Accepting request 428544 from home:pcerny:factory
- FIPS compatibility (no selfchecks, only crypto restrictions) [openssh-7.2p2-fips.patch] - PRNG re-seeding [openssh-7.2p2-seed-prng.patch] - preliminary version of GSSAPI KEX [openssh-7.2p2-gssapi_key_exchange.patch] OBS-URL: https://build.opensuse.org/request/show/428544 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=110
This commit is contained in:
parent
a412ed9d8d
commit
e0d7fb0744
@ -1,5 +1,5 @@
|
||||
# HG changeset patch
|
||||
# Parent c924f46e3639b3646e42dd7505c206d43d7180fa
|
||||
# Parent c40dce555117c740f3df867e9fc2b07b64b3ad96
|
||||
|
||||
Raise minimal size of DH group parameters to 2048 bits like upstream did in
|
||||
7.2. 1024b values are believed to be in breaking range for state adversaries
|
||||
@ -101,7 +101,7 @@ diff --git a/openssh-7.2p2/kexgexc.c b/openssh-7.2p2/kexgexc.c
|
||||
goto out;
|
||||
if ((bits = BN_num_bits(p)) < 0 ||
|
||||
(u_int)bits < kex->min || (u_int)bits > kex->max) {
|
||||
+ if (bits < kex->min && bits >= DH_GRP_MIN_RFC)
|
||||
+ if ((u_int)bits < kex->min && (u_int)bits >= DH_GRP_MIN_RFC)
|
||||
+ logit("DH parameter offered by the server (%d bits) "
|
||||
+ "is considered insecure. "
|
||||
+ "You can lower the accepted the minimum "
|
||||
@ -115,6 +115,61 @@ diff --git a/openssh-7.2p2/kexgexc.c b/openssh-7.2p2/kexgexc.c
|
||||
goto out;
|
||||
}
|
||||
p = g = NULL; /* belong to kex->dh now */
|
||||
diff --git a/openssh-7.2p2/kexgexs.c b/openssh-7.2p2/kexgexs.c
|
||||
--- a/openssh-7.2p2/kexgexs.c
|
||||
+++ b/openssh-7.2p2/kexgexs.c
|
||||
@@ -49,16 +49,19 @@
|
||||
#ifdef GSSAPI
|
||||
#include "ssh-gss.h"
|
||||
#endif
|
||||
#include "monitor_wrap.h"
|
||||
#include "dispatch.h"
|
||||
#include "ssherr.h"
|
||||
#include "sshbuf.h"
|
||||
|
||||
+/* import from dh.c */
|
||||
+extern int dh_grp_min;
|
||||
+
|
||||
static int input_kex_dh_gex_request(int, u_int32_t, void *);
|
||||
static int input_kex_dh_gex_init(int, u_int32_t, void *);
|
||||
|
||||
int
|
||||
kexgex_server(struct ssh *ssh)
|
||||
{
|
||||
ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_REQUEST,
|
||||
&input_kex_dh_gex_request);
|
||||
@@ -78,23 +81,29 @@ input_kex_dh_gex_request(int type, u_int
|
||||
if ((r = sshpkt_get_u32(ssh, &min)) != 0 ||
|
||||
(r = sshpkt_get_u32(ssh, &nbits)) != 0 ||
|
||||
(r = sshpkt_get_u32(ssh, &max)) != 0 ||
|
||||
(r = sshpkt_get_end(ssh)) != 0)
|
||||
goto out;
|
||||
kex->nbits = nbits;
|
||||
kex->min = min;
|
||||
kex->max = max;
|
||||
- min = MAX(DH_GRP_MIN, min);
|
||||
+ min = MAX(dh_grp_min, min);
|
||||
max = MIN(DH_GRP_MAX, max);
|
||||
- nbits = MAX(DH_GRP_MIN, nbits);
|
||||
+ nbits = MAX(dh_grp_min, nbits);
|
||||
nbits = MIN(DH_GRP_MAX, nbits);
|
||||
|
||||
if (kex->max < kex->min || kex->nbits < kex->min ||
|
||||
kex->max < kex->nbits) {
|
||||
+ if (kex->nbits < kex->min && kex->nbits >= DH_GRP_MIN_RFC)
|
||||
+ logit("DH parameter requested by the client (%d bits) "
|
||||
+ "is considered insecure. "
|
||||
+ "You can lower the accepted minimum "
|
||||
+ "via the KexDHMin option.",
|
||||
+ kex->nbits);
|
||||
r = SSH_ERR_DH_GEX_OUT_OF_RANGE;
|
||||
goto out;
|
||||
}
|
||||
|
||||
/* Contact privileged parent */
|
||||
kex->dh = PRIVSEP(choose_dh(min, nbits, max));
|
||||
if (kex->dh == NULL) {
|
||||
sshpkt_disconnect(ssh, "no matching DH grp found");
|
||||
diff --git a/openssh-7.2p2/readconf.c b/openssh-7.2p2/readconf.c
|
||||
--- a/openssh-7.2p2/readconf.c
|
||||
+++ b/openssh-7.2p2/readconf.c
|
||||
@ -147,7 +202,7 @@ diff --git a/openssh-7.2p2/readconf.c b/openssh-7.2p2/readconf.c
|
||||
oVisualHostKey,
|
||||
- oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass,
|
||||
+ oKexAlgorithms, oKexDHMin,
|
||||
+ oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass,
|
||||
+ oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass,
|
||||
oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots,
|
||||
oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs,
|
||||
oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys,
|
||||
@ -243,7 +298,7 @@ diff --git a/openssh-7.2p2/readconf.c b/openssh-7.2p2/readconf.c
|
||||
if (options->cipher == -1)
|
||||
options->cipher = SSH_CIPHER_NOT_SET;
|
||||
+ if (options->kex_dhmin == -1)
|
||||
+ options->kex_dhmin = DH_GRP_MIN;
|
||||
+ options->kex_dhmin = DH_GRP_MIN_RFC;
|
||||
+ else {
|
||||
+ options->kex_dhmin = MAX(options->kex_dhmin, DH_GRP_MIN_RFC);
|
||||
+ options->kex_dhmin = MIN(options->kex_dhmin, DH_GRP_MAX);
|
||||
@ -278,10 +333,199 @@ diff --git a/openssh-7.2p2/readconf.h b/openssh-7.2p2/readconf.h
|
||||
int escape_char; /* Escape character; -2 = none */
|
||||
|
||||
u_int num_system_hostfiles; /* Paths for /etc/ssh/ssh_known_hosts */
|
||||
diff --git a/openssh-7.2p2/servconf.c b/openssh-7.2p2/servconf.c
|
||||
