Bugzilla – Attachment 373 Details for
Bug 630
built-in ssh-rand-helper
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
This patch modifies ssh-rand-helper source, so that you can link randomness code staticly, like OpenSSH 3.0.2p1 used to do as only option.
rand-helper.patch (text/plain), 9.96 KB, created by
Antti Tapaninen
on 2003-08-26 02:59:15 AEST
(
hide
)
Description:
This patch modifies ssh-rand-helper source, so that you can link randomness code staticly, like OpenSSH 3.0.2p1 used to do as only option.
Filename:
MIME Type:
Creator:
Antti Tapaninen
Created:
2003-08-26 02:59:15 AEST
Size:
9.96 KB
patch
obsolete
>Index: Makefile.in >=================================================================== >RCS file: /cvs/openssh/Makefile.in,v >retrieving revision 1.240 >diff -u -r1.240 Makefile.in >--- Makefile.in 2 Aug 2003 13:51:38 -0000 1.240 >+++ Makefile.in 25 Aug 2003 16:30:27 -0000 >@@ -56,9 +56,9 @@ > EXEEXT=@EXEEXT@ > > INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@ >-INSTALL_SSH_RAND_HELPER=@INSTALL_SSH_RAND_HELPER@ > >-TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) ssh-rand-helper${EXEEXT} sftp-server$(EXEEXT) sftp$(EXEEXT) >+@NO_SSH_RAND_HELPER@RAND_HELPER_PROG=ssh-rand-helper${EXEEXT} >+TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) $(RAND_HELPER_PROG) sftp-server$(EXEEXT) sftp$(EXEEXT) > > LIBSSH_OBJS=authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o \ > cipher.o cipher-aes.o cipher-bf1.o cipher-ctr.o cipher-3des1.o \ >@@ -68,7 +68,7 @@ > key.o dispatch.o kex.o mac.o uuencode.o misc.o \ > rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o kexgex.o \ > kexdhc.o kexgexc.o scard.o msg.o progressmeter.o dns.o \ >- entropy.o scard-opensc.o >+ entropy.o scard-opensc.o @SSH_RAND_HELPER_OBJ@ > > SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \ > sshconnect.o sshconnect1.o sshconnect2.o >@@ -248,9 +248,7 @@ > $(INSTALL) -m 0755 $(STRIP_OPT) ssh-keygen $(DESTDIR)$(bindir)/ssh-keygen > $(INSTALL) -m 0755 $(STRIP_OPT) ssh-keyscan $(DESTDIR)$(bindir)/ssh-keyscan > $(INSTALL) -m 0755 $(STRIP_OPT) sshd $(DESTDIR)$(sbindir)/sshd >- if test ! -z "$(INSTALL_SSH_RAND_HELPER)" ; then \ >- $(INSTALL) -m 0755 $(STRIP_OPT) ssh-rand-helper $(DESTDIR)$(libexecdir)/ssh-rand-helper ; \ >- fi >+ @NO_SSH_RAND_HELPER@$(INSTALL) -m 0755 $(STRIP_OPT) ssh-rand-helper $(DESTDIR)$(libexecdir)/ssh-rand-helper > $(INSTALL) -m 4711 $(STRIP_OPT) ssh-keysign $(DESTDIR)$(SSH_KEYSIGN) > $(INSTALL) -m 0755 $(STRIP_OPT) sftp $(DESTDIR)$(bindir)/sftp > $(INSTALL) -m 0755 $(STRIP_OPT) sftp-server $(DESTDIR)$(SFTP_SERVER) >@@ -263,9 +261,7 @@ > $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5 > $(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5 > $(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8 >- if [ ! -z "$(INSTALL_SSH_RAND_HELPER)" ]; then \ >- $(INSTALL) -m 644 ssh-rand-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-rand-helper.8 ; \ >- fi >+ @NO_SSH_RAND_HELPER@$(INSTALL) -m 644 ssh-rand-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-rand-helper.8 > $(INSTALL) -m 644 sftp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1 > $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 > $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8 >Index: configure.ac >=================================================================== >RCS file: /cvs/openssh/configure.ac,v >retrieving revision 1.142 >diff -u -r1.142 configure.ac >--- configure.ac 25 Aug 2003 03:27:40 -0000 1.142 >+++ configure.ac 25 Aug 2003 16:30:27 -0000 >@@ -1049,18 +1049,31 @@ > ], > ) > >+AC_ARG_ENABLE(static-rand-helper, >+AC_HELP_STRING([--enable-static-rand-helper],[ enable static linking of ssh-rand-helper instead of external subprocess (default=no)])) >+ >+NO_SSH_RAND_HELPER="#" >+SSH_RAND_HELPER_OBJ="" >+ > # Which randomness source do we use? > if test ! -z "$OPENSSL_SEEDS_ITSELF" -a -z "$USE_RAND_HELPER" ; then > # OpenSSL only > AC_DEFINE(OPENSSL_PRNG_ONLY) > RAND_MSG="OpenSSL internal ONLY" >- INSTALL_SSH_RAND_HELPER="" > elif test ! -z "$USE_RAND_HELPER" ; then >- # install rand helper >- RAND_MSG="ssh-rand-helper" >- INSTALL_SSH_RAND_HELPER="yes" >+ if test "x$enable_static_rand_helper" = "xyes"; then >+ AC_DEFINE(STATIC_RAND_HELPER, 1, [enable static linking of ssh-rand-helper instead of external subprocess]) >+ RAND_MSG="ssh-rand-helper (static)" >+ SSH_RAND_HELPER_OBJ="ssh-rand-helper.o" >+ else >+ # install rand-helper >+ RAND_MSG="ssh-rand-helper" >+ NO_SSH_RAND_HELPER="" >+ fi > fi >-AC_SUBST(INSTALL_SSH_RAND_HELPER) >+ >+AC_SUBST(NO_SSH_RAND_HELPER) >+AC_SUBST(SSH_RAND_HELPER_OBJ) > > ### Configuration of ssh-rand-helper > >@@ -1195,7 +1208,7 @@ > > # Where does ssh-rand-helper get its randomness from? > INSTALL_SSH_PRNG_CMDS="" >-if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then >+if test ! -z "$USE_RAND_HELPER" ; then > if test ! -z "$PRNGD_PORT" ; then > RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT" > elif test ! -z "$PRNGD_SOCKET" ; then >Index: entropy.c >=================================================================== >RCS file: /cvs/openssh/entropy.c,v >retrieving revision 1.46 >diff -u -r1.46 entropy.c >--- entropy.c 25 Aug 2003 01:16:21 -0000 1.46 >+++ entropy.c 25 Aug 2003 16:30:27 -0000 >@@ -47,8 +47,7 @@ > > RCSID("$Id: entropy.c,v 1.46 2003/08/25 01:16:21 mouring Exp $"); > >-#ifndef OPENSSL_PRNG_ONLY >-#define RANDOM_SEED_SIZE 48 >+#if !defined(OPENSSL_PRNG_ONLY) || !defined(STATIC_RAND_HELPER) > static uid_t original_uid, original_euid; > #endif > >@@ -56,11 +55,13 @@ > seed_rng(void) > { > #ifndef OPENSSL_PRNG_ONLY >+ unsigned char buf[RANDOM_SEED_SIZE]; >+ >+#ifndef STATIC_RAND_HELPER > int devnull; > int p[2]; > pid_t pid; > int ret; >- unsigned char buf[RANDOM_SEED_SIZE]; > mysig_t old_sigchld; > > if (RAND_status() == 1) { >@@ -124,10 +125,11 @@ > fatal("ssh-rand-helper terminated abnormally"); > if (WEXITSTATUS(ret) != 0) > fatal("ssh-rand-helper exit with exit status %d", ret); >- >+#else >+ rand_helper(buf, sizeof(buf)); >+#endif > RAND_add(buf, sizeof(buf), sizeof(buf)); > memset(buf, '\0', sizeof(buf)); >- > #endif /* OPENSSL_PRNG_ONLY */ > if (RAND_status() != 1) > fatal("PRNG is not seeded"); >Index: entropy.h >=================================================================== >RCS file: /cvs/openssh/entropy.h,v >retrieving revision 1.4 >diff -u -r1.4 entropy.h >--- entropy.h 9 Feb 2001 01:55:36 -0000 1.4 >+++ entropy.h 25 Aug 2003 16:30:27 -0000 >@@ -24,10 +24,14 @@ > > /* $Id: entropy.h,v 1.4 2001/02/09 01:55:36 djm Exp $ */ > >-#ifndef _RANDOMS_H >-#define _RANDOMS_H >+#ifndef _ENTROPY_H >+#define _ENTROPY_H >+ >+#define RANDOM_SEED_SIZE 48 > > void seed_rng(void); > void init_rng(void); > >-#endif /* _RANDOMS_H */ >+void rand_helper(unsigned char *buf, int bytes); >+ >+#endif /* _ENTROPY_H */ >Index: ssh-rand-helper.c >=================================================================== >RCS file: /cvs/openssh/ssh-rand-helper.c,v >retrieving revision 1.13 >diff -u -r1.13 ssh-rand-helper.c >--- ssh-rand-helper.c 21 Aug 2003 23:34:41 -0000 1.13 >+++ ssh-rand-helper.c 25 Aug 2003 16:30:28 -0000 >@@ -41,9 +41,6 @@ > > RCSID("$Id: ssh-rand-helper.c,v 1.13 2003/08/21 23:34:41 djm Exp $"); > >-/* Number of