diff options
| -rw-r--r-- | .cvsignore | 2 | ||||
| -rw-r--r-- | ChangeLog | 7 | ||||
| -rw-r--r-- | INSTALL | 6 | ||||
| -rw-r--r-- | Makefile.in | 50 | ||||
| -rw-r--r-- | WARNING.RNG | 95 | ||||
| -rw-r--r-- | aclocal.m4 | 12 | ||||
| -rw-r--r-- | buildpkg.sh.in | 7 | ||||
| -rw-r--r-- | configure.ac | 249 | ||||
| -rwxr-xr-x | contrib/aix/buildbff.sh | 11 | ||||
| -rw-r--r-- | entropy.c | 238 | ||||
| -rw-r--r-- | regress/README.regress | 6 | ||||
| -rw-r--r-- | ssh-add.c | 1 | ||||
| -rw-r--r-- | ssh-agent.c | 1 | ||||
| -rw-r--r-- | ssh-keygen.c | 1 | ||||
| -rw-r--r-- | ssh-keyscan.c | 1 | ||||
| -rw-r--r-- | ssh-keysign.c | 1 | ||||
| -rw-r--r-- | ssh-pkcs11-helper.c | 1 | ||||
| -rw-r--r-- | ssh-rand-helper.8 | 94 | ||||
| -rw-r--r-- | ssh-rand-helper.c | 932 | ||||
| -rw-r--r-- | ssh.c | 1 | ||||
| -rw-r--r-- | ssh_prng_cmds.in | 75 | ||||
| -rw-r--r-- | sshd.c | 1 |
22 files changed, 237 insertions, 1555 deletions
@@ -22,8 +22,6 @@ ssh-keygen ssh-keyscan ssh-keysign ssh-pkcs11-helper -ssh-rand-helper -ssh_prng_cmds sshd stamp-h.in survey @@ -1,6 +1,13 @@ 20110505 - (djm) [defines.h] Move up include of netinet/ip.h for IPTOS definitions. From des AT des.no + - (djm) [Makefile.in WARNING.RNG aclocal.m4 buildpkg.sh.in configure.ac] + [entropy.c ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c] + [ssh-keysign.c ssh-pkcs11-helper.c ssh-rand-helper.8 ssh-rand-helper.c] + [ssh.c ssh_prng_cmds.in sshd.c contrib/aix/buildbff.sh] + [regress/README.regress] Remove ssh-rand-helper and all its + tentacles. PRNGd seeding has been rolled into entropy.c directly. + Thanks to tim@ for testing on affected platforms. 20110221 - (dtucker) [contrib/cygwin/ssh-host-config] From Corinna: revamp of the @@ -16,9 +16,7 @@ The remaining items are optional. NB. If you operating system supports /dev/random, you should configure OpenSSL to use it. OpenSSH relies on OpenSSL's direct support of -/dev/random, or failing that, either prngd or egd. If you don't have -any of these you will have to rely on ssh-rand-helper, which is inferior -to a good kernel-based solution or prngd. +/dev/random, or failing that, either prngd or egd PRNGD: @@ -262,4 +260,4 @@ Please refer to the "reporting bugs" section of the webpage at http://www.openssh.com/ -$Id: INSTALL,v 1.85 2010/02/11 22:34:22 djm Exp $ +$Id: INSTALL,v 1.86 2011/05/05 03:48:37 djm Exp $ diff --git a/Makefile.in b/Makefile.in index d0263779..f5b14761 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.321 2011/01/25 01:16:16 djm Exp $ +# $Id: Makefile.in,v 1.322 2011/05/05 03:48:37 djm Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -26,7 +26,6 @@ ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass SFTP_SERVER=$(libexecdir)/sftp-server SSH_KEYSIGN=$(libexecdir)/ssh-keysign SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper -RAND_HELPER=$(libexecdir)/ssh-rand-helper PRIVSEP_PATH=@PRIVSEP_PATH@ SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@ STRIP_OPT=@STRIP_OPT@ @@ -39,7 +38,6 @@ PATHS= -DSSHDIR=\"$(sysconfdir)\" \ -D_PATH_SSH_PKCS11_HELPER=\"$(SSH_PKCS11_HELPER)\" \ -D_PATH_SSH_PIDDIR=\"$(piddir)\" \ -D_PATH_PRIVSEP_CHROOT_DIR=\"$(PRIVSEP_PATH)\" \ - -DSSH_RAND_HELPER=\"$(RAND_HELPER)\" CC=@CC@ LD=@LD@ @@ -61,10 +59,7 @@ LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@ EXEEXT=@EXEEXT@ MANFMT=@MANFMT@ -INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@ -INSTALL_SSH_RAND_HELPER=@INSTALL_SSH_RAND_HELPER@ - -TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) ssh-rand-helper${EXEEXT} sftp-server$(EXEEXT) sftp$(EXEEXT) +TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o bufbn.o buffer.o \ canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \ @@ -96,15 +91,14 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \ sftp-server.o sftp-common.o \ roaming_common.o roaming_serv.o -MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out -MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5 +MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out +MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5 MANTYPE = @MANTYPE@ CONFIGFILES=sshd_config.out ssh_config.out moduli.out CONFIGFILES_IN=sshd_config ssh_config moduli PATHSUBS = \ - -e 's|/etc/ssh/ssh_prng_cmds|$(sysconfdir)/ssh_prng_cmds|g' \ -e 's|/etc/ssh/ssh_config|$(sysconfdir)/ssh_config|g' \ -e 's|/etc/ssh/ssh_known_hosts|$(sysconfdir)/ssh_known_hosts|g' \ -e 's|/etc/ssh/sshd_config|$(sysconfdir)/sshd_config|g' \ @@ -124,7 +118,7 @@ PATHSUBS = \ FIXPATHSCMD = $(SED) $(PATHSUBS) -all: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) +all: $(CONFIGFILES) $(MANPAGES) $(TARGETS) $(LIBSSH_OBJS): Makefile.in config.h $(SSHOBJS): Makefile.in config.h @@ -175,9 +169,6 @@ sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o s sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o $(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT) -ssh-rand-helper${EXEEXT}: $(LIBCOMPAT) libssh.a ssh-rand-helper.o - $(LD) -o $@ ssh-rand-helper.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) - # test driver for the loginrec code - not built by default logintest: logintest.o $(LIBCOMPAT) libssh.a loginrec.o $(LD) -o $@ logintest.o $(LDFLAGS) loginrec.o -lopenbsd-compat -lssh $(LIBS) @@ -198,11 +189,6 @@ $(CONFIGFILES): $(CONFIGFILES_IN) conffile=`echo $@ | sed 's/.out$$//'`; \ $(FIXPATHSCMD) $(srcdir)/$${conffile} > $@ -ssh_prng_cmds.out: ssh_prng_cmds - if test ! -z "$(INSTALL_SSH_PRNG_CMDS)"; then \ - $(PERL) $(srcdir)/fixprogs ssh_prng_cmds $(ENT); \ - fi - # fake rule to stop make trying to compile moduli.o into a binary "moduli.o" moduli: echo @@ -215,7 +201,7 @@ clean: regressclean distclean: regressclean rm -f *.o *.a $(TARGETS) logintest config.cache config.log rm -f *.out core opensshd.init openssh.xml - rm -f Makefile buildpkg.sh config.h config.status ssh_prng_cmds + rm -f Makefile buildpkg.sh config.h config.status rm -f survey.sh openbsd-compat/regress/Makefile *~ rm -rf autom4te.cache (cd openbsd-compat && $(MAKE) distclean) @@ -242,9 +228,9 @@ distprep: catman-do $(AUTORECONF) -rm -rf autom4te.cache -install: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files install-sysconf host-key check-config -install-nokeys: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files install-sysconf -install-nosysconf: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files +install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf host-key check-config +install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf +install-nosysconf: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files check-config: -$(DESTDIR)$(sbindir)/sshd -t -f $(DESTDIR)$(sysconfdir)/sshd_config @@ -265,9 +251,6 @@ install-files: $(INSTALL) -m 0755 $(STRIP_OPT) ssh-keygen$(EXEEXT) $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT) $(INSTALL) -m 0755 $(STRIP_OPT) ssh-keyscan$(EXEEXT) $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT) $(INSTALL) -m 0755 $(STRIP_OPT) sshd$(EXEEXT) $(DESTDIR)$(sbindir)/sshd$(EXEEXT) - if test ! -z "$(INSTALL_SSH_RAND_HELPER)" ; then \ - $(INSTALL) -m 0755 $(STRIP_OPT) ssh-rand-helper$(EXEEXT) $(DESTDIR)$(libexecdir)/ssh-rand-helper$(EXEEXT) ; \ - fi $(INSTALL) -m 4711 $(STRIP_OPT) ssh-keysign$(EXEEXT) $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT) $(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT) $(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT) @@ -282,9 +265,6 @@ install-files: $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5 $(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5 $(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8 - if [ ! -z "$(INSTALL_SSH_RAND_HELPER)" ]; then \ - $(INSTALL) -m 644 ssh-rand-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-rand-helper.8 ; \ - fi $(INSTALL) -m 644 sftp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1 $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8 @@ -308,13 +288,6 @@ install-sysconf: else \ echo "$(DESTDIR)$(sysconfdir)/sshd_config