--- a/openssh-7.2p2/servconf.c
|
||||
+++ b/openssh-7.2p2/servconf.c
|
||||
@@ -52,16 +52,20 @@
|
||||
#include "channels.h"
|
||||
#include "groupaccess.h"
|
||||
#include "canohost.h"
|
||||
#include "packet.h"
|
||||
#include "hostfile.h"
|
||||
#include "auth.h"
|
||||
#include "myproposal.h"
|
||||
#include "digest.h"
|
||||
+#include "dh.h"
|
||||
+
|
||||
+/* import from dh.c */
|
||||
+extern int dh_grp_min;
|
||||
|
||||
static void add_listen_addr(ServerOptions *, char *, int);
|
||||
static void add_one_listen_addr(ServerOptions *, char *, int);
|
||||
|
||||
/* Use of privilege separation or not */
|
||||
extern int use_privsep;
|
||||
extern Buffer cfg;
|
||||
|
||||
@@ -134,16 +138,17 @@ initialize_server_options(ServerOptions
|
||||
options->allow_agent_forwarding = -1;
|
||||
options->num_allow_users = 0;
|
||||
options->num_deny_users = 0;
|
||||
options->num_allow_groups = 0;
|
||||
options->num_deny_groups = 0;
|
||||
options->ciphers = NULL;
|
||||
options->macs = NULL;
|
||||
options->kex_algorithms = NULL;
|
||||
+ options->kex_dhmin = -1;
|
||||
options->protocol = SSH_PROTO_UNKNOWN;
|
||||
options->fwd_opts.gateway_ports = -1;
|
||||
options->fwd_opts.streamlocal_bind_mask = (mode_t)-1;
|
||||
options->fwd_opts.streamlocal_bind_unlink = -1;
|
||||
options->num_subsystems = 0;
|
||||
options->max_startups_begin = -1;
|
||||
options->max_startups_rate = -1;
|
||||
options->max_startups = -1;
|
||||
@@ -199,16 +204,23 @@ fill_default_server_options(ServerOption
|
||||
int i;
|
||||
|
||||
/* Portable-specific options */
|
||||
if (options->use_pam == -1)
|
||||
options->use_pam = 0;
|
||||
if (options->use_pam_check_locks == -1)
|
||||
options->use_pam_check_locks = 0;
|
||||
|
||||
+ if (options->kex_dhmin == -1)
|
||||
+ options->kex_dhmin = DH_GRP_MIN_RFC;
|
||||
+ else {
|
||||
+ options->kex_dhmin = MAX(options->kex_dhmin, DH_GRP_MIN_RFC);
|
||||
+ options->kex_dhmin = MIN(options->kex_dhmin, DH_GRP_MAX);
|
||||
+ }
|
||||
+ dh_grp_min = options->kex_dhmin;
|
||||
/* Standard Options */
|
||||
if (options->protocol == SSH_PROTO_UNKNOWN)
|
||||
options->protocol = SSH_PROTO_2;
|
||||
if (options->num_host_key_files == 0) {
|
||||
/* fill default hostkeys for protocols */
|
||||
if (options->protocol & SSH_PROTO_1)
|
||||
options->host_key_files[options->num_host_key_files++] =
|
||||
_PATH_HOST_KEY_FILE;
|
||||
@@ -423,17 +435,18 @@ typedef enum {
|
||||
sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,
|
||||
sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
|
||||
sAcceptEnv, sPermitTunnel,
|
||||
sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
|
||||
sUsePrivilegeSeparation, sAllowAgentForwarding,
|
||||
sHostCertificate,
|
||||
sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
|
||||
sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser,
|
||||
- sKexAlgorithms, sIPQoS, sVersionAddendum,
|
||||
+ sKexAlgorithms, sKexDHMin,
|
||||
+ sIPQoS, sVersionAddendum,
|
||||
sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
|
||||
sAuthenticationMethods, sHostKeyAgent, sPermitUserRC,
|
||||
sStreamLocalBindMask, sStreamLocalBindUnlink,
|
||||
sAllowStreamLocalForwarding, sFingerprintHash,
|
||||
sDeprecated, sUnsupported
|
||||
} ServerOpCodes;
|
||||
|
||||
#define SSHCFG_GLOBAL 0x01 /* allowed in main section of sshd_config */
|
||||
@@ -561,16 +574,17 @@ static struct {
|
||||
{ "permitopen", sPermitOpen, SSHCFG_ALL },
|
||||
{ "forcecommand", sForceCommand, SSHCFG_ALL },
|
||||
{ "chrootdirectory", sChrootDirectory, SSHCFG_ALL },
|
||||
{ "hostcertificate", sHostCertificate, SSHCFG_GLOBAL },
|
||||
{ "revokedkeys", sRevokedKeys, SSHCFG_ALL },
|
||||
{ "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
|
||||
{ "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
|
||||
{ "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL },
|
||||
+ { "kexdhmin", sKexDHMin },
|
||||
{ "ipqos", sIPQoS, SSHCFG_ALL },
|
||||
{ "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL },
|
||||
{ "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL },
|
||||
{ "authorizedprincipalscommand", sAuthorizedPrincipalsCommand, SSHCFG_ALL },
|
||||
{ "authorizedprincipalscommanduser", sAuthorizedPrincipalsCommandUser, SSHCFG_ALL },
|
||||
{ "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL },
|
||||
{ "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL },
|
||||
{ "streamlocalbindmask", sStreamLocalBindMask, SSHCFG_ALL },
|
||||
@@ -1481,16 +1495,20 @@ process_server_config_line(ServerOptions
|
||||
filename, linenum);
|
||||
if (!kex_names_valid(*arg == '+' ? arg + 1 : arg))
|
||||
fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.",
|
||||
filename, linenum, arg ? arg : "<NONE>");
|
||||
if (options->kex_algorithms == NULL)
|
||||
options->kex_algorithms = xstrdup(arg);
|
||||
break;
|
||||
