diff --git a/SOURCES/openssh-8.0p1-entropy.patch b/SOURCES/openssh-8.0p1-entropy.patch new file mode 100644 index 0000000..dedc7c8 --- /dev/null +++ b/SOURCES/openssh-8.0p1-entropy.patch @@ -0,0 +1,282 @@ +diff --git a/entropy.c b/entropy.c +index 2d483b3..b361a04 100644 +--- a/entropy.c ++++ b/entropy.c +@@ -234,6 +234,9 @@ seed_rng(void) + } + #endif /* OPENSSL_PRNG_ONLY */ + ++#ifdef __linux__ ++ linux_seed(); ++#endif /* __linux__ */ + if (RAND_status() != 1) + fatal("PRNG is not seeded"); + +diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in +index b912dbe..9206337 100644 +--- a/openbsd-compat/Makefile.in ++++ b/openbsd-compat/Makefile.in +@@ -20,6 +20,7 @@ OPENBSD=base64.o basename.o bcrypt_pbkdf.o bindresvport.o blowfish.o daemon.o di + port-solaris.o \ + port-net.o \ + port-uw.o \ ++ port-linux-prng.o \ + port-linux-sshd.o + + .c.o: +diff -up openssh-7.4p1/openbsd-compat/port-linux.h.entropy openssh-7.4p1/openbsd-compat/port-linux.h +--- openssh-7.4p1/openbsd-compat/port-linux.h.entropy 2016-12-23 18:34:27.747753563 +0100 ++++ openssh-7.4p1/openbsd-compat/port-linux.h 2016-12-23 18:34:27.769753570 +0100 +@@ -34,4 +34,6 @@ void oom_adjust_restore(void); + void oom_adjust_setup(void); + #endif + ++void linux_seed(void); ++ + #endif /* ! _PORT_LINUX_H */ +diff --git a/openbsd-compat/port-linux-prng.c b/openbsd-compat/port-linux-prng.c +new file mode 100644 +index 0000000..92a617c +--- /dev/null ++++ b/openbsd-compat/port-linux-prng.c +@@ -0,0 +1,70 @@ ++/* ++ * Copyright (c) 2011 - 2020 Red Hat, Inc. ++ * ++ * Authors: ++ * Jan F. Chadima ++ * Jakub Jelen ++ * ++ * Permission to use, copy, modify, and distribute this software for any ++ * purpose with or without fee is hereby granted, provided that the above ++ * copyright notice and this permission notice appear in all copies. ++ * ++ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES ++ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF ++ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ++ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES ++ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ++ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF ++ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ++ */ ++ ++/* ++ * Linux-specific portability code - prng support ++ */ ++ ++#include "includes.h" ++ ++#include ++#include ++#include ++#include ++ ++#include "log.h" ++ ++void ++linux_seed(void) ++{ ++ char *env = NULL; ++ size_t randlen = 14, left; ++ unsigned int flags = 0; ++ unsigned char buf[256], *p; ++ ++ env = getenv("SSH_USE_STRONG_RNG"); ++ if (env && strcmp(env, "0") != 0) { ++ size_t ienv = atoi(env); ++ ++ /* Max on buffer length */ ++ if (ienv > sizeof(buf)) ++ ienv = sizeof(buf); ++ /* Minimum is always 14 B */ ++ if (ienv > randlen) ++ randlen = ienv; ++ flags = GRND_RANDOM; ++ } ++ ++ errno = 0; ++ left = randlen; ++ p = buf; ++ do { ++ ssize_t len = getrandom(p, left, flags); ++ if (len == -1) { ++ if (errno != EINTR) ++ fatal("Failed to seed from getrandom: %s", strerror(errno)); ++ } else if (len > 0) { ++ left -= len; ++ p += len; ++ } ++ } while (left > 0); ++ ++ RAND_seed(buf, randlen); ++} +diff --git a/ssh-add.1 b/ssh-add.1 +index 4812448..16305bf 100644 +--- a/ssh-add.1 ++++ b/ssh-add.1 +@@ -161,6 +161,20 @@ to make this work.) + Identifies the path of a + .Ux Ns -domain + socket used to communicate with the agent. ++.It Ev SSH_USE_STRONG_RNG ++The reseeding of the OpenSSL random generator is usually done from ++.Cm /dev/urandom . ++If the ++.Cm SSH_USE_STRONG_RNG ++environment variable is