash = ssh_digest_alg_by_name(optarg);	2844	fingerprint_hash = ssh_digest_alg_by_name(optarg);
2823	if (fingerprint_hash == -1)	2845	if (fingerprint_hash == -1)
Lines 3075-3080 main(int argc, char **argv) Link Here
3075	/* NOTREACHED */	3097	/* NOTREACHED */
3076	}	3098	}
3077		3099
		3100	if (derive_from) {
		3101	unsigned char hbuf[64];
		3102	crypto_hash_sha512(hbuf, derive_from, strlen(derive_from));
		3103	#ifdef WITH_OPENSSL
		3104	RAND_set_rand_method(RAND_arc4());
		3105	RAND_seed(hbuf, sizeof(hbuf));
		3106	#else
		3107	arc4random_set(hbuf, sizeof(hbuf));
		3108	#endif
		3109	} else {
		3110	seed_rng();
		3111	}
		3112
3078	if (ca_key_path != NULL) {	3113	if (ca_key_path != NULL) {
3079	if (argc < 1 && !gen_krl) {	3114	if (argc < 1 && !gen_krl) {
3080	error("Too few arguments.");	3115	error("Too few arguments.");