|
||||
+ case sKexDHMin:
|
||||
+ intptr = &options->kex_dhmin;
|
||||
+ goto parse_int;
|
||||
+
|
||||
case sProtocol:
|
||||
intptr = &options->protocol;
|
||||
arg = strdelim(&cp);
|
||||
if (!arg || *arg == '\0')
|
||||
fatal("%s line %d: Missing argument.", filename, linenum);
|
||||
value = proto_spec(arg);
|
||||
if (value == SSH_PROTO_UNKNOWN)
|
||||
fatal("%s line %d: Bad protocol spec '%s'.",
|
||||
@@ -2247,16 +2265,17 @@ dump_config(ServerOptions *o)
|
||||
dump_cfg_int(sLoginGraceTime, o->login_grace_time);
|
||||
dump_cfg_int(sKeyRegenerationTime, o->key_regeneration_time);
|
||||
dump_cfg_int(sX11DisplayOffset, o->x11_display_offset);
|
||||
dump_cfg_int(sMaxAuthTries, o->max_authtries);
|
||||
dump_cfg_int(sMaxSessions, o->max_sessions);
|
||||
dump_cfg_int(sClientAliveInterval, o->client_alive_interval);
|
||||
dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max);
|
||||
dump_cfg_oct(sStreamLocalBindMask, o->fwd_opts.streamlocal_bind_mask);
|
||||
+ dump_cfg_int(sKexDHMin, o->kex_dhmin);
|
||||
|
||||
/* formatted integer arguments */
|
||||
dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login);
|
||||
dump_cfg_fmtint(sIgnoreRhosts, o->ignore_rhosts);
|
||||
dump_cfg_fmtint(sIgnoreUserKnownHosts, o->ignore_user_known_hosts);
|
||||
dump_cfg_fmtint(sRhostsRSAAuthentication, o->rhosts_rsa_authentication);
|
||||
dump_cfg_fmtint(sHostbasedAuthentication, o->hostbased_authentication);
|
||||
dump_cfg_fmtint(sHostbasedUsesNameFromPacketOnly,
|
||||
diff --git a/openssh-7.2p2/servconf.h b/openssh-7.2p2/servconf.h
|
||||
--- a/openssh-7.2p2/servconf.h
|
||||
+++ b/openssh-7.2p2/servconf.h
|
||||
@@ -88,16 +88,17 @@ typedef struct {
|
||||
int permit_user_rc; /* If false, deny ~/.ssh/rc execution */
|
||||
int strict_modes; /* If true, require string home dir modes. */
|
||||
int tcp_keep_alive; /* If true, set SO_KEEPALIVE. */
|
||||
int ip_qos_interactive; /* IP ToS/DSCP/class for interactive */
|
||||
int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */
|
||||
char *ciphers; /* Supported SSH2 ciphers. */
|
||||
char *macs; /* Supported SSH2 macs. */
|
||||
char *kex_algorithms; /* SSH2 kex methods in order of preference. */
|
||||
+ int kex_dhmin; /* minimum bit length of the DH group parameter */
|
||||
int protocol; /* Supported protocol versions. */
|
||||
struct ForwardOptions fwd_opts; /* forwarding options */
|
||||
SyslogFacility log_facility; /* Facility for system logging. */
|
||||
LogLevel log_level; /* Level for system logging. */
|
||||
int rhosts_rsa_authentication; /* If true, permit rhosts RSA
|
||||
* authentication. */
|
||||
int hostbased_authentication; /* If true, permit ssh2 hostbased auth */
|
||||
int hostbased_uses_name_from_packet_only; /* experimental */
|
||||
diff --git a/openssh-7.2p2/ssh_config b/openssh-7.2p2/ssh_config
|
||||
--- a/openssh-7.2p2/ssh_config
|
||||
+++ b/openssh-7.2p2/ssh_config
|
||||
@@ -12,16 +12,21 @@
|
||||
# Any configuration value is only changed the first time it is set.
|
||||
# Thus, host-specific definitions should be at the beginning of the
|
||||
# configuration file, and defaults at the end.
|
||||
|
||||
# Site-wide defaults for some commonly used options. For a comprehensive
|
||||
# list of available options, their meanings and defaults, please see the
|
||||
# ssh_config(5) man page.
|
||||
|
||||
+# Minimum accepted size of the DH parameter p. By default this is set to 1024
|
||||
+# to maintain compatibility with RFC4419, but should be set higher.
|
||||
+# Upstream default is identical to setting this to 2048.
|
||||
+#KexDHMin 1024
|
||||
+
|
||||
Host *
|
||||
# ForwardAgent no
|
||||
# ForwardX11 no
|
||||
|
||||
# If you do not trust your remote host (or its administrator), you
|
||||
# should not forward X11 connections to your local X11-display for
|
||||
# security reasons: Someone stealing the authentification data on the
|
||||
# remote side (the "spoofed" X-server by the remote sshd) can read your
|
||||
diff --git a/openssh-7.2p2/ssh_config.0 b/openssh-7.2p2/ssh_config.0
|
||||
--- a/openssh-7.2p2/ssh_config.0
|
||||
+++ b/openssh-7.2p2/ssh_config.0
|
||||
@@ -606,16 +606,29 @@ DESCRIPTION
|
||||
@@ -606,16 +606,33 @@ DESCRIPTION
|
||||
ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
|
||||
diffie-hellman-group-exchange-sha256,
|
||||
diffie-hellman-group-exchange-sha1,
|
||||
@ -291,17 +535,21 @@ diff --git a/openssh-7.2p2/ssh_config.0 b/openssh-7.2p2/ssh_config.0
|
||||
obtained using the -Q option of ssh(1) with an argument of M-bM-^@M-^\kexM-bM-^@M-^].
|
||||
|
||||
+ KexDHMin
|
||||
+ Specifies the minimum accepted bit length of the DH group parameter p.
|
||||
+ As per RFC4419, this is 1024 bits however, this has increasingly
|
||||
+ Specifies the minimum accepted bit length of the DH group
|
||||
+ parameter p.