set to value other than ++.Cm 0 ++the OpenSSL random generator is reseeded from ++.Cm /dev/random . ++The number of bytes read is defined by the SSH_USE_STRONG_RNG value. ++Minimum is 14 bytes. ++This setting is not recommended on the computers without the hardware ++random generator because insufficient entropy causes the connection to ++be blocked until enough entropy is available. + .El + .Sh FILES + .Bl -tag -width Ds +diff --git a/ssh-agent.1 b/ssh-agent.1 +index 281ecbd..1a9a635 100644 +--- a/ssh-agent.1 ++++ b/ssh-agent.1 +@@ -201,6 +201,24 @@ sockets used to contain the connection to the authentication agent. + These sockets should only be readable by the owner. + The sockets should get automatically removed when the agent exits. + .El ++.Sh ENVIRONMENT ++.Bl -tag -width Ds -compact ++.Pp ++.It Pa SSH_USE_STRONG_RNG ++The reseeding of the OpenSSL random generator is usually done from ++.Cm /dev/urandom . ++If the ++.Cm SSH_USE_STRONG_RNG ++environment variable is set to value other than ++.Cm 0 ++the OpenSSL random generator is reseeded from ++.Cm /dev/random . ++The number of bytes read is defined by the SSH_USE_STRONG_RNG value. ++Minimum is 14 bytes. ++This setting is not recommended on the computers without the hardware ++random generator because insufficient entropy causes the connection to ++be blocked until enough entropy is available. ++.El + .Sh SEE ALSO + .Xr ssh 1 , + .Xr ssh-add 1 , +diff --git a/ssh-keygen.1 b/ssh-keygen.1 +index 12e00d4..1b51a4a 100644 +--- a/ssh-keygen.1 ++++ b/ssh-keygen.1 +@@ -832,6 +832,24 @@ Contains Diffie-Hellman groups used for DH-GEX. + The file format is described in + .Xr moduli 5 . + .El ++.Sh ENVIRONMENT ++.Bl -tag -width Ds -compact ++.Pp ++.It Pa SSH_USE_STRONG_RNG ++The reseeding of the OpenSSL random generator is usually done from ++.Cm /dev/urandom . ++If the ++.Cm SSH_USE_STRONG_RNG ++environment variable is set to value other than ++.Cm 0 ++the OpenSSL random generator is reseeded from ++.Cm /dev/random . ++The number of bytes read is defined by the SSH_USE_STRONG_RNG value. ++Minimum is 14 bytes. ++This setting is not recommended on the computers without the hardware ++random generator because insufficient entropy causes the connection to ++be blocked until enough entropy is available. ++.El + .Sh SEE ALSO + .Xr ssh 1 , + .Xr ssh-add 1 , +diff --git a/ssh-keysign.8 b/ssh-keysign.8 +index 69d0829..02d79f8 100644 +--- a/ssh-keysign.8 ++++ b/ssh-keysign.8 +@@ -80,6 +80,24 @@ must be set-uid root if host-based authentication is used. + If these files exist they are assumed to contain public certificate + information corresponding with the private keys above. + .El ++.Sh ENVIRONMENT ++.Bl -tag -width Ds -compact ++.Pp ++.It Pa SSH_USE_STRONG_RNG ++The reseeding of the OpenSSL random generator is usually done from ++.Cm /dev/urandom . ++If the ++.Cm SSH_USE_STRONG_RNG ++environment variable is set to value other than ++.Cm 0 ++the OpenSSL random generator is reseeded from ++.Cm /dev/random . ++The number of bytes read is defined by the SSH_USE_STRONG_RNG value. ++Minimum is 14 bytes. ++This setting is not recommended on the computers without the hardware ++random generator because insufficient entropy causes the connection to ++be blocked until enough entropy is available. ++.El + .Sh SEE ALSO + .Xr ssh 1 , + .Xr ssh-keygen 1 , +diff --git a/ssh.1 b/ssh.1 +index 929904b..f65e42f 100644 +--- a/ssh.1 ++++ b/ssh.1 +@@ -1309,6 +1309,23 @@ For more information, see the + .Cm PermitUserEnvironment + option in + .Xr sshd_config 5 . ++.Sh ENVIRONMENT ++.Bl -tag -width Ds -compact ++.It Ev SSH_USE_STRONG_RNG ++The reseeding of the OpenSSL random generator is usually done from ++.Cm /dev/urandom . ++If the ++.Cm SSH_USE_STRONG_RNG ++environment variable is set to value other than ++.Cm 0 ++the OpenSSL random generator is reseeded from ++.Cm /dev/random . ++The number of bytes read is defined by the SSH_USE_STRONG_RNG value. ++Minimum is 14 bytes. ++This setting is not recommended on the computers without the hardware ++random generator because insufficient entropy causes the connection to ++be blocked until enough entropy is available. ++.El + .Sh FILES + .Bl -tag -width Ds -compact + .It Pa ~/.rhosts +diff --git a/sshd.8 b/sshd.8 +index c2c237f..058d37a 100644 +--- a/sshd.8 ++++ b/sshd.8 +@@ -951,6 +951,24 @@ concurrently for different ports, this contains the process ID of the one + started last). + The content of this file is not sensitive; it can be world-readable. + .El ++.Sh ENVIRONMENT ++.Bl -tag -width Ds -compact ++.Pp ++.It Pa SSH_USE_STRONG_RNG ++The reseeding of the OpenSSL random generator is usually done from ++.Cm /dev/urandom . ++If the ++.Cm SSH_USE_STRONG_RNG ++environment variable is set to value other than ++.Cm 0 ++the OpenSSL random generator is reseeded from ++.Cm /dev/random . ++The number of bytes read is defined by the SSH_USE_STRONG_RNG value. ++Minimum is 14 bytes. ++This setting is not recommended on the computers without the hardware ++random generator because insufficient entropy causes the connection to ++be blocked until enough entropy is available. ++.El + .Sh IPV6 + IPv6 address can be used everywhere where IPv4 address. In all entries must be the IPv6 address enclosed in square brackets. Note: The square brackets are metacharacters for the shell and must be escaped in shell. + .Sh SEE ALSO + diff --git a/SOURCES/sshd.sysconfig b/SOURCES/sshd.sysconfig index 6c2bff9..de7f0c6 100644 --- a/SOURCES/sshd.sysconfig +++ b/SOURCES/sshd.sysconfig @@ -6,6 +6,12 @@ # of DSA key or systemctl mask sshd-keygen@rsa.service to disable RSA key # creation. +# Do not change this option unless you have hardware random +# generator and you REALLY know what you are doing + +SSH_USE_STRONG_RNG=0 +# SSH_USE_STRONG_RNG=1 + # System-wide crypto policy: # To opt-out, uncomment the following line # CRYPTO_POLICY= diff --git a/SPECS/openssh.spec b/SPECS/openssh.spec index 6784355..0a4b2ea 100644 --- a/SPECS/openssh.spec +++ b/SPECS/openssh.spec @@ -66,7 +66,7 @@ # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1 %global openssh_ver 8.0p1 -%global openssh_rel 3 +%global openssh_rel 4 %global pam_ssh_agent_ver 0.10.3 %global pam_ssh_agent_rel 7 @@ -216,6 +216,8 @@ Patch963: openssh-8.0p1-openssl-evp.patch Patch964: openssh-8.0p1-openssl-kdf.patch # Use new OpenSSL for PEM export to avoid MD5 dependency (#1712436) Patch965: openssh-8.0p1-openssl-pem.patch +# Seed from dev/random if requested (#1785655) +Patch966: openssh-8.0p1-entropy.patch License: BSD Group: Applications/Internet @@ -431,6 +433,7 @@ popd %patch963 -p1 -b .openssl-evp %patch964 -p1 -b .openssl-kdf %patch965 -p1 -b .openssl-pem +%patch966 -p1 -b .entropy %patch200 -p1 -b .audit %patch201 -p1 -b .audit-race @@ -733,6 +736,9 @@ getent passwd sshd >/dev/null || \ %endif %changelog +* Wed Jan 08 2020 Jakub Jelen - 8.0p1-4 + 0.10.3-7 +- Restore entropy patch for CC certification (#1785655) + * Tue Jul 23 2019 Jakub Jelen - 8.0p1-3 + 0.10.3-7 - Fix typos in manual pages (#1668325) - Use the upstream support for PKCS#8 PEM files alongside with the legacy PEM files (#1712436)