diff options
| author | Damien Miller <djm@mindrot.org> | 2011-05-05 13:48:37 +1000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2011-05-05 13:48:37 +1000 |
| commit | f22019bdbfb986daf24428a9d37f9fe9bb3ff7ad (patch) | |
| tree | e23aa2864fccb6f4097d962aa14f9d78ca02a929 | |
| parent | 68790fedef210e03e36534b111e2f27b858170b4 (diff) | |
- (djm) [Makefile.in WARNING.RNG aclocal.m4 buildpkg.sh.in configure.ac]
[entropy.c ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c]
[ssh-keysign.c ssh-pkcs11-helper.c ssh-rand-helper.8 ssh-rand-helper.c]
[ssh.c ssh_prng_cmds.in sshd.c contrib/aix/buildbff.sh]
[regress/README.regress] Remove ssh-rand-helper and all its
tentacles. PRNGd seeding has been rolled into entropy.c directly.
Thanks to tim@ for testing on affected platforms.
| -rw-r--r-- | .cvsignore | 2 | ||||
| -rw-r--r-- | ChangeLog | 7 | ||||
| -rw-r--r-- | INSTALL | 6 | ||||
| -rw-r--r-- | Makefile.in | 50 | ||||
| -rw-r--r-- | WARNING.RNG | 95 | ||||
| -rw-r--r-- | aclocal.m4 | 12 | ||||
| -rw-r--r-- | buildpkg.sh.in | 7 | ||||
| -rw-r--r-- | configure.ac | 249 | ||||
| -rwxr-xr-x | contrib/aix/buildbff.sh | 11 | ||||
| -rw-r--r-- | entropy.c | 238 | ||||
| -rw-r--r-- | regress/README.regress | 6 | ||||
| -rw-r--r-- | ssh-add.c | 1 | ||||
| -rw-r--r-- | ssh-agent.c | 1 | ||||
| -rw-r--r-- | ssh-keygen.c | 1 | ||||
| -rw-r--r-- | ssh-keyscan.c | 1 | ||||
| -rw-r--r-- | ssh-keysign.c | 1 | ||||
| -rw-r--r-- | ssh-pkcs11-helper.c | 1 | ||||
| -rw-r--r-- | ssh-rand-helper.8 | 94 | ||||
| -rw-r--r-- | ssh-rand-helper.c | 932 | ||||
| -rw-r--r-- | ssh.c | 1 | ||||
| -rw-r--r-- | ssh_prng_cmds.in | 75 | ||||
| -rw-r--r-- | sshd.c | 1 |
22 files changed, 237 insertions, 1555 deletions
@@ -22,8 +22,6 @@ ssh-keygen ssh-keyscan ssh-keysign ssh-pkcs11-helper -ssh-rand-helper -ssh_prng_cmds sshd stamp-h.in survey @@ -1,6 +1,13 @@ 20110505 - (djm) [defines.h] Move up include of netinet/ip.h for IPTOS definitions. From des AT des.no + - (djm) [Makefile.in WARNING.RNG aclocal.m4 buildpkg.sh.in configure.ac] + [entropy.c ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c] + [ssh-keysign.c ssh-pkcs11-helper.c ssh-rand-helper.8 ssh-rand-helper.c] + [ssh.c ssh_prng_cmds.in sshd.c contrib/aix/buildbff.sh] + [regress/README.regress] Remove ssh-rand-helper and all its + tentacles. PRNGd seeding has been rolled into entropy.c directly. + Thanks to tim@ for testing on affected platforms. 20110221 - (dtucker) [contrib/cygwin/ssh-host-config] From Corinna: revamp of the @@ -16,9 +16,7 @@ The remaining items are optional. NB. If you operating system supports /dev/random, you should configure OpenSSL to use it. OpenSSH relies on OpenSSL's direct support of -/dev/random, or failing that, either prngd or egd. If you don't have -any of these you will have to rely on ssh-rand-helper, which is inferior -to a good kernel-based solution or prngd. +/dev/random, or failing that, either prngd or egd PRNGD: @@ -262,4 +260,4 @@ Please refer to the "reporting bugs" section of the webpage at http://www.openssh.com/ -$Id: INSTALL,v 1.85 2010/02/11 22:34:22 djm Exp $ +$Id: INSTALL,v 1.86 2011/05/05 03:48:37 djm Exp $ diff --git a/Makefile.in b/Makefile.in index d0263779..f5b14761 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.321 2011/01/25 01:16:16 djm Exp $ +# $Id: Makefile.in,v 1.322 2011/05/05 03:48:37 djm Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -26,7 +26,6 @@ ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass SFTP_SERVER=$(libexecdir)/sftp-server SSH_KEYSIGN=$(libexecdir)/ssh-keysign SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper -RAND_HELPER=$(libexecdir)/ssh-rand-helper PRIVSEP_PATH=@PRIVSEP_PATH@ SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@ STRIP_OPT=@STRIP_OPT@ @@ -39,7 +38,6 @@ PATHS= -DSSHDIR=\"$(sysconfdir)\" \ -D_PATH_SSH_PKCS11_HELPER=\"$(SSH_PKCS11_HELPER)\" \ -D_PATH_SSH_PIDDIR=\"$(piddir)\" \ -D_PATH_PRIVSEP_CHROOT_DIR=\"$(PRIVSEP_PATH)\" \ - -DSSH_RAND_HELPER=\"$(RAND_HELPER)\" CC=@CC@ LD=@LD@ @@ -61,10 +59,7 @@ LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@ EXEEXT=@EXEEXT@ MANFMT=@MANFMT@ -INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@ -INSTALL_SSH_RAND_HELPER=@INSTALL_SSH_RAND_HELPER@ - -TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) ssh-rand-helper${EXEEXT} sftp-server$(EXEEXT) sftp$(EXEEXT) +TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o bufbn.o buffer.o \ canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \ @@ -96,15 +91,14 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \ sftp-server.o sftp-common.o \ roaming_common.o roaming_serv.o -MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out -MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5 +MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out +MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5 MANTYPE = @MANTYPE@ CONFIGFILES=sshd_config.out ssh_config.out moduli.out CONFIGFILES_IN=sshd_config ssh_config moduli PATHSUBS = \ - -e 's|/etc/ssh/ssh_prng_cmds|$(sysconfdir)/ssh_prng_cmds|g' \ -e 's|/etc/ssh/ssh_config|$(sysconfdir)/ssh_config|g' \ -e 's|/etc/ssh/ssh_known_hosts|$(sysconfdir)/ssh_known_hosts|g' \ -e 's|/etc/ssh/sshd_config|$(sysconfdir)/sshd_config|g' \ @@ -124,7 +118,7 @@ PATHSUBS = \ FIXPATHSCMD = $(SED) $(PATHSUBS) -all: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) +all: $(CONFIGFILES) $(MANPAGES) $(TARGETS) $(LIBSSH_OBJS): Makefile.in config.h $(SSHOBJS): Makefile.in config.h @@ -175,9 +169,6 @@ sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o s sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o $(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT) -ssh-rand-helper${EXEEXT}: $(LIBCOMPAT) libssh.a ssh-rand-helper.o - $(LD) -o $@ ssh-rand-helper.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) - # test driver for the loginrec code - not built by default logintest: logintest.o $(LIBCOMPAT) libssh.a loginrec.o $(LD) -o $@ logintest.o $(LDFLAGS) loginrec.o -lopenbsd-compat -lssh $(LIBS) @@ -198,11 +189,6 @@ $(CONFIGFILES): $(CONFIGFILES_IN) conffile=`echo $@ | sed 's/.out$$//'`; \ $(FIXPATHSCMD) $(srcdir)/$${conffile} > $@ -ssh_prng_cmds.out: ssh_prng_cmds - if test ! -z "$(INSTALL_SSH_PRNG_CMDS)"; then \ - $(PERL) $(srcdir)/fixprogs ssh_prng_cmds $(ENT); \ - fi - # fake rule to stop make trying to compile moduli.o into a binary "moduli.o" moduli: echo @@ -215,7 +201,7 @@ clean: regressclean distclean: regressclean rm -f *.o *.a $(TARGETS) logintest config.cache config.log rm -f *.out core opensshd.init openssh.xml - rm -f Makefile buildpkg.sh config.h config.status ssh_prng_cmds + rm -f Makefile buildpkg.sh config.h config.status rm -f survey.sh openbsd-compat/regress/Makefile *~ rm -rf autom4te.cache (cd openbsd-compat && $(MAKE) distclean) @@ -242,9 +228,9 @@ distprep: catman-do $(AUTORECONF) -rm -rf autom4te.cache -install: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files install-sysconf host-key check-config -install-nokeys: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files install-sysconf -install-nosysconf: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files +install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf host-key check-config +install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf +install-nosysconf: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files check-config: -$(DESTDIR)$(sbindir)/sshd -t -f $(DESTDIR)$(sysconfdir)/sshd_config @@ -265,9 +251,6 @@ install-files: $(INSTALL) -m 0755 $(STRIP_OPT) ssh-keygen$(EXEEXT) $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT) $(INSTALL) -m 0755 $(STRIP_OPT) ssh-keyscan$(EXEEXT) $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT) $(INSTALL) -m 0755 $(STRIP_OPT) sshd$(EXEEXT) $(DESTDIR)$(sbindir)/sshd$(EXEEXT) - if test ! -z "$(INSTALL_SSH_RAND_HELPER)" ; then \ - $(INSTALL) -m 0755 $(STRIP_OPT) ssh-rand-helper$(EXEEXT) $(DESTDIR)$(libexecdir)/ssh-rand-helper$(EXEEXT) ; \ - fi $(INSTALL) -m 4711 $(STRIP_OPT) ssh-keysign$(EXEEXT) $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT) $(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT) $(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT) @@ -282,9 +265,6 @@ install-files: $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5 $(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5 $(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8 - if [ ! -z "$(INSTALL_SSH_RAND_HELPER)" ]; then \ - $(INSTALL) -m 644 ssh-rand-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-rand-helper.8 ; \ - fi $(INSTALL) -m 644 sftp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1 $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8 @@ -308,13 +288,6 @@ install-sysconf: else \ echo "$(DESTDIR)$(sysconfdir)/sshd_config already exists, install will not overwrite"; \ fi - @if [ -f ssh_prng_cmds ] && [ ! -z "$(INSTALL_SSH_PRNG_CMDS)" ]; then \ - if [ ! -f $(DESTDIR)$(sysconfdir)/ssh_prng_cmds ] ; then \ - $(INSTALL) -m 644 ssh_prng_cmds.out $(DESTDIR)$(sysconfdir)/ssh_prng_cmds; \ - else \ - echo "$(DESTDIR)$(sysconfdir)/ssh_prng_cmds already exists, install will not overwrite"; \ - fi ; \ - fi @if [ ! -f $(DESTDIR)$(sysconfdir)/moduli ]; then \ if [ -f $(DESTDIR)$(sysconfdir)/primes ]; then \ echo "moving $(DESTDIR)$(sysconfdir)/primes to $(DESTDIR)$(sysconfdir)/moduli"; \ @@ -361,7 +334,6 @@ host-key-force: ssh-keygen$(EXEEXT) uninstallall: uninstall -rm -f $(DESTDIR)$(sysconfdir)/ssh_config -rm -f $(DESTDIR)$(sysconfdir)/sshd_config - -rm -f $(DESTDIR)$(sysconfdir)/ssh_prng_cmds -rmdir $(DESTDIR)$(sysconfdir) -rmdir $(DESTDIR)$(bindir) -rmdir $(DESTDIR)$(sbindir) @@ -383,7 +355,6 @@ uninstall: -rm -r $(DESTDIR)$(SFTP_SERVER)$(EXEEXT) -rm -f $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT) -rm -f $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT) - -rm -f $(DESTDIR)$(RAND_HELPER)$(EXEEXT) -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1 @@ -392,7 +363,6 @@ uninstall: -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8 - -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-rand-helper.8 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8 @@ -462,7 +432,7 @@ survey: survey.sh ssh send-survey: survey mail portable-survey@mindrot.org <survey -package: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) +package: $(CONFIGFILES) $(MANPAGES) $(TARGETS) if [ "@MAKE_PACKAGE_SUPPORTED@" = yes ]; then \ sh buildpkg.sh; \ fi diff --git a/WARNING.RNG b/WARNING.RNG deleted file mode 100644 index 97da74ff..00000000 --- a/WARNING.RNG +++ /dev/null @@ -1,95 +0,0 @@ -This document contains a description of portable OpenSSH's random -number collection code. An alternate reading of this text could -well be titled "Why I should