|
||||
+
|
||||
+ As per RFC4419, this is 1024 bits, however this has increasingly
|
||||
+ been seen as insecure, which prompted the change to 2048 bits.
|
||||
+ Setting this option allows the client to accept parameters shorter
|
||||
+ than the current minimum, down to the RFC specified 1024 bits.
|
||||
+ Using this option may be needed when connecting to servers that
|
||||
+ only know short DH group parameters.
|
||||
+
|
||||
+ Note that using this option can severly impact security and thus
|
||||
+ should be viewed as a temporary fix of last resort and all efforts
|
||||
+ should be made to fix the server.
|
||||
+
|
||||
+ Note, that while by default this option is set to 1024 to maintain
|
||||
+ maximum backward compatibility, using it can severly impact
|
||||
+ security and thus should be viewed as a temporary fix of last
|
||||
+ resort and all efforts should be made to fix the (broken)
|
||||
+ counterparty.
|
||||
+
|
||||
LocalCommand
|
||||
Specifies a command to execute on the local machine after
|
||||
@ -314,7 +562,7 @@ diff --git a/openssh-7.2p2/ssh_config.0 b/openssh-7.2p2/ssh_config.0
|
||||
diff --git a/openssh-7.2p2/ssh_config.5 b/openssh-7.2p2/ssh_config.5
|
||||
--- a/openssh-7.2p2/ssh_config.5
|
||||
+++ b/openssh-7.2p2/ssh_config.5
|
||||
@@ -1092,16 +1092,28 @@ diffie-hellman-group14-sha1
|
||||
@@ -1092,16 +1092,32 @@ diffie-hellman-group14-sha1
|
||||
.Ed
|
||||
.Pp
|
||||
The list of available key exchange algorithms may also be obtained using the
|
||||
@ -324,17 +572,21 @@ diff --git a/openssh-7.2p2/ssh_config.5 b/openssh-7.2p2/ssh_config.5
|
||||
with an argument of
|
||||
.Dq kex .
|
||||
+.It Cm KexDHMin
|
||||
+Specifies the minimum accepted bit length of the DH group parameter p.
|
||||
+As per RFC4419, this is 1024 bits however, this has increasingly
|
||||
+Specifies the minimum accepted bit length of the DH group
|
||||
+parameter p.
|
||||
+.Pp
|
||||
+As per RFC4419, this is 1024 bits, however this has increasingly
|
||||
+been seen as insecure, which prompted the change to 2048 bits.
|
||||
+Setting this option allows the client to accept parameters shorter
|
||||
+than the current minimum, down to the RFC specified 1024 bits.
|
||||
+Using this option may be needed when connecting to servers that
|
||||
+only know short DH group parameters.
|
||||
+
|
||||
+Note that using this option can severly impact security and thus
|
||||
+should be viewed as a temporary fix of last resort and all efforts
|
||||
+should be made to fix the server.
|
||||
+.Pp
|
||||
+Note, that while by default this option is set to 1024 to maintain
|
||||
+maximum backward compatibility, using it can severly impact
|
||||
+security and thus should be viewed as a temporary fix of last
|
||||
+resort and all efforts should be made to fix the (broken)
|
||||
+counterparty.
|
||||
.It Cm LocalCommand
|
||||
Specifies a command to execute on the local machine after successfully
|
||||
connecting to the server.
|
||||
@ -343,3 +595,101 @@ diff --git a/openssh-7.2p2/ssh_config.5 b/openssh-7.2p2/ssh_config.5
|
||||
The following escape character substitutions will be performed:
|
||||
.Ql %d
|
||||
(local user's home directory),
|
||||
diff --git a/openssh-7.2p2/sshd_config b/openssh-7.2p2/sshd_config
|
||||
--- a/openssh-7.2p2/sshd_config
|
||||
+++ b/openssh-7.2p2/sshd_config
|
||||
@@ -21,16 +21,21 @@
|
||||
# HostKey for protocol version 1
|
||||
#HostKey /etc/ssh/ssh_host_key
|
||||
# HostKeys for protocol version 2
|
||||
#HostKey /etc/ssh/ssh_host_rsa_key
|
||||
#HostKey /etc/ssh/ssh_host_dsa_key
|
||||
#HostKey /etc/ssh/ssh_host_ecdsa_key
|
||||
#HostKey /etc/ssh/ssh_host_ed25519_key
|
||||
|
||||
+# Minimum accepted size of the DH parameter p. By default this is set to 1024
|
||||
+# to maintain compatibility with RFC4419, but should be set higher.
|
||||
+# Upstream default is identical to setting this to 2048.
|
||||
+#KexDHMin 1024
|
||||
+
|
||||
# Lifetime and size of ephemeral version 1 server key
|
||||
#KeyRegenerationInterval 1h
|
||||
#ServerKeyBits 1024
|
||||
|
||||
# Ciphers and keying
|
||||
#RekeyLimit default none
|
||||
|
||||
# Logging
|
||||
diff --git a/openssh-7.2p2/sshd_config.0 b/openssh-7.2p2/sshd_config.0
|
||||
--- a/openssh-7.2p2/sshd_config.0
|
||||
+++ b/openssh-7.2p2/sshd_config.0
|
||||
@@ -539,16 +539,33 @@ DESCRIPTION
|
||||
curve25519-sha256@libssh.org,
|
||||
ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
|
||||
diffie-hellman-group-exchange-sha256,
|
||||
diffie-hellman-group14-sha1
|
||||
|
||||
The list of available key exchange algorithms may also be
|
||||
obtained using the -Q option of ssh(1) with an argument of M-bM-^@M-^\kexM-bM-^@M-^].
|
||||
|
||||
+ KexDHMin
|
||||
+ Specifies the minimum accepted bit length of the DH group
|
||||
+ parameter p.
|
||||
+
|
||||
+ As per RFC4419, this is 1024 bits, however this has increasingly
|
||||
+ been seen as insecure, which prompted the change to 2048 bits.
|
||||
+ Setting this option allows the server to accept parameters shorter
|
||||
+ than the current minimum, down to the RFC specified 1024 bits.
|
||||
+ Using this option may be needed when some of the connectiong
|
||||
+ clients only know short DH group parameters.