already exists, install will not overwrite"; \ fi - @if [ -f ssh_prng_cmds ] && [ ! -z "$(INSTALL_SSH_PRNG_CMDS)" ]; then \ - if [ ! -f $(DESTDIR)$(sysconfdir)/ssh_prng_cmds ] ; then \ - $(INSTALL) -m 644 ssh_prng_cmds.out $(DESTDIR)$(sysconfdir)/ssh_prng_cmds; \ - else \ - echo "$(DESTDIR)$(sysconfdir)/ssh_prng_cmds already exists, install will not overwrite"; \ - fi ; \ - fi @if [ ! -f $(DESTDIR)$(sysconfdir)/moduli ]; then \ if [ -f $(DESTDIR)$(sysconfdir)/primes ]; then \ echo "moving $(DESTDIR)$(sysconfdir)/primes to $(DESTDIR)$(sysconfdir)/moduli"; \ @@ -361,7 +334,6 @@ host-key-force: ssh-keygen$(EXEEXT) uninstallall: uninstall -rm -f $(DESTDIR)$(sysconfdir)/ssh_config -rm -f $(DESTDIR)$(sysconfdir)/sshd_config - -rm -f $(DESTDIR)$(sysconfdir)/ssh_prng_cmds -rmdir $(DESTDIR)$(sysconfdir) -rmdir $(DESTDIR)$(bindir) -rmdir $(DESTDIR)$(sbindir) @@ -383,7 +355,6 @@ uninstall: -rm -r $(DESTDIR)$(SFTP_SERVER)$(EXEEXT) -rm -f $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT) -rm -f $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT) - -rm -f $(DESTDIR)$(RAND_HELPER)$(EXEEXT) -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1 @@ -392,7 +363,6 @@ uninstall: -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8 - -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-rand-helper.8 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8 @@ -462,7 +432,7 @@ survey: survey.sh ssh send-survey: survey mail portable-survey@mindrot.org <survey -package: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) +package: $(CONFIGFILES) $(MANPAGES) $(TARGETS) if [ "@MAKE_PACKAGE_SUPPORTED@" = yes ]; then \ sh buildpkg.sh; \ fi diff --git a/WARNING.RNG b/WARNING.RNG deleted file mode 100644 index 97da74ff..00000000 --- a/WARNING.RNG +++ /dev/null @@ -1,95 +0,0 @@ -This document contains a description of portable OpenSSH's random -number collection code. An alternate reading of this text could -well be titled "Why I should pressure my system vendor to supply -/dev/random in their OS". - -Why is this important? OpenSSH depends on good, unpredictable numbers -for generating keys, performing digital signatures and forming -cryptographic challenges. If the random numbers that it uses are -predictable, then the strength of the whole system is compromised. - -A particularly pernicious problem arises with DSA keys (used by the -ssh2 protocol). Performing a DSA signature (which is required for -authentication), entails the use of a 160 bit random number. If an -attacker can predict this number, then they can deduce your *private* -key and impersonate you or your hosts. - -If you are using the builtin random number support (configure will -tell you if this is the case), then read this document in its entirety. -Alternately, you can use Lutz Jaenicke's PRNGd - a small daemon which -collects random numbers and makes them available by a socket. - -Please also request that your OS vendor provides a kernel-based random -number collector (/dev/random) in future versions of your operating -systems by default. - -On to the description... - -The portable OpenSSH contains random number collection support for -systems which lack a kernel entropy pool (/dev/random). - -This collector (as of 3.1 and beyond) comes as an external application -that allows the local admin to decide on how to implement entropy -collection. - -The default entropy collector operates by executing the programs listed -in ($etcdir)/ssh_prng_cmds, reading their output and adding it to the -PRNG supplied by OpenSSL (which is hash-based). It also stirs in the -output of several system calls and timings from the execution of the -programs that it runs. - -The ssh_prng_cmds file also specifies a 'rate' for each program. This -represents the number of bits of randomness per byte of output from -the specified program. - -The random number code will also read and save a seed file to -~/.ssh/prng_seed. This contents of this file are added to the random -number generator at startup. The goal here is to maintain as much -randomness between sessions as possible. - -The default entropy collection code has two main problems: - -1. It is slow. - -Executing each program in the list can take a large amount of time, -especially on slower machines. Additionally some program can take a -disproportionate time to execute. - -Tuning the random helper can be done by running ./ssh-random-helper in -very verbose mode ("-vvv") and identifying the commands that are taking -excessive amounts of time or hanging altogher. Any problem commands can -be modified or removed from ssh_prng_cmds. - -The default entropy collector will timeout programs which take too long -to execute, the actual timeout used can be adjusted with the ---with-entropy-timeout configure option. OpenSSH will not try to -re-execute programs which have not been found, have had a non-zero -exit status or have timed out more than a couple of times. - -2. Estimating the real 'rate' of program outputs is non-trivial - -The shear volume of the task is problematic: there are currently -around 50 commands in the ssh_prng_cmds list, portable OpenSSH -supports at least 12 different OSs. That is already 600 sets of data -to be analysed, without taking into account the numerous differences -between versions of each OS. - -On top of this, the different commands can produce varying amounts of -usable data depending on how busy the machine is, how long it has been -up and various other factors. - -To make matters even more complex, some of the commands are reporting -largely the same data as other commands (eg. the various "ps" calls). - - -How to avoid the default entropy code? - -The best way is to read the OpenSSL documentation and recompile OpenSSL -to use prngd or egd. Some platforms (like earily solaris) have 3rd -party /dev/random devices that can be also used for this task. - -If you are forced to use ssh-rand-helper consider still downloading -prngd/egd and configure OpenSSH using --with-prngd-port=xx or ---with-prngd-socket=xx (refer to INSTALL for more information). - -$Id: WARNING.RNG,v 1.8 2005/05/26 01:47:54 djm Exp $ @@ -1,4 +1,4 @@ -dnl $Id: aclocal.m4,v 1.6 2005/09/19 16:33:39 tim Exp $ +dnl $Id: aclocal.m4,v 1.7 2011/05/05 03:48:37 djm Exp $ dnl dnl OpenSSH-specific autoconf macros dnl @@ -33,16 +33,6 @@ AC_DEFUN(OSSH_CHECK_HEADER_FOR_FIELD, [ fi ]) -dnl OSSH_PATH_ENTROPY_PROG(variablename, command): -dnl Tidiness function, sets 'undef' if not found, and does the AC_SUBST -AC_DEFUN(OSSH_PATH_ENTROPY_PROG, [ - AC_PATH_PROG($1, $2) - if test -z "[$]$1" ; then - $1="undef" - fi - AC_SUBST($1) -]) - dnl Check for socklen_t: historically on BSD it is an int, and in dnl POSIX 1g it is a type of its own, but some platforms use different dnl types for the argument to getsockopt, getpeername, etc. So we diff --git a/buildpkg.sh.in b/buildpkg.sh.in index 22c66fbd..4de9d42e 100644 --- a/buildpkg.sh.in +++ b/buildpkg.sh.in @@ -229,8 +229,6 @@ perl -p -i -e "s/#PrintMotd yes/PrintMotd no/" \ # We don't want to overwrite config files on multiple installs mv $FAKE_ROOT${sysconfdir}/ssh_config $FAKE_ROOT${sysconfdir}/ssh_config.default mv $FAKE_ROOT${sysconfdir}/sshd_config $FAKE_ROOT${sysconfdir}/sshd_config.default -[ -f $FAKE_ROOT${sysconfdir}/ssh_prng_cmds ] && \ -mv $FAKE_ROOT${sysconfdir}/ssh_prng_cmds $FAKE_ROOT${sysconfdir}/ssh_prng_cmds.default # local tweeks here [ -s "${POST_MAKE_INSTALL_FIXES}" ] && . ${POST_MAKE_INSTALL_FIXES} @@ -317,11 +315,6 @@ cat > postinstall << _EOF [ -f \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config ] || \\ cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config.default \\ \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config -[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds.default ] && { - [ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds ] || \\ - cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds.default \\ - \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds -} # make rc?.d dirs only if we are doing a test install [ -n "${TEST_DIR}" ] && [ $DO_SMF -ne 1 ] && { diff --git a/configure.ac b/configure.ac index c8d90ea0..573c0971 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.471 2011/01/26 20:38:58 tim Exp $ +# $Id: configure.ac,v 1.472 2011/05/05 03:48:37 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) -AC_REVISION($Revision: 1.471 $) +AC_REVISION($Revision: 1.472 $) AC_CONFIG_SRCDIR([ssh.c]) AC_LANG([C]) @@ -2299,113 +2299,15 @@ AC_RUN_IFELSE( ], [ AC_MSG_RESULT([no]) - # Default to use of the rand helper if OpenSSL doesn't - # seed itself - USE_RAND_HELPER=yes ], [ AC_MSG_WARN([cross compiling: assuming yes]) - # This is safe, since all recent OpenSSL versions will - # complain at runtime if not seeded correctly. + # This is safe, since we will fatal() at runtime if + # OpenSSL is not seeded correctly. OPENSSL_SEEDS_ITSELF=yes ] ) -# Check for PAM libs -PAM_MSG="no" -AC_ARG_WITH([pam], - [ --with-pam Enable PAM support ], - [ - if test "x$withval" != "xno" ; then - if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ - test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then - AC_MSG_ERROR([PAM headers not found]) - fi - - saved_LIBS="$LIBS" - AC_CHECK_LIB([dl], [dlopen], , ) - AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])]) - AC_CHECK_FUNCS([pam_getenvlist]) - AC_CHECK_FUNCS([pam_putenv]) - LIBS="$saved_LIBS" - - PAM_MSG="yes" - - SSHDLIBS="$SSHDLIBS -lpam" - AC_DEFINE([USE_PAM], [1], - [Define if you want to enable PAM support]) - - if test $ac_cv_lib_dl_dlopen = yes; then - case "$LIBS" in - *-ldl*) - # libdl already in LIBS - ;; - *) - SSHDLIBS="$SSHDLIBS -ldl" - ;; - esac - fi - fi - ] -) - -# Check for older PAM -if test "x$PAM_MSG" = "xyes" ; then - # Check PAM strerror arguments (old PAM) - AC_MSG_CHECKING([whether pam_strerror takes only one argument]) - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ -#include <stdlib.h> -#if defined(HAVE_SECURITY_PAM_APPL_H) -#include <security/pam_appl.h> -#elif defined (HAVE_PAM_PAM_APPL_H) -#include <pam/pam_appl.h> -#endif - ]], [[ -(void)pam_strerror((pam_handle_t *)NULL, -1); - ]])], [AC_MSG_RESULT([no])], [ - AC_DEFINE([HAVE_OLD_PAM], [1], - [Define if you have an old version of PAM - which takes only one argument to pam_strerror]) - AC_MSG_RESULT([yes]) - PAM_MSG="yes (old library)" - - ]) -fi - -# Do we want to force the use of the rand helper? -AC_ARG_WITH([rand-helper], - [ --with-rand-helper Use subprocess to gather strong randomness ], - [ - if test "x$withval" = "xno" ; then - # Force use of OpenSSL's internal RNG, even if - # the previous test showed it to be unseeded. - if test -z "$OPENSSL_SEEDS_ITSELF" ; then - AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG]) - OPENSSL_SEEDS_ITSELF=yes - USE_RAND_HELPER="" - fi - else - USE_RAND_HELPER=yes - fi - ], -) - -# Which randomness source do we use? -if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then - # OpenSSL only - AC_DEFINE([OPENSSL_PRNG_ONLY], [1], - [Define if you want OpenSSL's internally seeded PRNG only]) - RAND_MSG="OpenSSL internal ONLY" - INSTALL_SSH_RAND_HELPER="" -elif test ! -z "$USE_RAND_HELPER" ; then - # install rand helper - RAND_MSG="ssh-rand-helper" - INSTALL_SSH_RAND_HELPER="yes" -fi -AC_SUBST([INSTALL_SSH_RAND_HELPER]) - -### Configuration of ssh-rand-helper - # PRNGD TCP socket AC_ARG_WITH([prngd-port], [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT], @@ -2460,7 +2362,7 @@ AC_ARG_WITH([prngd-socket], ], [ # Check for existing socket only if we don't have a random device already - if test "$USE_RAND_HELPER" = yes ; then + if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then AC_MSG_CHECKING([for PRNGD/EGD socket]) # Insert other locations here for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do @@ -2479,19 +2381,79 @@ AC_ARG_WITH([prngd-socket], ] ) -# Change default command timeout for hashing entropy source -entropy_timeout=200 -AC_ARG_WITH([entropy-timeout], - [ --with-entropy-timeout Specify entropy gathering command timeout (msec)], +# Which randomness source do we use? +if test ! -z "$PRNGD_PORT" ; then + RAND_MSG="PRNGd port $PRNGD_PORT" +elif test ! -z "$PRNGD_SOCKET" ; then + RAND_MSG="PRNGd socket $PRNGD_SOCKET" +elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then + AC_DEFINE([OPENSSL_PRNG_ONLY], [1], + [Define if you want OpenSSL's internally seeded PRNG only]) + RAND_MSG="OpenSSL internal ONLY" +else + AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options]) +fi + +# Check for PAM libs +PAM_MSG="no" +AC_ARG_WITH([pam], + [ --with-pam Enable PAM support ], [ - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - entropy_timeout=$withval + if test "x$withval" != "xno" ; then + if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ + test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then + AC_MSG_ERROR([PAM headers not found]) + fi + + saved_LIBS="$LIBS" + AC_CHECK_LIB([dl], [dlopen], , ) + AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])]) + AC_CHECK_FUNCS([pam_getenvlist]) + AC_CHECK_FUNCS([pam_putenv]) + LIBS="$saved_LIBS" + + PAM_MSG="yes" + + SSHDLIBS="$SSHDLIBS -lpam" + AC_DEFINE([USE_PAM], [1], + [Define if you want to enable PAM support]) + + if test $ac_cv_lib_dl_dlopen = yes; then + case "$LIBS" in + *-ldl*) + # libdl already in LIBS + ;; + *) + SSHDLIBS="$SSHDLIBS -ldl" + ;; + esac + fi fi ] ) -AC_DEFINE_UNQUOTED([ENTROPY_TIMEOUT_MSEC], [$entropy_timeout], - [Builtin PRNG command timeout]) + +# Check for older PAM +if test "x$PAM_MSG" = "xyes" ; then + # Check PAM strerror arguments (old PAM) + AC_MSG_CHECKING([whether pam_strerror takes only one argument]) + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ +#include <stdlib.h> +#if defined(HAVE_SECURITY_PAM_APPL_H) +#include <security/pam_appl.h> +#elif defined (HAVE_PAM_PAM_APPL_H) +#include <pam/pam_appl.h> +#endif + ]], [[ +(void)pam_strerror((pam_handle_t *)NULL, -1); + ]])], [AC_MSG_RESULT([no])], [ + AC_DEFINE([HAVE_OLD_PAM], [1], + [Define if you have an old version of PAM + which takes only one argument to pam_strerror]) + AC_MSG_RESULT([yes]) + PAM_MSG="yes (old library)" + + ]) +fi SSH_PRIVSEP_USER=sshd AC_ARG_WITH([privsep-user], @@ -2507,56 +2469,6 @@ AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"], [non-privileged user for privilege separation]) AC_SUBST([SSH_PRIVSEP_USER]) -# We do this little dance with the search path to insure -# that programs that we select for use by installed programs -# (which may be run by the super-user) come from trusted -# locations before they come from the user's private area. -# This should help avoid accidentally configuring some -# random version of a program in someone's personal bin. - -OPATH=$PATH -PATH=/bin:/usr/bin -test -h /bin 2> /dev/null && PATH=/usr/bin -test -d /sbin && PATH=$PATH:/sbin -test -d /usr/sbin && PATH=$PATH:/usr/sbin -PATH=$PATH:/etc:$OPATH - -# These programs are used by the command hashing source to gather entropy -OSSH_PATH_ENTROPY_PROG([PROG_LS], [ls]) -OSSH_PATH_ENTROPY_PROG([PROG_NETSTAT], [netstat]) -OSSH_PATH_ENTROPY_PROG([PROG_ARP], [arp]) -OSSH_PATH_ENTROPY_PROG([PROG_IFCONFIG], [ifconfig]) -OSSH_PATH_ENTROPY_PROG([PROG_JSTAT], [jstat]) -OSSH_PATH_ENTROPY_PROG([PROG_PS], [ps]) -OSSH_PATH_ENTROPY_PROG([PROG_SAR], [sar]) -OSSH_PATH_ENTROPY_PROG([PROG_W], [w]) -OSSH_PATH_ENTROPY_PROG([PROG_WHO], [who]) -OSSH_PATH_ENTROPY_PROG([PROG_LAST], [last]) -OSSH_PATH_ENTROPY_PROG([PROG_LASTLOG], [lastlog]) -OSSH_PATH_ENTROPY_PROG([PROG_DF], [df]) -OSSH_PATH_ENTROPY_PROG([PROG_VMSTAT], [vmstat]) -OSSH_PATH_ENTROPY_PROG([PROG_UPTIME], [uptime]) -OSSH_PATH_ENTROPY_PROG([PROG_IPCS], [ipcs]) -OSSH_PATH_ENTROPY_PROG([PROG_TAIL], [tail]) -# restore PATH -PATH=$OPATH - -# Where does ssh-rand-helper get its randomness from? -INSTALL_SSH_PRNG_CMDS="" -if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then - if