bytes we write out */ >-#define OUTPUT_SEED_SIZE 48 >- > /* Length of on-disk seedfiles */ > #define SEED_FILE_SIZE 1024 > >@@ -174,10 +171,10 @@ > > if (connect(fd, (struct sockaddr*)&addr, addr_len) == -1) { > if (tcp_port != 0) { >- error("Couldn't connect to PRNGD port %d: %s", >+ debug("Couldn't connect to PRNGD port %d: %s", > tcp_port, strerror(errno)); > } else { >- error("Couldn't connect to PRNGD socket \"%s\": %s", >+ debug("Couldn't connect to PRNGD socket \"%s\": %s", > addr_un->sun_path, strerror(errno)); > } > goto done; >@@ -749,6 +746,55 @@ > return cur_cmd < MIN_ENTROPY_SOURCES ? -1 : 0; > } > >+void rand_helper(unsigned char *buf, int bytes) >+{ >+ struct stat st; >+ int rval; >+ >+ if (!buf) >+ return; >+ >+#ifdef USE_SEED_FILES >+ prng_read_seedfile(); >+#endif >+ >+ /* >+ * Seed the RNG from wherever we can >+ */ >+ >+ /* Take whatever is on the stack, but don't credit it */ >+ RAND_add(buf, bytes, 0); >+ >+ debug("Seeded RNG with %i bytes from system calls", >+ (int)stir_from_system()); >+ >+ rval = -1; >+#ifdef PRNGD_PORT >+ rval = get_random_bytes_prngd(buf, bytes, PRNGD_PORT, NULL); >+#elif defined(PRNGD_SOCKET) >+ rval = get_random_bytes_prngd(buf, bytes, 0, PRNGD_SOCKET); >+#endif >+#if defined(PRNGD_PORT) || defined(PRNGD_SOCKET) >+ if (rval == -1) >+ debug("Entropy collection from PRNGD failed"); >+ else >+ RAND_add(buf, bytes, bytes); >+#endif >+ if ((rval == -1) && (stat(SSH_PRNG_COMMAND_FILE, &st) == 0)) { >+ /* Read in collection commands */ >+ if (prng_read_commands(SSH_PRNG_COMMAND_FILE) == -1) >+ fatal("PRNG initialisation failed -- exiting."); >+ debug("Seeded RNG with %i bytes from programs", >+ (int)stir_from_programs()); >+ } >+ >+#ifdef USE_SEED_FILES >+ prng_write_seedfile(); >+#endif >+} >+ >+#ifndef STATIC_RAND_HELPER >+ > void > usage(void) > { >@@ -758,7 +804,7 @@ > fprintf(stderr, " -x Force output in hexidecimal (for debugging)\n"); > fprintf(stderr, " -X Force output in binary\n"); > fprintf(stderr, " -b bytes Number of bytes to output (default %d)\n", >- OUTPUT_SEED_SIZE); >+ RANDOM_SEED_SIZE); > } > > int >@@ -774,7 +820,7 @@ > > ll = SYSLOG_LEVEL_INFO; > debug_level = output_hex = 0; >- bytes = OUTPUT_SEED_SIZE; >+ bytes = RANDOM_SEED_SIZE; > > /* Don't write binary data to a tty, unless we are forced to */ > if (isatty(STDOUT_FILENO)) >@@ -806,42 +852,9 @@ > } > > log_init(argv[0], ll, SYSLOG_FACILITY_USER, 1); >- >-#ifdef USE_SEED_FILES >- prng_read_seedfile(); >-#endif > > buf = xmalloc(bytes); >- >- /* >- * Seed the RNG from wherever we can >- */ >- >- /* Take whatever is on the stack, but don't credit it */ >- RAND_add(buf, bytes, 0); >- >- debug("Seeded RNG with %i bytes from system calls", >- (int)stir_from_system()); >- >-#ifdef PRNGD_PORT >- if (get_random_bytes_prngd(buf, bytes, PRNGD_PORT, NULL) == -1) >- fatal("Entropy collection failed"); >- RAND_add(buf, bytes, bytes); >-#elif defined(PRNGD_SOCKET) >- if (get_random_bytes_prngd(buf, bytes, 0, PRNGD_SOCKET) == -1) >- fatal("Entropy collection failed"); >- RAND_add(buf, bytes, bytes); >-#else >- /* Read in collection commands */ >- if (prng_read_commands(SSH_PRNG_COMMAND_FILE) == -1) >- fatal("PRNG initialisation failed -- exiting."); >- debug("Seeded RNG with %i bytes from programs", >- (int)stir_from_programs()); >-#endif >- >-#ifdef USE_SEED_FILES >- prng_write_seedfile(); >-#endif >+ rand_helper(buf, bytes); > > /* > * Write the seed to stdout >@@ -865,3 +878,5 @@ > > return ret == bytes ? 0 : 1; > } >+ >+#endif
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=373">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 630
: 373