|
||||
+
|
||||
+ Note, that while by default this option is set to 1024 to maintain
|
||||
+ maximum backward compatibility, using it can severly impact
|
||||
+ security and thus should be viewed as a temporary fix of last
|
||||
+ resort and all efforts should be made to fix the (broken)
|
||||
+ counterparty.
|
||||
+
|
||||
KeyRegenerationInterval
|
||||
In protocol version 1, the ephemeral server key is automatically
|
||||
regenerated after this many seconds (if it has been used). The
|
||||
purpose of regeneration is to prevent decrypting captured
|
||||
sessions by later breaking into the machine and stealing the
|
||||
keys. The key is never stored anywhere. If the value is 0, the
|
||||
key is never regenerated. The default is 3600 (seconds).
|
||||
|
||||
diff --git a/openssh-7.2p2/sshd_config.5 b/openssh-7.2p2/sshd_config.5
|
||||
--- a/openssh-7.2p2/sshd_config.5
|
||||
+++ b/openssh-7.2p2/sshd_config.5
|
||||
@@ -895,16 +895,32 @@ diffie-hellman-group14-sha1
|
||||
.Ed
|
||||
.Pp
|
||||
The list of available key exchange algorithms may also be obtained using the
|
||||
.Fl Q
|
||||
option of
|
||||
.Xr ssh 1
|
||||
with an argument of
|
||||
.Dq kex .
|
||||
+.It Cm KexDHMin
|
||||
+Specifies the minimum accepted bit length of the DH group
|
||||
+parameter p.
|
||||
+.Pp
|
||||
+As per RFC4419, this is 1024 bits, however this has increasingly
|
||||
+been seen as insecure, which prompted the change to 2048 bits.
|
||||
+Setting this option allows the server to accept parameters shorter
|
||||
+than the current minimum, down to the RFC specified 1024 bits.
|
||||
+Using this option may be needed when some of the connectiong
|
||||
+clients only know short DH group parameters.
|
||||
+.Pp
|
||||
+Note, that while by default this option is set to 1024 to maintain
|
||||
+maximum backward compatibility, using it can severly impact
|
||||
+security and thus should be viewed as a temporary fix of last
|
||||
+resort and all efforts should be made to fix the (broken)
|
||||
+counterparty.
|
||||
.It Cm KeyRegenerationInterval
|
||||
In protocol version 1, the ephemeral server key is automatically regenerated
|
||||
after this many seconds (if it has been used).
|
||||
The purpose of regeneration is to prevent
|
||||
decrypting captured sessions by later breaking into the machine and
|
||||
stealing the keys.
|
||||
The key is never stored anywhere.
|
||||
If the value is 0, the key is never regenerated.
|
||||
|
1834
openssh-7.2p2-fips.patch
Normal file
1834
openssh-7.2p2-fips.patch
Normal file
File diff suppressed because it is too large
Load Diff
3963
openssh-7.2p2-gssapi_key_exchange.patch
Normal file
3963
openssh-7.2p2-gssapi_key_exchange.patch
Normal file
File diff suppressed because it is too large
Load Diff
461
openssh-7.2p2-seed-prng.patch
Normal file
461
openssh-7.2p2-seed-prng.patch
Normal file
@ -0,0 +1,461 @@
|
||||
# HG changeset patch
|
||||
# Parent 36ab4b78afea8cea4e3bed1291a49ba05cbb9115
|
||||
# extended support for (re-)seeding the OpenSSL PRNG from /dev/random
|
||||
# bnc#703221, FATE#312172
|
||||
|
||||
diff --git a/openssh-7.2p2/entropy.c b/openssh-7.2p2/entropy.c
|
||||
--- a/openssh-7.2p2/entropy.c
|
||||
+++ b/openssh-7.2p2/entropy.c
|
||||
@@ -49,16 +49,17 @@
|
||||
|
||||
#include "ssh.h"
|
||||
#include "misc.h"
|
||||
#include "xmalloc.h"
|
||||
#include "atomicio.h"
|
||||
#include "pathnames.h"
|
||||
#include "log.h"
|
||||
#include "buffer.h"
|
||||
+#include "openbsd-compat/port-linux.h"
|
||||
|
||||
/*
|
||||
* Portable OpenSSH PRNG seeding:
|
||||
* If OpenSSL has not "internally seeded" itself (e.g. pulled data from
|
||||
* /dev/random), then collect RANDOM_SEED_SIZE bytes of randomness from
|
||||
* PRNGd.
|
||||
*/
|
||||
#ifndef OPENSSL_PRNG_ONLY
|
||||
@@ -224,16 +225,19 @@ seed_rng(void)
|
||||
}
|
||||
|
||||
if (seed_from_prngd(buf, sizeof(buf)) == -1)
|
||||
fatal("Could not obtain seed from PRNGd");
|
||||
RAND_add(buf, sizeof(buf), sizeof(buf));
|
||||
memset(buf, '\0', sizeof(buf));
|
||||
|
||||
#endif /* OPENSSL_PRNG_ONLY */
|
||||
+
|
||||
+ linux_seed();
|
||||
+
|
||||
if (RAND_status() != 1)
|
||||
fatal("PRNG is not seeded");
|
||||
}
|
||||
|
||||
#else /* WITH_OPENSSL */
|
||||
|
||||
/* Handled in arc4random() */
|
||||
void
|
||||
diff --git a/openssh-7.2p2/openbsd-compat/Makefile.in b/openssh-7.2p2/openbsd-compat/Makefile.in
|
||||
--- a/openssh-7.2p2/openbsd-compat/Makefile.in
|
||||
+++ b/openssh-7.2p2/openbsd-compat/Makefile.in
|
||||
@@ -15,17 +15,17 @@ AR=@AR@
|
||||
RANLIB=@RANLIB@
|
||||
INSTALL=@INSTALL@
|
||||
LDFLAGS=-L. @LDFLAGS@
|
||||
|
||||
OPENBSD=base64.o basename.o bcrypt_pbkdf.o bindresvport.o blowfish.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt_long.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o reallocarray.o realpath.o rresvport.o setenv.o setproctitle.o sha1.o sha2.o rmd160.o md5.o sigact.o strlcat.o strlcpy.o strmode.o strnlen.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o strtoull.o timingsafe_bcmp.o vis.o blowfish.o bcrypt_pbkdf.o explicit_bzero.o
|
||||
|
||||
COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o kludge-fd_set.o
|
||||
|
||||
-PORTS=port-aix.o port-irix.o port-linux.o port-solaris.o port-tun.o port-uw.o
|
||||
+PORTS=port-aix.o port-irix.o port-linux.o port-linux-prng.o port-solaris.o port-tun.o port-uw.o
|
||||
|
||||
.c.o:
|
||||
$(CC) $(CFLAGS) $(CPPFLAGS) -c $<
|
||||
|
||||
all: libopenbsd-compat.a
|
||||
|
||||
$(COMPAT): ../config.h
|
||||
$(OPENBSD): ../config.h
|
||||
diff --git a/openssh-7.2p2/openbsd-compat/port-linux-prng.c b/openssh-7.2p2/openbsd-compat/port-linux-prng.c
|
||||
new file mode 100644
|
||||
--- /dev/null
|
||||
+++ b/openssh-7.2p2/openbsd-compat/port-linux-prng.c
|
||||
@@ -0,0 +1,81 @@
|
||||
+/*
|
||||
+ * Copyright (c) 2011 Jan F. Chadima <jchadima@redhat.com>
|
||||
+ * (c) 2011 Petr Cerny <pcerny@suse.cz>
|
||||
+ *
|
||||
+ * Permission to use, copy, modify, and distribute this software for any
|
||||
+ * purpose with or without fee is hereby granted, provided that the above
|
||||
+ * copyright notice and this permission notice appear in all copies.