test ! -z "$PRNGD_PORT" ; then - RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT" - elif test ! -z "$PRNGD_SOCKET" ; then - RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\"" - else - RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)" - RAND_HELPER_CMDHASH=yes - INSTALL_SSH_PRNG_CMDS="yes" - fi -fi -AC_SUBST([INSTALL_SSH_PRNG_CMDS]) - - # Cheap hack to ensure NEWS-OS libraries are arranged right. if test ! -z "$SONY" ; then LIBS="$LIBS -liberty"; @@ -4157,7 +4069,7 @@ AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) AC_EXEEXT AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ openbsd-compat/Makefile openbsd-compat/regress/Makefile \ - ssh_prng_cmds survey.sh]) + survey.sh]) AC_OUTPUT # Print summary of options @@ -4212,9 +4124,6 @@ echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" echo " BSD Auth support: $BSD_AUTH_MSG" echo " Random number source: $RAND_MSG" -if test ! -z "$USE_RAND_HELPER" ; then -echo " ssh-rand-helper collects from: $RAND_HELPER_MSG" -fi echo "" @@ -4246,14 +4155,6 @@ if test "x$PAM_MSG" = "xyes" ; then echo "" fi -if test ! -z "$RAND_HELPER_CMDHASH" ; then - echo "WARNING: you are using the builtin random number collection " - echo "service. Please read WARNING.RNG and request that your OS " - echo "vendor includes kernel-based random number collection in " - echo "future versions of your OS." - echo "" -fi - if test ! -z "$NO_PEERCHECK" ; then echo "WARNING: the operating system that you are using does not" echo "appear to support getpeereid(), getpeerucred() or the" diff --git a/contrib/aix/buildbff.sh b/contrib/aix/buildbff.sh index ca4bf021..81d8cc30 100755 --- a/contrib/aix/buildbff.sh +++ b/contrib/aix/buildbff.sh @@ -1,7 +1,7 @@ #!/bin/sh # # buildbff.sh: Create AIX SMIT-installable OpenSSH packages -# $Id: buildbff.sh,v 1.12 2010/04/18 03:35:00 dtucker Exp $ +# $Id: buildbff.sh,v 1.13 2011/05/05 03:48:41 djm Exp $ # # Author: Darren Tucker (dtucker at zip dot com dot au) # This file is placed in the public domain and comes with absolutely @@ -156,13 +156,6 @@ do mv $FAKE_ROOT/$sysconfdir/$cfgfile $FAKE_ROOT/$sysconfdir/$cfgfile.default done -# AIX 5.3 and newer have /dev/random and don't create ssh_prng_cmds -if [ -f $FAKE_ROOT/$sysconfdir/ssh_prng_cmds ] -then - mv $FAKE_ROOT/$sysconfdir/ssh_prng_cmds \ - $FAKE_ROOT/$sysconfdir/ssh_prng_cmds.default -fi - # # Generate lpp control files. # working dir is $FAKE_ROOT but files are generated in dir above @@ -197,7 +190,7 @@ cat <<EOF >>../openssh.post_i #!/bin/sh echo Creating configs from defaults if necessary. -for cfgfile in ssh_config sshd_config ssh_prng_cmds +for cfgfile in ssh_config sshd_config do if [ ! -f $sysconfdir/\$cfgfile ] then @@ -25,19 +25,19 @@ #include "includes.h" #include <sys/types.h> -#include <sys/wait.h> - -#ifdef HAVE_SYS_STAT_H -# include <sys/stat.h> +#include <sys/socket.h> +#ifdef HAVE_SYS_UN_H +# include <sys/un.h> #endif -#ifdef HAVE_FCNTL_H -# include <fcntl.h> -#endif -#include <stdarg.h> -#include <string.h> +#include <netinet/in.h> +#include <arpa/inet.h> + +#include <errno.h> #include <signal.h> +#include <string.h> #include <unistd.h> +#include <stddef.h> /* for offsetof */ #include <openssl/rand.h> #include <openssl/crypto.h> @@ -54,118 +54,128 @@ /* * Portable OpenSSH PRNG seeding: * If OpenSSL has not "internally seeded" itself (e.g. pulled data from - * /dev/random), then we execute a "ssh-rand-helper" program which - * collects entropy and writes it to stdout. The child program must - * write at least RANDOM_SEED_SIZE bytes. The child is run with stderr - * attached, so error/debugging output should be visible. - * - * XXX: we should tell the child how many bytes we need. + * /dev/random), then collect RANDOM_SEED_SIZE bytes of randomness from + * PRNGd. */ - #ifndef OPENSSL_PRNG_ONLY + #define RANDOM_SEED_SIZE 48 -static uid_t original_uid, original_euid; -#endif -void -seed_rng(void) +/* + * Collect 'len' bytes of entropy into 'buf' from PRNGD/EGD daemon + * listening either on 'tcp_port', or via Unix domain socket at * + * 'socket_path'. + * Either a non-zero tcp_port or a non-null socket_path must be + * supplied. + * Returns 0 on success, -1 on error + */ +int +get_random_bytes_prngd(unsigned char *buf, int len, + unsigned short tcp_port, char *socket_path) { -#ifndef OPENSSL_PRNG_ONLY - int devnull; - int p[2]; - pid_t pid; - int ret; - unsigned char buf[RANDOM_SEED_SIZE]; - mysig_t old_sigchld; + int fd, addr_len, rval, errors; + u_char msg[2]; + struct sockaddr_storage addr; + struct sockaddr_in *addr_in = (struct sockaddr_in *)&addr; + struct sockaddr_un *addr_un = (struct sockaddr_un *)&addr; + mysig_t old_sigpipe; + + /* Sanity checks */ + if (socket_path == NULL && tcp_port == 0) + fatal("You must specify a port or a socket"); + if (socket_path != NULL && + strlen(socket_path) >= sizeof(addr_un->sun_path)) + fatal("Random pool path is too long"); + if (len <= 0 || len > 255) + fatal("Too many bytes (%d) to read from PRNGD", len); + + memset(&addr, '\0', sizeof(addr)); + + if (tcp_port != 0) { + addr_in->sin_family = AF_INET; + addr_in->sin_addr.s_addr = htonl(INADDR_LOOPBACK); + addr_in->sin_port = htons(tcp_port); + addr_len = sizeof(*addr_in); + } else { + addr_un->sun_family = AF_UNIX; + strlcpy(addr_un->sun_path, socket_path, + sizeof(addr_un->sun_path)); + addr_len = offsetof(struct sockaddr_un, sun_path) + + strlen(socket_path) + 1; + } - if (RAND_status() == 1) { - debug3("RNG is ready, skipping seeding"); - return; + old_sigpipe = mysignal(SIGPIPE, SIG_IGN); + + errors = 0; + rval = -1; +reopen: + fd = socket(addr.ss_family, SOCK_STREAM, 0); + if (fd == -1) { + error("Couldn't create socket: %s", strerror(errno)); + goto done; } - debug3("Seeding PRNG from %s", SSH_RAND_HELPER); - - if ((devnull = open("/dev/null", O_RDWR)) == -1) - fatal("Couldn't open /dev/null: %s", strerror(errno)); - if (pipe(p) == -1) - fatal("pipe: %s", strerror(errno)); - - old_sigchld = signal(SIGCHLD, SIG_DFL); - if ((pid = fork()) == -1) - fatal("Couldn't fork: %s", strerror(errno)); - if (pid == 0) { - dup2(devnull, STDIN_FILENO); - dup2(p[1], STDOUT_FILENO); - /* Keep stderr open for errors */ - close(p[0]); - close(p[1]); - close(devnull); - - if (original_uid != original_euid && - ( seteuid(getuid()) == -1 || - setuid(original_uid) == -1) ) { - fprintf(stderr, "(rand child) setuid(%li): %s\n", - (long int)original_uid, strerror(errno)); - _exit(1); + if (connect(fd, (struct sockaddr*)&addr, addr_len) == -1) { + if (tcp_port != 0) { + error("Couldn't connect to PRNGD port %d: %s", + tcp_port, strerror(errno)); + } else { + error("Couldn't connect to PRNGD socket \"%s\": %s", + addr_un->sun_path, strerror(errno)); } - - execl(SSH_RAND_HELPER, "ssh-rand-helper", NULL); - fprintf(stderr, "(rand child) Couldn't exec '%s': %s\n", - SSH_RAND_HELPER, strerror(errno)); - _exit(1); + goto done; } - close(devnull); - close(p[1]); + /* Send blocking read request to PRNGD */ + msg[0] = 0x02; + msg[1] = len; - memset(buf, '\0', sizeof(buf)); - ret = atomicio(read, p[0], buf, sizeof(buf)); - if (ret == -1) - fatal("Couldn't read from ssh-rand-helper: %s", + if (atomicio(vwrite, fd, msg, sizeof(msg)) != sizeof(msg)) { + if (errno == EPIPE && errors < 10) { + close(fd); + errors++; + goto reopen; + } + error("Couldn't write to PRNGD socket: %s", strerror(errno)); - if (ret != sizeof(buf)) - fatal("ssh-rand-helper child produced insufficient data"); - - close(p[0]); + goto done; + } - if (waitpid(pid, &ret, 0) == -1) - fatal("Couldn't wait for ssh-rand-helper completion: %s", + if (atomicio(read, fd, buf, len) != (size_t)len) { + if (errno == EPIPE && errors < 10) { + close(fd); + errors++; + goto reopen; + } + error("Couldn't read from PRNGD socket: %s", strerror(errno)); - signal(SIGCHLD, old_sigchld); - - /* We don't mind if the child exits upon a SIGPIPE */ - if (!WIFEXITED(ret) && - (!WIFSIGNALED(ret) || WTERMSIG(ret) != SIGPIPE)) - fatal("ssh-rand-helper