Bugzilla – Attachment 4 Details for
Bug 13
Need faster ssh startup when no /dev/random or prngd available
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
added proposed patch
seed.diffs (text/plain), 9.47 KB, created by
Dave Dykstra
on 2001-11-10 05:15:09 AEDT
(
hide
)
Description:
added proposed patch
Filename:
MIME Type:
Creator:
Dave Dykstra
Created:
2001-11-10 05:15:09 AEDT
Size:
9.47 KB
patch
obsolete
>This patch adds an InitPrngFromSeedFile option to the ssh client. It is a >default-off option because it does increase risk if people store the seed >file on a networked filesystem that has secured authentication (such as by >Kerberos) but doesn't have encryption. The change intentionally applies >only to the ssh client, not sshd or ssh-keygen because I don't think it >hurts as much for them to start slowly. It might be nice if it applied to >ssh-agent and ssh-add, but they don't honor config files so it isn't easy >to do. > > >--- ssh.1.O Fri Oct 26 12:56:10 2001 >+++ ssh.1 Fri Nov 9 10:34:59 2001 >@@ -926,6 +926,30 @@ > It is possible to have > multiple identity files specified in configuration files; all these > identities will be tried in sequence. >+.It Cm InitPrngFromSeedFile >+Specifies whether the random seed file may be the primary source of >+randomness for the pseudo-random number generator on systems that don't >+have a good fast source of randomness such as /dev/random. This enables >+faster startup on such systems after the first time when the seed file >+is generated in >+.Pa $HOME/.ssh/prng_seed >+by running many external programs. If this option is >+.Dq no , >+.Nm ssh >+runs the external programs every time it starts. >+NOTE: if the seed file is stored on a network filesystem that does not >+use encryption, the seed may be vulnerable to someone listening on the >+network which could make it easier to guess what random keys >+.Nm ssh >+might choose to encrypt sessions. >+This option is ignored on systems that do have a good fast source of >+randomness. >+The argument must be >+.Dq yes >+or >+.Dq no . >+The default is >+.Dq no . > .It Cm KeepAlive > Specifies whether the system should send keepalive messages to the > other side. >--- readconf.h.O Thu Nov 8 09:51:00 2001 >+++ readconf.h Thu Nov 8 14:44:57 2001 >@@ -80,6 +80,8 @@ > char *proxy_command; /* Proxy command for connecting the host. */ > char *user; /* User to log in as. */ > int escape_char; /* Escape character; -2 = none */ >+ int init_prng_from_seed_file; /* If seed file exists don't use */ >+ /* external programs to initialize entropy */ > > char *system_hostfile;/* Path for /etc/ssh_known_hosts. */ > char *user_hostfile; /* Path for $HOME/.ssh/known_hosts. */ >--- readconf.c.O Fri Oct 26 10:45:15 2001 >+++ readconf.c Fri Nov 9 10:39:21 2001 >@@ -106,7 +106,8 @@ > oAFSTokenPassing, > #endif > oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward, >- oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand, >+ oUser, oHost, oEscapeChar, oInitPrngFromSeedFile, >+ oRhostsRSAAuthentication, oProxyCommand, > oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, > oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression, > oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts, >@@ -115,7 +116,7 @@ > oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, > oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, > oHostKeyAlgorithms, oBindAddress, oSmartcardDevice, >- oClearAllForwardings, oNoHostAuthenticationForLocalhost >+ oClearAllForwardings, oNoHostAuthenticationForLocalhost > } OpCodes; > > /* Textual representations of the tokens. */ >@@ -167,6 +168,7 @@ > { "user", oUser }, > { "host", oHost }, > { "escapechar", oEscapeChar }, >+ { "initprngfromseedfile", oInitPrngFromSeedFile }, > { "globalknownhostsfile", oGlobalKnownHostsFile }, > { "userknownhostsfile", oUserKnownHostsFile }, /* obsolete */ > { "globalknownhostsfile2", oGlobalKnownHostsFile2 }, >@@ -678,6 +680,10 @@ > *intptr = value; > break; > >+ case oInitPrngFromSeedFile: >+ intptr = &options->init_prng_from_seed_file; >+ goto parse_flag; >+ > default: > fatal("process_config_line: Unimplemented opcode %d", opcode); > } >@@ -787,6 +793,7 @@ > options->proxy_command = NULL; > options->user = NULL; > options->escape_char = -1; >+ options->init_prng_from_seed_file = -1; > options->system_hostfile = NULL; > options->user_hostfile = NULL; > options->system_hostfile2 = NULL; >@@ -905,6 +912,12 @@ > } > if (options->escape_char == -1) > options->escape_char = '~'; >+ if (options->init_prng_from_seed_file == -1) >+ options->init_prng_from_seed_file = 0; >+ if (options->init_prng_from_seed_file == 1) { >+ extern int init_prng_from_seed_file; >+ init_prng_from_seed_file = 1; >+ } > if (options->system_hostfile == NULL) > options->system_hostfile = _PATH_SSH_SYSTEM_HOSTFILE; > if (options->user_hostfile == NULL) >--- entropy.c.O Mon Oct 15 14:04:37 2001 >+++ entropy.c Fri Nov 9 11:13:41 2001 >@@ -68,6 +68,10 @@ > # define SAVED_IDS_WORK_WITH_SETEUID > #endif > >+/* if set and seed file exists, builtin entropy generator skips */ >+/* running lots of slow programs to collect initial entropy */ >+int init_prng_from_seed_file = 0; >+ > static void > check_openssl_version(void) > { >@@ -229,12 +233,6 @@ > memset(buf, '\0', sizeof(buf)); > } > >-void >-init_rng(void) >-{ >- check_openssl_version(); >-} >- > #else /* defined(USE_PRNGD) || defined(RANDOM_POOL) */ > > /* >@@ -651,7 +649,7 @@ > } > } > >-void >+int > prng_read_seedfile(void) { > int fd; > char seed[1024]; >@@ -669,8 +667,7 @@ > debug("loading PRNG seed from file %.100s", filename); > > if (!prng_check_seedfile(filename)) { >- verbose("Random seed file not found or not valid, ignoring."); >- return; >+ return 0; > } > > /* open the file and read in the seed */ >@@ -686,8 +683,12 @@ > } > close(fd); > >- /* stir in the seed, with estimated entropy zero */ >- RAND_add(&seed, sizeof(seed), 0.0); >+ /* stir in the seed, using a large number for the estimated entropy */ >+ /* because a lot of entropy went into the generating the file; not */ >+ /* this much, but the number isn't critical if it's over the minimum */ >+ RAND_add(&seed, sizeof(seed), (double) sizeof(seed)); >+ >+ return 1; > } > > >@@ -839,42 +840,12 @@ > seed_rng(void) > { > mysig_t old_sigchld_handler; >- >- if (!prng_initialised) >- fatal("RNG not initialised"); >- >- /* Make sure some other sigchld handler doesn't reap our entropy */ >- /* commands */ >- old_sigchld_handler = mysignal(SIGCHLD, SIG_DFL); >- >- debug("Seeded RNG with %i bytes from programs", >- (int)stir_from_programs()); >- debug("Seeded RNG with %i bytes from system calls", >- (int)stir_from_system()); >- >- if (!RAND_status()) >- fatal("Not enough entropy in RNG"); >- >- mysignal(SIGCHLD, old_sigchld_handler); >- >- if (!RAND_status()) >- fatal("Couldn't initialise builtin random number generator -- exiting."); >-} >- >-void >-init_rng(void) >-{ > int original_euid; >- >- check_openssl_version(); >+ int seed_file_read; > > original_uid = getuid(); > original_euid = geteuid(); > >- /* Read in collection commands */ >- if (!prng_read_commands(SSH_PRNG_COMMAND_FILE)) >- fatal("PRNG initialisation failed -- exiting."); >- > /* Set ourselves up to save a seed upon exit */ > prng_seed_saved = 0; > >@@ -892,7 +863,7 @@ > fatal("Couldn't give up privileges"); > #endif /* SAVED_IDS_WORK_WITH_SETEUID */ > >- prng_read_seedfile(); >+ seed_file_read = prng_read_seedfile(); > > #ifdef SAVED_IDS_WORK_WITH_SETEUID > if ((original_uid != original_euid) && (seteuid(original_euid) == -1)) >@@ -911,7 +882,51 @@ > fatal_add_cleanup(prng_seed_cleanup, NULL); > atexit(prng_write_seedfile); > >- prng_initialised = 1; >+ if (init_prng_from_seed_file) { >+ if (!seed_file_read) { >+ log("Random seed file not found or not valid, collecting random data..."); >+ /* Read in collection commands */ >+ if (!prng_read_commands(SSH_PRNG_COMMAND_FILE)) >+ fatal("PRNG initialisation failed -- exiting."); >+ } >+ } else { >+ if (!seed_file_read) { >+ verbose("Random seed file not found or not valid, ignoring."); >+ } >+ /* Read in collection commands */ >+ if (!prng_read_commands(SSH_PRNG_COMMAND_FILE)) >+ fatal("PRNG initialisation failed -- exiting."); >+ } >+ >+ /* Make sure some other sigchld handler doesn't reap our entropy */ >+ /* commands */ >+ old_sigchld_handler = mysignal(SIGCHLD, SIG_DFL); >+ >+ if (entropy_sources != NULL) { >+ debug("Seeded RNG with %i bytes from programs", >+ (int)stir_from_programs()); >+ } >+ debug("Seeded RNG with %i bytes from system calls", >+ (int)stir_from_system()); >+ >+ if (!RAND_status()) >+ fatal("Not enough entropy in RNG"); >+ >+ mysignal(SIGCHLD, old_sigchld_handler); >+ >+ if (!RAND_status()) >+ fatal("Couldn't initialise builtin random number generator -- exiting."); > } > >+ > #endif /* defined(USE_PRNGD) || defined(RANDOM_POOL) */ >+ >+/* note that init_rng is often called before processing options */ >+/* and as a result debug messages do not get printed, so put off */ >+/* most initialization until seed_rng */ >+ >+void >+init_rng(void) >+{ >+ check_openssl_version(); >+} >--- WARNING.RNG.O Fri Nov 9 13:12:40 2001 >+++ WARNING.RNG Fri Nov 9 13:13:27 2001 >@@ -64,6 +64,17 @@ > re-execute programs which have not been found, have had a non-zero > exit status or have timed out more than a couple of times. > >+There is an ssh client option called InitPrngFromSeedFile which if >+enabled will skip running the many slow programs once a seed file is >+originally generated. However, if the seed file is stored on a network >+filesystem that does not encrypt the network traffic, there is a risk >+that someone listening on the network could discover the contents of the >+seed file and from there guess the random numbers that ssh will choose >+to encrypt its traffic. This is particularly an issue if the network >+filesystem has secure authentication such as Kerberos, because if it >+does not have secure authentication it could be easily broken into anyway >+and using ssh won't improve the situation. >+ > 2. Estimating the real 'rate' of program outputs is non-trivial > > The shear volume of the task is problematic: there are currently
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=4">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 13
: 4