|
||||
+ *
|
||||
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
+ */
|
||||
+
|
||||
+/*
|
||||
+ * Linux-specific portability code - prng support
|
||||
+ */
|
||||
+
|
||||
+#include "includes.h"
|
||||
+#include "defines.h"
|
||||
+
|
||||
+#include <errno.h>
|
||||
+#include <stdarg.h>
|
||||
+#include <string.h>
|
||||
+#include <stdio.h>
|
||||
+#include <openssl/rand.h>
|
||||
+
|
||||
+#include "log.h"
|
||||
+#include "port-linux.h"
|
||||
+#include "fips.h"
|
||||
+
|
||||
+#define RNG_BYTES_DEFAULT 6L
|
||||
+#define RNG_ENV_VAR "SSH_USE_STRONG_RNG"
|
||||
+
|
||||
+long rand_bytes = 0;
|
||||
+char *rand_file = NULL;
|
||||
+
|
||||
+static void
|
||||
+linux_seed_init(void)
|
||||
+{
|
||||
+ long elen = 0;
|
||||
+ char *env = getenv(RNG_ENV_VAR);
|
||||
+
|
||||
+ if (env) {
|
||||
+ errno = 0;
|
||||
+ elen = strtol(env, NULL, 10);
|
||||
+ if (errno) {
|
||||
+ elen = RNG_BYTES_DEFAULT;
|
||||
+ debug("bogus value in the %s environment variable, "
|
||||
+ "using %li bytes from /dev/random\n",
|
||||
+ RNG_ENV_VAR, RNG_BYTES_DEFAULT);
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ if (elen || fips_mode())
|
||||
+ rand_file = "/dev/random";
|
||||
+ else
|
||||
+ rand_file = "/dev/urandom";
|
||||
+
|
||||
+ rand_bytes = MAX(elen, RNG_BYTES_DEFAULT);
|
||||
+}
|
||||
+
|
||||
+void
|
||||
+linux_seed(void)
|
||||
+{
|
||||
+ long len;
|
||||
+ if (!rand_file)
|
||||
+ linux_seed_init();
|
||||
+
|
||||
+ errno = 0;
|
||||
+ len = RAND_load_file(rand_file, rand_bytes);
|
||||
+ if (len != rand_bytes) {
|
||||
+ if (errno)
|
||||
+ fatal ("cannot read from %s, %s", rand_file, strerror(errno));
|
||||
+ else
|
||||
+ fatal ("EOF reading %s", rand_file);
|
||||
+ }
|
||||
+}
|
||||
diff --git a/openssh-7.2p2/openbsd-compat/port-linux.h b/openssh-7.2p2/openbsd-compat/port-linux.h
|
||||
--- a/openssh-7.2p2/openbsd-compat/port-linux.h
|
||||
+++ b/openssh-7.2p2/openbsd-compat/port-linux.h
|
||||
@@ -14,16 +14,20 @@
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
#ifndef _PORT_LINUX_H
|
||||
#define _PORT_LINUX_H
|
||||
|
||||
+extern long rand_bytes;
|
||||
+extern char *rand_file;
|
||||
+void linux_seed(void);
|
||||
+
|
||||
#ifdef WITH_SELINUX
|
||||
int ssh_selinux_enabled(void);
|
||||
void ssh_selinux_setup_pty(char *, const char *);
|
||||
void ssh_selinux_setup_exec_context(char *);
|
||||
void ssh_selinux_change_context(const char *);
|
||||
void ssh_selinux_setfscreatecon(const char *);
|
||||
#endif
|
||||
|
||||
diff --git a/openssh-7.2p2/ssh-add.1 b/openssh-7.2p2/ssh-add.1
|
||||
--- a/openssh-7.2p2/ssh-add.1
|
||||
+++ b/openssh-7.2p2/ssh-add.1
|
||||
@@ -166,16 +166,30 @@ or related script.
|
||||
(Note that on some machines it
|
||||
may be necessary to redirect the input from
|
||||
.Pa /dev/null
|
||||
to make this work.)
|
||||
.It Ev SSH_AUTH_SOCK
|
||||
Identifies the path of a
|
||||
.Ux Ns -domain
|
||||
socket used to communicate with the agent.
|
||||
+.It Ev SSH_USE_STRONG_RNG
|
||||
+The reseeding of the OpenSSL random generator is usually done from
|
||||
+.Cm /dev/urandom .
|
||||
+If the
|
||||
+.Cm SSH_USE_STRONG_RNG
|
||||
+environment variable is set to value other than
|
||||
+.Cm 0
|
||||
+the OpenSSL random generator is reseeded from
|
||||
+.Cm /dev/random .