terminated abnormally"); - if (WEXITSTATUS(ret) != 0) - fatal("ssh-rand-helper exit with exit status %d", ret); - - RAND_add(buf, sizeof(buf), sizeof(buf)); - memset(buf, '\0', sizeof(buf)); + goto done; + } -#endif /* OPENSSL_PRNG_ONLY */ - if (RAND_status() != 1) - fatal("PRNG is not seeded"); + rval = 0; +done: + mysignal(SIGPIPE, old_sigpipe); + if (fd != -1) + close(fd); + return rval; } -void -init_rng(void) +static int +seed_from_prngd(unsigned char *buf, size_t bytes) { - /* - * OpenSSL version numbers: MNNFFPPS: major minor fix patch status - * We match major, minor, fix and status (not patch) - */ - if ((SSLeay() ^ OPENSSL_VERSION_NUMBER) & ~0xff0L) - fatal("OpenSSL version mismatch. Built against %lx, you " - "have %lx", (u_long)OPENSSL_VERSION_NUMBER, SSLeay()); - -#ifndef OPENSSL_PRNG_ONLY - original_uid = getuid(); - original_euid = geteuid(); +#ifdef PRNGD_PORT + debug("trying egd/prngd port %d", PRNGD_PORT); + if (get_random_bytes_prngd(buf, bytes, PRNGD_PORT, NULL) == 0) + return 0; +#endif +#ifdef PRNGD_SOCKET + debug("trying egd/prngd socket %s", PRNGD_SOCKET); + if (get_random_bytes_prngd(buf, bytes, 0, PRNGD_SOCKET) == 0) + return 0; #endif + return -1; } -#ifndef OPENSSL_PRNG_ONLY void rexec_send_rng_seed(Buffer *m) { @@ -191,4 +201,34 @@ rexec_recv_rng_seed(Buffer *m) RAND_add(buf, len, len); } } +#endif /* OPENSSL_PRNG_ONLY */ + +void +seed_rng(void) +{ +#ifndef OPENSSL_PRNG_ONLY + unsigned char buf[RANDOM_SEED_SIZE]; #endif + /* + * OpenSSL version numbers: MNNFFPPS: major minor fix patch status + * We match major, minor, fix and status (not patch) + */ + if ((SSLeay() ^ OPENSSL_VERSION_NUMBER) & ~0xff0L) + fatal("OpenSSL version mismatch. Built against %lx, you " + "have %lx", (u_long)OPENSSL_VERSION_NUMBER, SSLeay()); + +#ifndef OPENSSL_PRNG_ONLY + if (RAND_status() == 1) { + debug3("RNG is ready, skipping seeding"); + return; + } + + if (seed_from_prngd(buf, sizeof(buf)) == -1) + fatal("Could not obtain seed from PRNGd"); + RAND_add(buf, sizeof(buf), sizeof(buf)); + memset(buf, '\0', sizeof(buf)); + +#endif /* OPENSSL_PRNG_ONLY */ + if (RAND_status() != 1) + fatal("PRNG is not seeded"); +} diff --git a/regress/README.regress b/regress/README.regress index da9bb6a9..82e4cc75 100644 --- a/regress/README.regress +++ b/regress/README.regress @@ -93,10 +93,6 @@ Failed tests can be difficult to diagnose. Suggestions: Known Issues. -- If your build requires ssh-rand-helper regress tests will fail - unless ssh-rand-helper is in pre-installed (the path to - ssh-rand-helper is hard coded). - - Similarly, if you do not have "scp" in your system's $PATH then the multiplex scp tests will fail (since the system's shell startup scripts will determine where the shell started by sshd will look for scp). @@ -105,4 +101,4 @@ Known Issues. test to fail. The old behaviour can be restored by setting (and exporting) _POSIX2_VERSION=199209 before running the tests. -$Id: README.regress,v 1.11 2010/08/16 21:04:29 djm Exp $ +$Id: README.regress,v 1.12 2011/05/05 03:48:42 djm Exp $ @@ -372,7 +372,6 @@ main(int argc, char **argv) sanitise_stdfd(); __progname = ssh_get_progname(argv[0]); - init_rng(); seed_rng(); OpenSSL_add_all_algorithms(); diff --git a/ssh-agent.c b/ssh-agent.c index afba413d..ae204b14 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1154,7 +1154,6 @@ main(int ac, char **av) OpenSSL_add_all_algorithms(); __progname = ssh_get_progname(av[0]); - init_rng(); seed_rng(); while ((ch = getopt(ac, av, "cdksa:t:")) != -1) { diff --git a/ssh-keygen.c b/ssh-keygen.c index c95e4ab2..d379b1a2 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1817,7 +1817,6 @@ main(int argc, char **argv) OpenSSL_add_all_algorithms(); log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1); - init_rng(); seed_rng(); /* we need this for the home * directory. */ diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 25d7ac66..eb282b94 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -620,7 +620,6 @@ main(int argc, char **argv) extern char *optarg; __progname = ssh_get_progname(argv[0]); - init_rng(); seed_rng(); TAILQ_INIT(&tq); diff --git a/ssh-keysign.c b/ssh-keysign.c index 4172491c..1deb7e14 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -178,7 +178,6 @@ main(int argc, char **argv) permanently_set_uid(pw); - init_rng(); seed_rng(); arc4random_stir(); diff --git a/ssh-pkcs11-helper.c b/ssh-pkcs11-helper.c index 8e3f57ac..cd33515f 100644 --- a/ssh-pkcs11-helper.c +++ b/ssh-pkcs11-helper.c @@ -280,7 +280,6 @@ main(int argc, char **argv) TAILQ_INIT(&pkcs11_keylist); pkcs11_init(0); - init_rng(); seed_rng(); __progname = ssh_get_progname(argv[0]); diff --git a/ssh-rand-helper.8 b/ssh-rand-helper.8 deleted file mode 100644 index af5a72fc..00000000 --- a/ssh-rand-helper.8 +++ /dev/null @@ -1,94 +0,0 @@ -.\" $Id: ssh-rand-helper.8,v 1.3 2007/01/22 01:44:53 djm Exp $ -.\" -.\" Copyright (c) 2002 Damien Miller. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR -.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, -.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd April 14, 2002 -.Dt SSH-RAND-HELPER 8 -.Os -.Sh NAME -.Nm ssh-rand-helper -.Nd random number gatherer for OpenSSH -.Sh SYNOPSIS -.Nm ssh-rand-hlper -.Op Fl vxXh -.Op Fl b Ar bytes -.Sh DESCRIPTION -.Nm -is a small helper program used by -.Xr ssh 1 , -.Xr ssh-add 1 , -.Xr ssh-agent 1 , -.Xr ssh-keygen 1 , -.Xr ssh-keyscan 1 -and -.Xr sshd 8 -to gather random numbers of cryptographic quality if the -.Xr openssl 4 -library has not been configured to provide them itself. -.Pp -Normally -.Nm -will generate a strong random seed and provide it to the calling -program via standard output. If standard output is a tty, -.Nm -will instead print the seed in hexidecimal format unless told otherwise. -.Pp -.Nm -will by default gather random numbers from the system commands listed -in -.Pa /etc/ssh/ssh_prng_cmds . -The output of each of the commands listed will be hashed and used to -generate a random seed for the calling program. -.Nm -will also store seed files in -.Pa ~/.ssh/prng_seed -between executions. -.Pp -Alternately, -.Nm -may be configured at build time to collect random numbers from a -EGD/PRNGd server via a unix domain or localhost tcp socket. -.Pp -This program is not intended to be run by the end-user, so the few -commandline options are for debugging purposes only. -.Bl -tag -width Ds -.It Fl b Ar bytes -Specify the number of random bytes to include in the output. -.It Fl x -Output a hexidecimal instead of a binary seed. -.It Fl X -Force output of a binary seed, even if standard output is a tty -.It Fl v -Turn on debugging message. Multiple -.Fl v -options will increase the debugging level. -.It Fl h -Display a summary of options. -.El -.Sh AUTHORS -Damien Miller <djm@mindrot.org> -.Sh SEE ALSO -.Xr ssh 1 , -.Xr ssh-add 1 , -.Xr ssh-keygen 1 , -.Xr sshd 8 diff --git a/ssh-rand-helper.c b/ssh-rand-helper.c deleted file mode 100644 index fa507049..00000000 --- a/ssh-rand-helper.c +++ /dev/null @@ -1,932 +0,0 @@ -/* - * Copyright (c) 2001-2002 Damien Miller. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "includes.h" - -#include <sys/types.h> -#include <sys/resource.h> -#include <sys/stat.h> -#include <sys/wait.h> -#include <sys/socket.h> - -#include <stdarg.h> -#include <stddef.h> -#include <string.h> - -#include <netinet/in.h> -#include <arpa/inet.h> - -#ifdef HAVE_SYS_UN_H -# include <sys/un.h> -#endif - -#include <errno.h> -#include <fcntl.h> -#include <pwd.h> -#include <signal.h> -#include <time.h> -#include <unistd.h> - -#include <openssl/rand.h> -#include <openssl/sha.h> -#include <openssl/crypto.h> - -/* SunOS 4.4.4 needs this */ -#ifdef HAVE_FLOATINGPOINT_H -# include <floatingpoint.h> -#endif /* HAVE_FLOATINGPOINT_H */ - -#include "misc.h" -#include "xmalloc.h" -#include "atomicio.h" -#include "pathnames.h" -#include "log.h" - -/* Number of bytes we write out */ -#define OUTPUT_SEED_SIZE 48 - -/* Length of on-disk seedfiles */ -#define SEED_FILE_SIZE 1024 - -/* Maximum number of command-line arguments to read from file */ -#define NUM_ARGS 10 - -/* Minimum number of usable commands to be considered sufficient */ -#define MIN_ENTROPY_SOURCES 16 - -/* Path to on-disk seed file (relative to user's home directory */ -#ifndef SSH_PRNG_SEED_FILE -# define SSH_PRNG_SEED_FILE _PATH_SSH_USER_DIR"/prng_seed" -#endif - -/* Path to PRNG commands list */ -#ifndef SSH_PRNG_COMMAND_FILE -# define SSH_PRNG_COMMAND_FILE SSHDIR "/ssh_prng_cmds" -#endif - -extern char *__progname; - -#define WHITESPACE " \t\n" - -#ifndef RUSAGE_SELF -# define RUSAGE_SELF 0 -#endif -#ifndef RUSAGE_CHILDREN -# define RUSAGE_CHILDREN 0 -#endif - -#if !defined(PRNGD_SOCKET) && !defined(PRNGD_PORT) -# define USE_SEED_FILES -#endif - -typedef struct { - /* Proportion of data that is entropy */ - double rate; - /* Counter goes positive if this command times out */ - unsigned int badness; - /* Increases by factor of two each timeout */ - unsigned int sticky_badness; - /* Path to executable */ - char *path; - /* argv to pass to executable */ - char *args[NUM_ARGS]; /* XXX: arbitrary limit */ - /* full command string (debug) */ - char *cmdstring; -} entropy_cmd_t; - -/* slow command timeouts (all in milliseconds) */ -/* static int entropy_timeout_default = ENTROPY_TIMEOUT_MSEC; */ -static int entropy_timeout_current = ENTROPY_TIMEOUT_MSEC; - -/* this is initialised from a file, by prng_read_commands() */ -static entropy_cmd_t *entropy_cmds = NULL; - -/* Prototypes */ -double stir_from_system(void); -double stir_from_programs(void); -double stir_gettimeofday(double entropy_estimate); -double stir_clock(double entropy_estimate); -double stir_rusage(int who, double entropy_estimate); -double hash_command_output(entropy_cmd_t *src, unsigned char *hash); -int get_random_bytes_prngd(unsigned char *buf, int len, - unsigned short tcp_port, char *socket_path); - -/* - * Collect 'len' bytes of entropy into 'buf' from PRNGD/EGD daemon - * listening either on 'tcp_port', or via Unix domain socket at * - * 'socket_path'. - * Either a non-zero tcp_port or a non-null socket_path must be - * supplied. - * Returns 0 on success, -1 on error - */ -int -get_random_bytes_prngd(unsigned char *buf, int len, - unsigned short tcp_port, char *socket_path) -{ - int fd, addr_len, rval, errors; - u_char msg[2]; - struct sockaddr_storage addr; - struct sockaddr_in *addr_in = (struct sockaddr_in *)&addr; - struct sockaddr_un *addr_un = (struct sockaddr_un *)&addr; - mysig_t old_sigpipe; - - /* Sanity checks */ - if (socket_path == NULL && tcp_port == 0) - fatal("You must specify a port or a socket"); - if (socket_path != NULL && - strlen(socket_path) >= sizeof(addr_un->sun_path)) - fatal("Random pool path is too long"); - if (len <= 0 || len > 255) - fatal("Too many bytes (%d) to read from PRNGD", len); - - memset(&addr, '\0', sizeof(addr)); - - if (tcp_port != 0) { - addr_in->sin_family = AF_INET; - addr_in->sin_addr.s_addr = htonl(INADDR_LOOPBACK); - addr_in->sin_port = htons(tcp_port); - addr_len = sizeof(*addr_in); - } else { - addr_un->sun_family = AF_UNIX; - strlcpy(addr_un->sun_path, socket_path, - sizeof(addr_un->sun_path)); - addr_len = offsetof(struct sockaddr_un, sun_path) + - strlen(socket_path) + 1; - } - - old_sigpipe = mysignal(SIGPIPE, SIG_IGN); - - errors = 0; - rval = -1; -reopen: - fd = socket(addr.ss_family, SOCK_STREAM, 0); - if (fd == -1) { - error("Couldn't create socket: %s", strerror(errno)); - goto done; - } - - if (connect(fd, (struct sockaddr*)&addr, addr_len) == -1) { - if (tcp_port != 0) { - error("Couldn't connect to PRNGD port %d: %s", - tcp_port, strerror(errno)); - } else { - error("Couldn't connect to PRNGD socket \"%s\": %s", - addr_un->sun_path, strerror(errno)); - } - goto done; - } - - /* Send blocking read request to PRNGD */ - msg[0] = 0x02; - msg[1] = len; - - if (atomicio(vwrite, fd, msg, sizeof(msg)) != sizeof(msg)) { - if (errno == EPIPE && errors < 10) { - close(fd); - errors++; - goto reopen; - } - error("Couldn't write to PRNGD socket: %s", - strerror(errno)); - goto done; - } - - if (atomicio(read, fd, buf, len) != (size_t)len) { - if (errno == EPIPE && errors < 10) { - close(fd); - errors++; - goto reopen; - } - error("Couldn't read from PRNGD socket: %s", - strerror(errno)); - goto done; - } - - rval = 0; -done: - mysignal(SIGPIPE, old_sigpipe); - if (fd != -1) - close(fd); - return rval; -} - -static int -seed_from_prngd(unsigned char *buf, size_t bytes) -{ -#ifdef PRNGD_PORT - debug("trying egd/prngd port %d", PRNGD_PORT); - if (get_random_bytes_prngd(buf, bytes, PRNGD_PORT, NULL) == 0) - return 0; -#endif -#ifdef PRNGD_SOCKET - debug("trying egd/prngd socket %s", PRNGD_SOCKET); - if (get_random_bytes_prngd(buf, bytes, 0, PRNGD_SOCKET) == 0) - return 0; -#endif - return -1; -} - -double -stir_gettimeofday(double entropy_estimate) -{ - struct timeval tv; - - if (gettimeofday(&tv, NULL) == -1) - fatal("Couldn't gettimeofday: %s", strerror(errno)); - - RAND_add(&tv, sizeof(tv), entropy_estimate); - - return entropy_estimate; -} - -double -stir_clock(double entropy_estimate) -{ -#ifdef HAVE_CLOCK - clock_t c; - - c = clock(); - RAND_add(&c, sizeof(c), entropy_estimate); - - return entropy_estimate; -#else /* _HAVE_CLOCK */ - return 0; -#endif /* _HAVE_CLOCK */ -} - -double -stir_rusage(int who, double entropy_estimate) -{ -#ifdef HAVE_GETRUSAGE - struct rusage ru; - - if (getrusage(who, &ru) == -1) - return 0; - - RAND_add(&ru, sizeof(ru), entropy_estimate); - - return entropy_estimate; -#else /* _HAVE_GETRUSAGE */ - return 0; -#endif /* _HAVE_GETRUSAGE */ -} - -static int -timeval_diff(struct timeval *t1, struct timeval *t2) -{ - int secdiff, usecdiff; - - secdiff = t2->tv_sec - t1->tv_sec; - usecdiff = (secdiff*1000000) + (t2->tv_usec - t1->tv_usec); - return (int)(usecdiff / 1000); -} - -double -hash_command_output(entropy_cmd_t *src, unsigned char *hash) -{ - char buf[8192]; - fd_set rdset; - int bytes_read, cmd_eof, error_abort, msec_elapsed, p[2]; - int status, total_bytes_read; - static int devnull = -1; - pid_t pid; - SHA_CTX sha; - struct timeval tv_start, tv_current; - - debug3("Reading output from \'%s\'", src->cmdstring); - - if (devnull == -1) { - devnull = open("/dev/null", O_RDWR); - if (devnull == -1) - fatal("Couldn't open /dev/null: %s", - strerror(errno)); - } - - if (pipe(p) == -1) - fatal("Couldn't open pipe: %s", strerror(errno)); - - (void)gettimeofday(&tv_start, NULL); /* record start time */ - - switch (pid = fork()) { - case -1: /* Error */ - close(p[0]); - close(p[1]); - fatal("Couldn't fork: %s", strerror(errno)); - /* NOTREACHED */ - case 0: /* Child */ - dup2(devnull, STDIN_FILENO); - dup2(p[1], STDOUT_FILENO); - dup2(p[1], STDERR_FILENO); - close(p[0]); - close(p[1]); - close(devnull); - - execv(src->path, (char**)(src->args)); - - debug("(child) Couldn't exec '%s': %s", - src->cmdstring, strerror(errno)); - _exit(-1); - default: /* Parent */ - break; - } - - RAND_add(&pid, sizeof(&pid), 0.0); - - close(p[1]); - - /* Hash output from child */ - SHA1_Init(&sha); - - cmd_eof = error_abort = msec_elapsed = total_bytes_read = 0; - while (!error_abort && !cmd_eof) { - int ret; - struct timeval tv; - int msec_remaining; - - (void) gettimeofday(&tv_current, 0); - msec_elapsed = timeval_diff(&tv_start, &tv_current); - if (msec_elapsed >= entropy_timeout_current) { - error_abort=1; - continue; - } - msec_remaining = entropy_timeout_current - msec_elapsed; - - FD_ZERO(&rdset); - FD_SET(p[0], &rdset); - tv.tv_sec = msec_remaining / 1000; - tv.tv_usec = (msec_remaining % 1000) * 1000; - - ret = select(p[0] + 1, &rdset, NULL, NULL, &tv); - - RAND_add(&tv, sizeof(tv), 0.0); - - switch (ret) { - case 0: - /* timer expired */ - error_abort = 1; - kill(pid, SIGINT); - break; - case 1: - /* command input */ - do { - bytes_read = read(p[0], buf, sizeof(buf)); - } while (bytes_read == -1 && errno == EINTR); - RAND_add(&bytes_read, sizeof(&bytes_read), 0.0); - if (bytes_read == -1) { - error_abort = 1; - break; - } else if (bytes_read) { - SHA1_Update(&sha, buf, bytes_read); - total_bytes_read += bytes_read; - } else { - cmd_eof = 1; - } - break; - case -1: - default: - /* error */ - debug("Command '%s': select() failed: %s", - src->cmdstring, strerror(errno)); - error_abort = 1; - break; - } - } - - SHA1_Final(hash, &sha); - - close(p[0]); - - debug3("Time elapsed: %d msec", msec_elapsed); - - if (waitpid(pid, &status, 0) == -1) { - error("Couldn't wait for child '%s' completion: %s", - src->cmdstring, strerror(errno)); - return 0.0; - } - - RAND_add(&status, sizeof(&status), 0.0); - - if (error_abort) { - /* - * Closing p[0] on timeout causes the entropy command to - * SIGPIPE. Take whatever output we got, and mark this - * command as slow - */ - debug2("Command '%s' timed out", src->cmdstring); - src->sticky_badness *= 2; - src->badness = src->sticky_badness; - return total_bytes_read; - } - - if (WIFEXITED(status)) { - if (WEXITSTATUS(status) == 0) { - return total_bytes_read; - } else { - debug2("Command '%s' exit status was %d", - src->cmdstring, WEXITSTATUS(status)); - src->badness = src->sticky_badness = 128; - return 0.0; - } - } else if (WIFSIGNALED(status)) { - debug2("Command '%s' returned on uncaught signal %d !", - src->cmdstring, status); - src->badness = src->sticky_badness = 128; - return 0.0; - } else - return 0.0; -} - -double -stir_from_system(void) -{ - double total_entropy_estimate; - long int i; - - total_entropy_estimate = 0; - - i = getpid(); - RAND_add(&i, sizeof(i), 0.5); - total_entropy_estimate += 0.1; - - i = getppid(); - RAND_add(&i, sizeof(i), 0.5); - total_entropy_estimate += 0.1; - - i = getuid(); - RAND_add(&i, sizeof(i), 0.0); - i = getgid(); - RAND_add(&i, sizeof(i), 0.0); - - total_entropy_estimate += stir_gettimeofday(1.0); - total_entropy_estimate += stir_clock(0.5); - total_entropy_estimate += stir_rusage(RUSAGE_SELF, 2.0); - - return total_entropy_estimate; -} - -double -stir_from_programs(void) -{ - int c; - double entropy, total_entropy; - unsigned char hash[SHA_DIGEST_LENGTH]; - - total_entropy = 0; - for(c = 0; entropy_cmds[c].path != NULL; c++) { - if (!entropy_cmds[c].badness) { - /* Hash output from command */ - entropy = hash_command_output(&entropy_cmds[c], - hash); - - /* Scale back estimate by command's rate */ - entropy *= entropy_cmds[c].rate; - - /* Upper bound of entropy is SHA_DIGEST_LENGTH */ - if (entropy > SHA_DIGEST_LENGTH) - entropy = SHA_DIGEST_LENGTH; - - /* Stir it in */ - RAND_add(hash, sizeof(hash), entropy); - - debug3("Got %0.2f bytes of entropy from '%s'", - entropy, entropy_cmds[c].cmdstring); - - total_entropy += entropy; - - /* Execution time should be a bit unpredictable */ - total_entropy += stir_gettimeofday(0.05); - total_entropy += stir_clock(0.05); - total_entropy += stir_rusage(RUSAGE_SELF, 0.1); - total_entropy += stir_rusage(RUSAGE_CHILDREN, 0.1); - } else { - debug2("Command '%s' disabled (badness %d)", - entropy_cmds[c].cmdstring, - entropy_cmds[c].badness); - - if (entropy_cmds[c].badness > 0) - entropy_cmds[c].badness--; - } - } - - return total_entropy; -} - -/* - * prng seedfile functions - */ -int -prng_check_seedfile(char *filename) -{ - struct stat st; - - /* - * XXX raceable: eg replace seed between this stat and subsequent - * open. Not such a problem because we don't really trust the - * seed file anyway. - * XXX: use secure path checking as elsewhere in OpenSSH - */ - if (lstat(filename, &st) == -1) { - /* Give up on hard errors */ - if (errno != ENOENT) - debug("WARNING: Couldn't stat random seed file " - "\"%.100s\": %s", filename, strerror(errno)); - return 0; - } - - /* regular file? */ - if (!S_ISREG(st.st_mode)) - fatal("PRNG seedfile %.100s is not a regular file", - filename); - - /* mode 0600, owned by root or the current user? */ - if (((st.st_mode & 0177) != 0) || !(st.st_uid == getuid())) { - debug("WARNING: PRNG seedfile %.100s must be mode 0600, " - "owned by uid %li", filename, (long int)getuid()); - return 0; - } - - return 1; -} - -void -prng_write_seedfile(void) -{ - int fd, save_errno; - unsigned char seed[SEED_FILE_SIZE]; - char filename[MAXPATHLEN], tmpseed[MAXPATHLEN]; - struct passwd *pw; - mode_t old_umask; - - pw = getpwuid(getuid()); - if (pw == NULL) - fatal("Couldn't get password entry for current user " - "(%li): %s", (long int)getuid(), strerror(errno)); - - /* Try to ensure that the parent directory is there */ - snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir, - _PATH_SSH_USER_DIR); - if (mkdir(filename, 0700) < 0 && errno != EEXIST) - fatal("mkdir %.200s: %s", filename, strerror(errno)); - - snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir, - SSH_PRNG_SEED_FILE); - - strlcpy(tmpseed, filename, sizeof(tmpseed)); - if (strlcat(tmpseed, ".XXXXXXXXXX", sizeof(tmpseed)) >= - sizeof(tmpseed)) - fatal("PRNG seed filename too long"); - - if (RAND_bytes(seed, sizeof(seed)) <= 0) - fatal("PRNG seed extraction failed"); - - /* Don't care if the seed doesn't exist */ - prng_check_seedfile(filename); - - old_umask = umask(0177); - - if ((fd = mkstemp(tmpseed)) == -1) { - debug("WARNING: couldn't make temporary PRNG seedfile %.100s " - "(%.100s)", tmpseed, strerror(errno)); - } else { - debug("writing PRNG seed to file %.100s", tmpseed); - if (atomicio(vwrite, fd, &seed, sizeof(seed)) < sizeof(seed)) { - save_errno = errno; - close(fd); - unlink(tmpseed); - fatal("problem writing PRNG seedfile %.100s " - "(%.100s)", filename, strerror(save_errno)); - } - close(fd); - debug("moving temporary PRNG seed to file %.100s", filename); - if (rename(tmpseed, filename) == -1) { - save_errno = errno; - unlink(tmpseed); - fatal("problem renaming PRNG seedfile from %.100s " - "to %.100s (%.100s)", tmpseed, filename, - strerror(save_errno)); - } - } - umask(old_umask); -} - -void -prng_read_seedfile(void) -{ - int fd; - char seed[SEED_FILE_SIZE], filename[MAXPATHLEN]; - struct passwd *pw; - - pw = getpwuid(getuid()); - if (pw == NULL) - fatal("Couldn't get password entry for current user " - "(%li): %s", (long int)getuid(), strerror(errno)); - - snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir, - SSH_PRNG_SEED_FILE); - - debug("loading PRNG seed from file %.100s", filename); - - if (!prng_check_seedfile(filename)) { - verbose("Random seed file not found or invalid, ignoring."); - return; - } - - /* open the file and read in the seed */ - fd = open(filename, O_RDONLY); - if (fd == -1) - fatal("could not open PRNG seedfile %.100s (%.100s)", - filename, strerror(errno)); - - if (atomicio(read, fd, &seed, sizeof(seed)) < sizeof(seed)) { - verbose("invalid or short read from PRNG seedfile " - "%.100s - ignoring", filename); - memset(seed, '\0', sizeof(seed)); - } - close(fd); - - /* stir in the seed, with estimated entropy zero */ - RAND_add(&seed, sizeof(seed), 0.0); -} - - -/* - * entropy command initialisation functions - */ -int -prng_read_commands(char *cmdfilename) -{ - char cmd[SEED_FILE_SIZE], *cp, line[1024], path[SEED_FILE_SIZE]; - double est; - entropy_cmd_t *entcmd; - FILE *f; - int cur_cmd, linenum, num_cmds, arg; - - if ((f = fopen(cmdfilename, "r")) == NULL) { - fatal("couldn't read entropy commands file %.100s: %.100s", - cmdfilename, strerror(errno)); - } - - num_cmds = 64; - entcmd = xcalloc(num_cmds, sizeof(entropy_cmd_t)); - - /* Read in file */ - cur_cmd = linenum = 0; - while (fgets(line, sizeof(line), f)) { - linenum++; - - /* Skip leading whitespace, blank lines and comments */ - cp = line + strspn(line, WHITESPACE); - if ((*cp == 0) || (*cp == '#')) - continue; /* done with this line */ - - /* - * The first non-whitespace char should be a double quote - * delimiting the commandline - */ - if (*cp != '"') { - error("bad entropy command, %.100s line %d", - cmdfilename, linenum); - continue; - } - - /* - * First token, command args (incl. argv[0]) in