pressure my system vendor to supply -/dev/random in their OS". - -Why is this important? OpenSSH depends on good, unpredictable numbers -for generating keys, performing digital signatures and forming -cryptographic challenges. If the random numbers that it uses are -predictable, then the strength of the whole system is compromised. - -A particularly pernicious problem arises with DSA keys (used by the -ssh2 protocol). Performing a DSA signature (which is required for -authentication), entails the use of a 160 bit random number. If an -attacker can predict this number, then they can deduce your *private* -key and impersonate you or your hosts. - -If you are using the builtin random number support (configure will -tell you if this is the case), then read this document in its entirety. -Alternately, you can use Lutz Jaenicke's PRNGd - a small daemon which -collects random numbers and makes them available by a socket. - -Please also request that your OS vendor provides a kernel-based random -number collector (/dev/random) in future versions of your operating -systems by default. - -On to the description... - -The portable OpenSSH contains random number collection support for -systems which lack a kernel entropy pool (/dev/random). - -This collector (as of 3.1 and beyond) comes as an external application -that allows the local admin to decide on how to implement entropy -collection. - -The default entropy collector operates by executing the programs listed -in ($etcdir)/ssh_prng_cmds, reading their output and adding it to the -PRNG supplied by OpenSSL (which is hash-based). It also stirs in the -output of several system calls and timings from the execution of the -programs that it runs. - -The ssh_prng_cmds file also specifies a 'rate' for each program. This -represents the number of bits of randomness per byte of output from -the specified program. - -The random number code will also read and save a seed file to -~/.ssh/prng_seed. This contents of this file are added to the random -number generator at startup. The goal here is to maintain as much -randomness between sessions as possible. - -The default entropy collection code has two main problems: - -1. It is slow. - -Executing each program in the list can take a large amount of time, -especially on slower machines. Additionally some program can take a -disproportionate time to execute. - -Tuning the random helper can be done by running ./ssh-random-helper in -very verbose mode ("-vvv") and identifying the commands that are taking -excessive amounts of time or hanging altogher. Any problem commands can -be modified or removed from ssh_prng_cmds. - -The default entropy collector will timeout programs which take too long -to execute, the actual timeout used can be adjusted with the ---with-entropy-timeout configure option. OpenSSH will not try to -re-execute programs which have not been found, have had a non-zero -exit status or have timed out more than a couple of times. - -2. Estimating the real 'rate' of program outputs is non-trivial - -The shear volume of the task is problematic: there are currently -around 50 commands in the ssh_prng_cmds list, portable OpenSSH -supports at least 12 different OSs. That is already 600 sets of data -to be analysed, without taking into account the numerous differences -between versions of each OS. - -On top of this, the different commands can produce varying amounts of -usable data depending on how busy the machine is, how long it has been -up and various other factors. - -To make matters even more complex, some