|
||||
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
|
||||
+Minimum is 6 bytes.
|
||||
+This setting is not recommended on the computers without the hardware
|
||||
+random generator because insufficient entropy causes the connection to
|
||||
+be blocked until enough entropy is available.
|
||||
.El
|
||||
.Sh FILES
|
||||
.Bl -tag -width Ds
|
||||
.It Pa ~/.ssh/identity
|
||||
Contains the protocol version 1 RSA authentication identity of the user.
|
||||
.It Pa ~/.ssh/id_dsa
|
||||
Contains the protocol version 2 DSA authentication identity of the user.
|
||||
.It Pa ~/.ssh/id_ecdsa
|
||||
diff --git a/openssh-7.2p2/ssh-agent.1 b/openssh-7.2p2/ssh-agent.1
|
||||
--- a/openssh-7.2p2/ssh-agent.1
|
||||
+++ b/openssh-7.2p2/ssh-agent.1
|
||||
@@ -196,16 +196,33 @@ line terminates.
|
||||
.Sh FILES
|
||||
.Bl -tag -width Ds
|
||||
.It Pa $TMPDIR/ssh-XXXXXXXXXX/agent.\*(Ltppid\*(Gt
|
||||
.Ux Ns -domain
|
||||
sockets used to contain the connection to the authentication agent.
|
||||
These sockets should only be readable by the owner.
|
||||
The sockets should get automatically removed when the agent exits.
|
||||
.El
|
||||
+.Sh ENVIRONMENT
|
||||
+.Bl -tag -width Ds -compact
|
||||
+.Pp
|
||||
+.It Pa SSH_USE_STRONG_RNG
|
||||
+The reseeding of the OpenSSL random generator is usually done from
|
||||
+.Cm /dev/urandom .
|
||||
+If the
|
||||
+.Cm SSH_USE_STRONG_RNG
|
||||
+environment variable is set to value other than
|
||||
+.Cm 0
|
||||
+the OpenSSL random generator is reseeded from
|
||||
+.Cm /dev/random .
|
||||
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
|
||||
+Minimum is 6 bytes.
|
||||
+This setting is not recommended on the computers without the hardware
|
||||
+random generator because insufficient entropy causes the connection to
|
||||
+be blocked until enough entropy is available.
|
||||
.Sh SEE ALSO
|
||||
.Xr ssh 1 ,
|
||||
.Xr ssh-add 1 ,
|
||||
.Xr ssh-keygen 1 ,
|
||||
.Xr sshd 8
|
||||
.Sh AUTHORS
|
||||
OpenSSH is a derivative of the original and free
|
||||
ssh 1.2.12 release by Tatu Ylonen.
|
||||
diff --git a/openssh-7.2p2/ssh-keygen.1 b/openssh-7.2p2/ssh-keygen.1
|
||||
--- a/openssh-7.2p2/ssh-keygen.1
|
||||
+++ b/openssh-7.2p2/ssh-keygen.1
|
||||
@@ -841,16 +841,33 @@ on all machines
|
||||
where the user wishes to log in using public key authentication.
|
||||
There is no need to keep the contents of this file secret.
|
||||
.Pp
|
||||
.It Pa /etc/moduli
|
||||
Contains Diffie-Hellman groups used for DH-GEX.
|
||||
The file format is described in
|
||||
.Xr moduli 5 .
|
||||
.El
|
||||
+.Sh ENVIRONMENT
|
||||
+.Bl -tag -width Ds -compact
|
||||
+.Pp
|
||||
+.It Pa SSH_USE_STRONG_RNG
|
||||
+The reseeding of the OpenSSL random generator is usually done from
|
||||
+.Cm /dev/urandom .
|
||||
+If the
|
||||
+.Cm SSH_USE_STRONG_RNG
|
||||
+environment variable is set to value other than
|
||||
+.Cm 0
|
||||
+the OpenSSL random generator is reseeded from
|
||||
+.Cm /dev/random .
|
||||
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
|
||||
+Minimum is 6 bytes.
|
||||
+This setting is not recommended on the computers without the hardware
|
||||
+random generator because insufficient entropy causes the connection to
|
||||
+be blocked until enough entropy is available.
|
||||
.Sh SEE ALSO
|
||||
.Xr ssh 1 ,
|
||||
.Xr ssh-add 1 ,
|
||||
.Xr ssh-agent 1 ,
|
||||
.Xr moduli 5 ,
|
||||
.Xr sshd 8
|
||||
.Rs
|
||||
.%R RFC 4716
|
||||
diff --git a/openssh-7.2p2/ssh-keysign.8 b/openssh-7.2p2/ssh-keysign.8
|
||||
--- a/openssh-7.2p2/ssh-keysign.8
|
||||
+++ b/openssh-7.2p2/ssh-keysign.8
|
||||
@@ -75,16 +75,33 @@ must be set-uid root if host-based authe
|
||||
.Pp
|
||||
.It Pa /etc/ssh/ssh_host_dsa_key-cert.pub
|
||||
.It Pa /etc/ssh/ssh_host_ecdsa_key-cert.pub
|
||||
.It Pa /etc/ssh/ssh_host_ed25519_key-cert.pub
|
||||
.It Pa /etc/ssh/ssh_host_rsa_key-cert.pub
|
||||
If these files exist they are assumed to contain public certificate
|
||||
information corresponding with the private keys above.
|
||||
.El
|
||||
+.Sh ENVIRONMENT
|
||||
+.Bl -tag -width Ds -compact
|
||||
+.Pp
|
||||
+.It Pa SSH_USE_STRONG_RNG
|
||||
+The reseeding of the OpenSSL random generator is usually done from
|
||||
+.Cm /dev/urandom .
|
||||
+If the
|
||||
+.Cm SSH_USE_STRONG_RNG
|
||||
+environment variable is set to value other than
|
||||
+.Cm 0
|
||||
+the OpenSSL random generator is reseeded from
|
||||
+.Cm /dev/random .
|
||||
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
|
||||
+Minimum is 6 bytes.
|
||||
+This setting is not recommended on the computers without the hardware
|
||||
+random generator because insufficient entropy causes the connection to
|
||||
+be blocked until enough entropy is available.