double - * quotes - */ - cp = strtok(cp, "\""); - if (cp == NULL) { - error("missing or bad command string, %.100s " - "line %d -- ignored", cmdfilename, linenum); - continue; - } - strlcpy(cmd, cp, sizeof(cmd)); - - /* Second token, full command path */ - if ((cp = strtok(NULL, WHITESPACE)) == NULL) { - error("missing command path, %.100s " - "line %d -- ignored", cmdfilename, linenum); - continue; - } - - /* Did configure mark this as dead? */ - if (strncmp("undef", cp, 5) == 0) - continue; - - strlcpy(path, cp, sizeof(path)); - - /* Third token, entropy rate estimate for this command */ - if ((cp = strtok(NULL, WHITESPACE)) == NULL) { - error("missing entropy estimate, %.100s " - "line %d -- ignored", cmdfilename, linenum); - continue; - } - est = strtod(cp, NULL); - - /* end of line */ - if ((cp = strtok(NULL, WHITESPACE)) != NULL) { - error("garbage at end of line %d in %.100s " - "-- ignored", linenum, cmdfilename); - continue; - } - - /* save the command for debug messages */ - entcmd[cur_cmd].cmdstring = xstrdup(cmd); - - /* split the command args */ - cp = strtok(cmd, WHITESPACE); - arg = 0; - do { - entcmd[cur_cmd].args[arg] = xstrdup(cp); - arg++; - } while(arg < NUM_ARGS && (cp = strtok(NULL, WHITESPACE))); - - if (strtok(NULL, WHITESPACE)) - error("ignored extra commands (max %d), %.100s " - "line %d", NUM_ARGS, cmdfilename, linenum); - - /* Copy the command path and rate estimate */ - entcmd[cur_cmd].path = xstrdup(path); - entcmd[cur_cmd].rate = est; - - /* Initialise other values */ - entcmd[cur_cmd].sticky_badness = 1; - - cur_cmd++; - - /* - * If we've filled the array, reallocate it twice the size - * Do this now because even if this we're on the last - * command we need another slot to mark the last entry - */ - if (cur_cmd == num_cmds) { - num_cmds *= 2; - entcmd = xrealloc(entcmd, num_cmds, - sizeof(entropy_cmd_t)); - } - } - - /* zero the last entry */ - memset(&entcmd[cur_cmd], '\0', sizeof(entropy_cmd_t)); - - /* trim to size */ - entropy_cmds = xrealloc(entcmd, (cur_cmd + 1), - sizeof(entropy_cmd_t)); - - debug("Loaded %d entropy commands from %.100s", cur_cmd, - cmdfilename); - - fclose(f); - return cur_cmd < MIN_ENTROPY_SOURCES ? -1 : 0; -} - -void -usage(void) -{ - fprintf(stderr, "Usage: %s [options]\n", __progname); - fprintf(stderr, " -v Verbose; display verbose debugging messages.\n"); - fprintf(stderr, " Multiple -v increases verbosity.\n"); - fprintf(stderr, " -x Force output in hexadecimal (for debugging)\n"); - fprintf(stderr, " -X Force output in binary\n"); - fprintf(stderr, " -b bytes Number of bytes to output (default %d)\n", - OUTPUT_SEED_SIZE); -} - -int -main(int argc, char **argv) -{ - unsigned char *buf; - int ret, ch, debug_level, output_hex, bytes; - extern char *optarg; - extern int optind; - LogLevel ll; - - __progname = ssh_get_progname(argv[0]); - log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1); - - ll = SYSLOG_LEVEL_INFO; - debug_level = output_hex = 0; - bytes = OUTPUT_SEED_SIZE; - - /* Don't write binary data to a tty, unless we are forced to */ - if (isatty(STDOUT_FILENO)) - output_hex = 1; - - while ((ch = getopt(argc, argv, "vxXhb:")) != -1) { - switch (ch) { - case 'v': - if (debug_level < 3) - ll = SYSLOG_LEVEL_DEBUG1 + debug_level++; - break; - case 'x': - output_hex = 1; - break; - case 'X': - output_hex = 0; - break; - case 'b': - if ((bytes = atoi(optarg)) <= 0) - fatal("Invalid number of output bytes"); - break; - case 'h': - usage(); - exit(0); - default: - error("Invalid commandline option"); - usage(); - exit(1); - } - } - log_init(argv[0], ll, SYSLOG_FACILITY_USER, 1); - - if (argc != optind) { - error("Unexpected commandline arguments."); - usage(); - exit(1); - } - -#ifdef USE_SEED_FILES - prng_read_seedfile(); -#endif - - buf = xmalloc(bytes); - - /* - * Seed the RNG from wherever we can - */ - - /* Take whatever is on the stack, but don't credit it */ - RAND_add(buf, bytes, 0); - - debug("Seeded RNG with %i bytes from system calls", - (int)stir_from_system()); - - /* try prngd, fall back to commands if prngd fails or not configured */ - if (seed_from_prngd(buf, bytes) == 0) { - RAND_add(buf, bytes, bytes); - } else { - /* Read in collection commands */ - if (prng_read_commands(SSH_PRNG_COMMAND_FILE) == -1) - fatal("PRNG initialisation failed -- exiting."); - debug("Seeded RNG with %i bytes from programs", - (int)stir_from_programs()); - } - -#ifdef USE_SEED_FILES - prng_write_seedfile(); -#endif - - /* - * Write the seed to stdout - */ - - if (!RAND_status()) - fatal("Not enough entropy in RNG"); - - if (RAND_bytes(buf, bytes) <= 0) - fatal("Couldn't extract entropy from PRNG"); - - if (output_hex) { - for(ret = 0; ret < bytes; ret++) - printf("%02x", (unsigned char)(buf[ret])); - printf("\n"); - } else - ret = atomicio(vwrite, STDOUT_FILENO, buf, bytes); - - memset(buf, '\0', bytes); - xfree(buf); - - return ret == bytes ? 0 : 1; -} - -/* - * We may attempt to re-seed during mkstemp if we are using the one in the - * compat library (via mkstemp -> _gettemp -> arc4random -> seed_rng) so we - * need our own seed_rng(). We must also check that we have enough entropy. - */ -void -seed_rng(void) -{ - if (!RAND_status()) - fatal("Not enough entropy in RNG"); -} @@ -234,7 +234,6 @@ main(int ac, char **av) sanitise_stdfd(); __progname = ssh_get_progname(av[0]); - init_rng(); /* * Discard other fds that are hanging around. These can cause problem diff --git a/ssh_prng_cmds.in b/ssh_prng_cmds.in deleted file mode 100644 index 0d29d49f..00000000 --- a/ssh_prng_cmds.in +++ /dev/null @@ -1,75 +0,0 @@ -# entropy gathering commands - -# Format is: "program-name args" path rate - -# The "rate" represents the number of bits of usuable entropy per -# byte of command output. Be conservative. -# -# $Id: ssh_prng_cmds.in,v 1.9 2003/11/21 12:48:56 djm Exp $ - -"ls -alni /var/log" @PROG_LS@ 0.02 -"ls -alni /var/adm" @PROG_LS@ 0.02 -"ls -alni /usr/adm" @PROG_LS@ 0.02 -"ls -alni /var/mail" @PROG_LS@ 0.02 -"ls -alni /usr/mail" @PROG_LS@ 0.02 -"ls -alni /var/adm/syslog" @PROG_LS@ 0.02 -"ls -alni /usr/adm/syslog" @PROG_LS@ 0.02 -"ls -alni /var/spool/mail" @PROG_LS@ 0.02 -"ls -alni /proc" @PROG_LS@ 0.02 -"ls -alni /tmp" @PROG_LS@ 0.02 -"ls -alni /var/tmp" @PROG_LS@ 0.02 -"ls -alni /usr/tmp" @PROG_LS@ 0.02 -"ls -alTi /var/log" @PROG_LS@ 0.02 -"ls -alTi /var/adm" @PROG_LS@ 0.02 -"ls -alTi /var/mail" @PROG_LS@ 0.02 -"ls -alTi /var/adm/syslog" @PROG_LS@ 0.02 -"ls -alTi /var/spool/mail" @PROG_LS@ 0.02 -"ls -alTi /proc" @PROG_LS@ 0.02 -"ls -alTi /tmp" @PROG_LS@ 0.02 -"ls -alTi /var/tmp" @PROG_LS@ 0.02 -"ls -alTi /usr/tmp" @PROG_LS@ 0.02 - -"netstat -an" @PROG_NETSTAT@ 0.05 -"netstat -in" @PROG_NETSTAT@ 0.05 -"netstat -rn" @PROG_NETSTAT@ 0.02 -"netstat -pn" @PROG_NETSTAT@ 0.02 -"netstat -ia" @PROG_NETSTAT@ 0.05 -"netstat -s" @PROG_NETSTAT@ 0.02 -"netstat -is" @PROG_NETSTAT@ 0.07 - -"arp -n -a" @PROG_ARP@ 0.02 - -"ifconfig -a" @PROG_IFCONFIG@ 0.02 - -"ps laxww" @PROG_PS@ 0.03 -"ps -al" @PROG_PS@ 0.03 -"ps -efl" @PROG_PS@ 0.03 -"jstat" @PROG_JSTAT@ 0.07 - -"w" @PROG_W@ 0.05 - -"who -i" @PROG_WHO@ 0.01 - -"last" @PROG_LAST@ 0.01 - -"lastlog" @PROG_LASTLOG@ 0.01 - -"df" @PROG_DF@ 0.01 -"df -i" @PROG_DF@ 0.01 - -"sar -d" @PROG_SAR@ 0.04 - -"vmstat" @PROG_VMSTAT@ 0.01 -"uptime" @PROG_UPTIME@ 0.01 - -"ipcs -a" @PROG_IPCS@ 0.01 - -"tail -200 /var/log/messages" @PROG_TAIL@ 0.01 -"tail -200 /var/log/syslog" @PROG_TAIL@ 0.01 -"tail -200 /var/adm/messages" @PROG_TAIL@ 0.01 -"tail -200 /var/adm/syslog" @PROG_TAIL@ 0.01 -"tail -200 /var/adm/syslog/syslog.log" @PROG_TAIL@ 0.01 -"tail -200 /var/log/maillog" @PROG_TAIL@ 0.01 -"tail -200 /var/adm/maillog" @PROG_TAIL@ 0.01 -"tail -200 /var/adm/syslog/mail.log" @PROG_TAIL@ 0.01 - @@ -1306,7 +1306,6 @@ main(int ac, char **av) (void)set_auth_parameters(ac, av); #endif __progname = ssh_get_progname(av[0]); - init_rng(); /* Save argv. Duplicate so setproctitle emulation doesn't clobber it */ saved_argc = ac; |