of the commands are reporting -largely the same data as other commands (eg. the various "ps" calls). - - -How to avoid the default entropy code? - -The best way is to read the OpenSSL documentation and recompile OpenSSL -to use prngd or egd. Some platforms (like earily solaris) have 3rd -party /dev/random devices that can be also used for this task. - -If you are forced to use ssh-rand-helper consider still downloading -prngd/egd and configure OpenSSH using --with-prngd-port=xx or ---with-prngd-socket=xx (refer to INSTALL for more information). - -$Id: WARNING.RNG,v 1.8 2005/05/26 01:47:54 djm Exp $ @@ -1,4 +1,4 @@ -dnl $Id: aclocal.m4,v 1.6 2005/09/19 16:33:39 tim Exp $ +dnl $Id: aclocal.m4,v 1.7 2011/05/05 03:48:37 djm Exp $ dnl dnl OpenSSH-specific autoconf macros dnl @@ -33,16 +33,6 @@ AC_DEFUN(OSSH_CHECK_HEADER_FOR_FIELD, [ fi ]) -dnl OSSH_PATH_ENTROPY_PROG(variablename, command): -dnl Tidiness function, sets 'undef' if not found, and does the AC_SUBST -AC_DEFUN(OSSH_PATH_ENTROPY_PROG, [ - AC_PATH_PROG($1, $2) - if test -z "[$]$1" ; then - $1="undef" - fi - AC_SUBST($1) -]) - dnl Check for socklen_t: historically on BSD it is an int, and in dnl POSIX 1g it is a type of its own, but some platforms use different dnl types for the argument to getsockopt, getpeername, etc. So we diff --git a/buildpkg.sh.in b/buildpkg.sh.in index 22c66fbd..4de9d42e 100644 --- a/buildpkg.sh.in +++ b/buildpkg.sh.in @@ -229,8 +229,6 @@ perl -p -i -e "s/#PrintMotd yes/PrintMotd no/" \ # We don't want to overwrite config files on multiple installs mv $FAKE_ROOT${sysconfdir}/ssh_config $FAKE_ROOT${sysconfdir}/ssh_config.default mv $FAKE_ROOT${sysconfdir}/sshd_config $FAKE_ROOT${sysconfdir}/sshd_config.default -[ -f $FAKE_ROOT${sysconfdir}/ssh_prng_cmds ] && \ -mv $FAKE_ROOT${sysconfdir}/ssh_prng_cmds $FAKE_ROOT${sysconfdir}/ssh_prng_cmds.default # local tweeks here [ -s "${POST_MAKE_INSTALL_FIXES}" ] && . ${POST_MAKE_INSTALL_FIXES} @@ -317,11 +315,6 @@ cat > postinstall << _EOF [ -f \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config ] || \\ cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config.default \\ \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config -[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds.default ] && { - [ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds ] || \\ - cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds.default \\ - \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds -} # make rc?.d dirs only if we are doing a test install [ -n "${TEST_DIR}" ] && [ $DO_SMF -ne 1 ] && { diff --git a/configure.ac b/configure.ac index c8d90ea0..573c0971 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.471 2011/01/26 20:38:58 tim Exp $ +# $Id: configure.ac,v 1.472 2011/05/05 03:48:37 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) -AC_REVISION($Revision: 1.471 $) +AC_REVISION($Revision: 1.472 $) AC_CONFIG_SRCDIR([ssh.c]) AC_LANG([C]) @@ -2299,113 +2299,15 @@ AC_RUN_IFELSE( ], [ AC_MSG_RESULT([no]) - # Default to use of the rand helper if OpenSSL doesn't - # seed itself - USE_RAND_HELPER=yes ], [ AC_MSG_WARN([cross compiling: assuming yes]) - # This is safe, since all recent OpenSSL versions will - # complain at runtime if not seeded correctly. + # This is safe, since we will fatal() at runtime if + # OpenSSL is not seeded correctly. OPENSSL_SEEDS_ITSELF=yes ] ) -# Check for PAM libs -PAM_MSG="no" -AC_ARG_WITH([pam], - [ --with-pam Enable PAM support ], - [ - if test "x$withval" != "xno" ; then - if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ - test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then - AC_MSG_ERROR([PAM headers not found]) - fi - - saved_LIBS="$LIBS" - AC_CHECK_LIB([dl], [dlopen], , ) - AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])]) - AC_CHECK_FUNCS([pam_getenvlist]) - AC_CHECK_FUNCS([pam_putenv]) - LIBS="$saved_LIBS" - - PAM_MSG="yes" - - SSHDLIBS="$SSHDLIBS -lpam" - AC_DEFINE([USE_PAM], [1], - [Define if you want to enable PAM support]) - - if test $ac_cv_lib_dl_dlopen = yes; then - case "$LIBS" in - *-ldl*) - # libdl already in LIBS - ;; - *) - SSHDLIBS="$SSHDLIBS -ldl" - ;; - esac - fi - fi - ] -) - -# Check for older PAM -if test "x$PAM_MSG" = "xyes" ; then - # Check PAM strerror arguments (old PAM) - AC_MSG_CHECKING([whether pam_strerror takes only one argument]) - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ -#include <stdlib.h> -#if defined(HAVE_SECURITY_PAM_APPL_H) -#include <security/pam_appl.h> -#elif defined (HAVE_PAM_PAM_APPL_H) -#include <pam/pam_appl.h> -#endif - ]], [[ -(void)pam_strerror((pam_handle_t *)NULL, -1); - ]])], [AC_MSG_RESULT([no])], [ - AC_DEFINE([HAVE_OLD_PAM], [1], - [Define if you have an old version of PAM - which takes only one argument to pam_strerror]) - AC_MSG_RESULT([yes]) - PAM_MSG="yes (old library)" - - ]) -fi - -# Do we want to force the use of the rand helper? -AC_ARG_WITH([rand-helper], - [ --with-rand-helper Use subprocess to gather strong randomness ], - [ - if test "x$withval" = "xno" ; then - # Force use of OpenSSL's internal RNG, even if - # the previous test showed it to be unseeded. - if test -z "$OPENSSL_SEEDS_ITSELF" ; then - AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG]) - OPENSSL_SEEDS_ITSELF=yes - USE_RAND_HELPER="" - fi - else - USE_RAND_HELPER=yes - fi - ], -) - -# Which randomness source do we use? -if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then - # OpenSSL only - AC_DEFINE([OPENSSL_PRNG_ONLY], [1], - [Define if you want OpenSSL's internally seeded PRNG only]) - RAND_MSG="OpenSSL internal ONLY" - INSTALL_SSH_RAND_HELPER="" -elif test ! -z "$USE_RAND_HELPER" ; then - # install rand helper - RAND_MSG="ssh-rand-helper" - INSTALL_SSH_RAND_HELPER="yes" -fi -AC_SUBST([INSTALL_SSH_RAND_HELPER]) - -### Configuration of ssh-rand-helper - # PRNGD TCP socket AC_ARG_WITH([prngd-port], [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT], @@ -2460,7 +2362,7 @@ AC_ARG_WITH([prngd-socket], ], [ # Check for existing socket only if we don't have a random device already - if test "$USE_RAND_HELPER" = yes ; then + if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then AC_MSG_CHECKING([for PRNGD/EGD socket]) # Insert other locations here for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do @@ -2479,19 +2381,79 @@ AC_ARG_WITH([prngd-socket], ] ) -# Change default command timeout for hashing entropy source -entropy_timeout=200 -AC_ARG_WITH([entropy-timeout], - [ --with-entropy-timeout Specify entropy gathering command timeout (msec)], +# Which randomness source do we use? +if test ! -z "$PRNGD_PORT" ; then + RAND_MSG="PRNGd port $PRNGD_PORT" +elif test ! -z "$PRNGD_SOCKET" ; then + RAND_MSG="PRNGd socket $PRNGD_SOCKET" +elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then + AC_DEFINE([OPENSSL_PRNG_ONLY], [1], + [Define if you want OpenSSL's internally seeded PRNG only]) + RAND_MSG="OpenSSL internal ONLY" +else + AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options]) +fi + +# Check for PAM libs +PAM_MSG="no" +AC_ARG_WITH([pam], + [ --with-pam Enable PAM support ], [ - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - entropy_timeout=$withval + if test "x$withval" != "xno" ; then + if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ + test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then + AC_MSG_ERROR([PAM headers not found]) + fi + + saved_LIBS="$LIBS" + AC_CHECK_LIB([dl], [dlopen], , ) + AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])]) + AC_CHECK_FUNCS([pam_getenvlist]) + AC_CHECK_FUNCS([pam_putenv]) + LIBS="$saved_LIBS" + + PAM_MSG="yes" + + SSHDLIBS="$SSHDLIBS -lpam" + AC_DEFINE([USE_PAM], [1], + [Define if you want to enable PAM support]) + + if test $ac_cv_lib_dl_dlopen = yes; then + case "$LIBS" in + *-ldl*) + # libdl already in LIBS + ;; + *) + SSHDLIBS="$SSHDLIBS -ldl" + ;; + esac + fi fi ] ) -AC_DEFINE_UNQUOTED([ENTROPY_TIMEOUT_MSEC], [$entropy_timeout], - [Builtin PRNG command timeout]) + +# Check for older PAM +if test "x$PAM_MSG" = "xyes" ; then + # Check PAM strerror arguments (old PAM) + AC_MSG_CHECKING([whether pam_strerror takes only one argument]) + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ +#include <stdlib.h> +#if defined(HAVE_SECURITY_PAM_APPL_H) +#include <security/pam_appl.h> +#elif defined (HAVE_PAM_PAM_APPL_H) +#include <pam/pam_appl.h> +#endif + ]], [[ +(void)pam_strerror((pam_handle_t *)NULL, -1); + ]])], [AC_MSG_RESULT([no])], [ + AC_DEFINE([HAVE_OLD_PAM], [1], + [Define if you have an old version of PAM + which takes only one argument to pam_strerror]) + AC_MSG_RESULT([yes]) + PAM_MSG="yes (old library)" + + ]) +fi SSH_PRIVSEP_USER=sshd AC_ARG_WITH([privsep-user], @@ -2507,56 +2469,6 @@ AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"], [non-privileged user for privilege separation]) AC_SUBST([SSH_PRIVSEP_USER]) -# We do this little dance with the search path to insure -# that programs that we select for use by installed programs -# (which may be run by the super-user) come from trusted -# locations before they come from the user's private area. -# This should help avoid accidentally configuring some -# random version of a program in someone's personal bin. - -OPATH=$PATH -PATH=/bin:/usr/bin -test -h /bin 2> /dev/null && PATH=/usr/bin -test -d /sbin && PATH=$PATH:/sbin -test -d /usr/sbin && PATH=$PATH:/usr/sbin -PATH=$PATH:/etc:$OPATH - -# These programs are used by the command hashing source to gather entropy -OSSH_PATH_ENTROPY_PROG([PROG_LS], [ls]) -OSSH_PATH_ENTROPY_PROG([PROG_NETSTAT], [netstat]) -OSSH_PATH_ENTROPY_PROG([PROG_ARP], [arp]) -OSSH_PATH_ENTROPY_PROG([PROG_IFCONFIG], [ifconfig]) -OSSH_PATH_ENTROPY_PROG([PROG_JSTAT], [jstat]) -OSSH_PATH_ENTROPY_PROG([PROG_PS], [ps]) -OSSH_PATH_ENTROPY_PROG([PROG_SAR], [sar]) -OSSH_PATH_ENTROPY_PROG([PROG_W], [w]) -OSSH_PATH_ENTROPY_PROG([PROG_WHO], [who]) -OSSH_PATH_ENTROPY_PROG([PROG_LAST], [last]) -OSSH_PATH_ENTROPY_PROG([PROG_LASTLOG], [lastlog]) -OSSH_PATH_ENTROPY_PROG([PROG_DF], [df]) -OSSH_PATH_ENTROPY_PROG([PROG_VMSTAT], [vmstat]) -OSSH_PATH_ENTROPY_PROG([PROG_UPTIME], [uptime]) -OSSH_PATH_ENTROPY_PROG([PROG_IPCS], [ipcs]) -OSSH_PATH_ENTROPY_PROG([PROG_TAIL], [tail]) -# restore PATH -PATH=$OPATH - -# Where does ssh-rand-helper get its randomness from? -INSTALL_SSH_PRNG_CMDS="" -if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then - if test ! -z "$PRNGD_PORT" ; then - RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT" - elif test ! -z "$PRNGD_SOCKET" ; then - RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\"" - else - RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)" - RAND_HELPER_CMDHASH=yes - INSTALL_SSH_PRNG_CMDS="yes" - fi -fi -AC_SUBST([INSTALL_SSH_PRNG_CMDS]) - - # Cheap hack to ensure NEWS-OS libraries are arranged right. if test ! -z "$SONY" ; then LIBS="$LIBS -liberty"; @@ -4157,7 +4069,7 @@ AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) AC_EXEEXT AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ openbsd-compat/Makefile openbsd-compat/regress/Makefile \ - ssh_prng_cmds survey.sh]) + survey.sh]) AC_OUTPUT # Print summary of options @@ -4212,9 +4124,6 @@ echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" echo " BSD Auth support: $BSD_AUTH_MSG" echo " Random number source: $RAND_MSG" -if test ! -z "$USE_RAND_HELPER" ; then -echo " ssh-rand-helper collects from: $RAND_HELPER_MSG" -fi echo "" @@ -4246,14 +4155,6 @@ if test "x$PAM_MSG" = "xyes" ; then echo "" fi -if test ! -z "$RAND_HELPER_CMDHASH" ; then - echo "WARNING: you are using the builtin random number collection " - echo "service. Please read WARNING.RNG and request that your OS " - echo "vendor includes kernel-based random number collection in " - echo "future versions of your OS." - echo "" -fi - if test ! -z "$NO_PEERCHECK" ; then echo "WARNING: the operating system that you are using does not" echo "appear to support getpeereid(), getpeerucred() or the" diff --git a/contrib/aix/buildbff.sh b/contrib/aix/buildbff.sh index ca4bf021..81d8cc30 100755 --- a/contrib/aix/buildbff.sh +++ b/contrib/aix/buildbff.sh @@ -1,7 +1,7 @@ #!/bin/sh # # buildbff.sh: Create AIX SMIT-installable OpenSSH packages -# $Id: buildbff.sh,v 1.12 2010/04/18 03:35:00 dtucker Exp $ +# $Id: buildbff.sh,v 1.13 2011/05/05 03:48:41 djm Exp $ # # Author: Darren Tucker (dtucker at zip dot com dot au) # This file is placed in the public domain and comes with absolutely @@ -156,13 +156,6 @@ do mv $FAKE_ROOT/$sysconfdir/$cfgfile $FAKE_ROOT/$sysconfdir/$cfgfile.default done -# AIX 5.3 and newer have /dev/random and don't create ssh_prng_cmds -if [ -f $FAKE_ROOT/$sysconfdir/ssh_prng_cmds ] -then - mv $FAKE_ROOT/$sysconfdir/ssh_prng_cmds \ - $FAKE_ROOT/$sysconfdir/ssh_prng_cmds.default -fi - # # Generate lpp control files. # working dir is $FAKE_ROOT but files are generated in dir above @@ -197,7 +190,7 @@ cat <<EOF >>../openssh.post_i #!/bin/sh echo Creating configs from defaults if necessary. -for cfgfile in ssh_config sshd_config ssh_prng_cmds +for cfgfile in ssh_config sshd_config do if [ ! -f $sysconfdir/\$cfgfile ] then @@ -25,19 +25,19 @@ #include "includes.h" #include <sys/types.h> -#include <sys/wait.h> - -#ifdef HAVE_SYS_STAT_H -# include <sys/stat.h> +#include <sys/socket.h> +#ifdef HAVE_SYS_UN_H +# include <sys/un.h> #endif -#ifdef HAVE_FCNTL_H -# include <fcntl.h> -#endif -#include <stdarg.h> -#include <string.h> +#include <netinet/in.h> +#include <arpa/inet.h> + +#include <errno.h> #include <signal.h> +#include <string.h> #include <unistd.h> +#include <stddef.h> /* for offsetof */ #include <openssl/rand.h> #include <openssl/crypto.h> @@ -54,118 +54,128 @@ /* * Portable OpenSSH PRNG seeding: * If OpenSSL has not "internally seeded" itself (e.g. pulled data from - * /dev/random), then we execute a "ssh-rand-helper" program which - * collects entropy and writes it to stdout. The child program must - * write at least RANDOM_SEED_SIZE bytes. The child is run with stderr - * attached, so error/debugging output should be visible. - * - * XXX: we should tell the child how many bytes we need. + * /dev/random), then collect RANDOM_SEED_SIZE bytes of randomness from + * PRNGd. */ - #ifndef OPENSSL_PRNG_ONLY + #define RANDOM_SEED_SIZE 48 -static uid_t original_uid, original_euid; -#endif -vo |