|
||||
.Sh SEE ALSO
|
||||
.Xr ssh 1 ,
|
||||
.Xr ssh-keygen 1 ,
|
||||
.Xr ssh_config 5 ,
|
||||
.Xr sshd 8
|
||||
.Sh HISTORY
|
||||
.Nm
|
||||
first appeared in
|
||||
diff --git a/openssh-7.2p2/ssh.1 b/openssh-7.2p2/ssh.1
|
||||
--- a/openssh-7.2p2/ssh.1
|
||||
+++ b/openssh-7.2p2/ssh.1
|
||||
@@ -1411,16 +1411,30 @@ reads
|
||||
and adds lines of the format
|
||||
.Dq VARNAME=value
|
||||
to the environment if the file exists and users are allowed to
|
||||
change their environment.
|
||||
For more information, see the
|
||||
.Cm PermitUserEnvironment
|
||||
option in
|
||||
.Xr sshd_config 5 .
|
||||
+.It Ev SSH_USE_STRONG_RNG
|
||||
+The reseeding of the OpenSSL random generator is usually done from
|
||||
+.Cm /dev/urandom .
|
||||
+If the
|
||||
+.Cm SSH_USE_STRONG_RNG
|
||||
+environment variable is set to value other than
|
||||
+.Cm 0
|
||||
+the OpenSSL random generator is reseeded from
|
||||
+.Cm /dev/random .
|
||||
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
|
||||
+Minimum is 6 bytes.
|
||||
+This setting is not recommended on the computers without the hardware
|
||||
+random generator because insufficient entropy causes the connection to
|
||||
+be blocked until enough entropy is available.
|
||||
.Sh FILES
|
||||
.Bl -tag -width Ds -compact
|
||||
.It Pa ~/.rhosts
|
||||
This file is used for host-based authentication (see above).
|
||||
On some machines this file may need to be
|
||||
world-readable if the user's home directory is on an NFS partition,
|
||||
because
|
||||
.Xr sshd 8
|
||||
diff --git a/openssh-7.2p2/sshd.8 b/openssh-7.2p2/sshd.8
|
||||
--- a/openssh-7.2p2/sshd.8
|
||||
+++ b/openssh-7.2p2/sshd.8
|
||||
@@ -972,16 +972,33 @@ and not group or world-writable.
|
||||
.It Pa /var/run/sshd.pid
|
||||
Contains the process ID of the
|
||||
.Nm
|
||||
listening for connections (if there are several daemons running
|
||||
concurrently for different ports, this contains the process ID of the one
|
||||
started last).
|
||||
The content of this file is not sensitive; it can be world-readable.
|
||||
.El
|
||||
+.Sh ENVIRONMENT
|
||||
+.Bl -tag -width Ds -compact
|
||||
+.Pp
|
||||
+.It Pa SSH_USE_STRONG_RNG
|
||||
+The reseeding of the OpenSSL random generator is usually done from
|
||||
+.Cm /dev/urandom .
|
||||
+If the
|
||||
+.Cm SSH_USE_STRONG_RNG
|
||||
+environment variable is set to value other than
|
||||
+.Cm 0
|
||||
+the OpenSSL random generator is reseeded from
|
||||
+.Cm /dev/random .
|
||||
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
|
||||
+Minimum is 6 bytes.
|
||||
+This setting is not recommended on the computers without the hardware
|
||||
+random generator because insufficient entropy causes the connection to
|
||||
+be blocked until enough entropy is available.
|
||||
.Sh SEE ALSO
|
||||
.Xr scp 1 ,
|
||||
.Xr sftp 1 ,
|
||||
.Xr ssh 1 ,
|
||||
.Xr ssh-add 1 ,
|
||||
.Xr ssh-agent 1 ,
|
||||
.Xr ssh-keygen 1 ,
|
||||
.Xr ssh-keyscan 1 ,
|
||||
diff --git a/openssh-7.2p2/sshd.c b/openssh-7.2p2/sshd.c
|
||||
--- a/openssh-7.2p2/sshd.c
|
||||
+++ b/openssh-7.2p2/sshd.c
|
||||
@@ -50,16 +50,18 @@
|
||||
#ifdef HAVE_SYS_STAT_H
|
||||
# include <sys/stat.h>
|
||||
#endif
|
||||
#ifdef HAVE_SYS_TIME_H
|
||||
# include <sys/time.h>
|
||||
#endif
|
||||
#include "openbsd-compat/sys-tree.h"
|
||||
#include "openbsd-compat/sys-queue.h"
|
||||
+#include "openbsd-compat/port-linux.h"
|
||||
+
|
||||
#include <sys/wait.h>
|
||||
|
||||
#include <errno.h>
|
||||
#include <fcntl.h>
|
||||
#include <netdb.h>
|
||||
#ifdef HAVE_PATHS_H
|
||||
#include <paths.h>
|
||||
#endif
|
||||
@@ -209,16 +211,23 @@ struct {
|
||||
Key **host_pubkeys; /* all public host keys */
|
||||
Key **host_certificates; /* all public host certificates */
|
||||
int have_ssh1_key;
|
||||
int have_ssh2_key;
|
||||
u_char ssh1_cookie[SSH_SESSION_KEY_LENGTH];
|
||||
} sensitive_data;
|
||||
|
||||
/*
|
||||
+ * Every RESEED_AFTERth connection triggers call to linux_seed() to re-seed the
|
||||
+ * random pool.
|
||||
+ */
|
||||
+#define RESEED_AFTER 100
|
||||
+static int re_seeding_counter = RESEED_AFTER;
|
||||
+
|
||||
+/*
|
||||
* Flag indicating whether the RSA server key needs to be regenerated.
|
||||
* Is set in the SIGALRM handler and cleared when the key is regenerated.
|
||||
*/
|
||||
static volatile sig_atomic_t key_do_regen = 0;
|
||||
|
||||
/* This is set to true when a signal is received. */
|
||||
static volatile sig_atomic_t received_sighup = 0;
|
||||
static volatile sig_atomic_t received_sigterm = 0;
|
||||
@@ -1343,16 +1352,20 @@ server_accept_loop(int *sock_in, int *so
|
||||
for (j = 0; j < options.max_startups; j++)
|
||||
if (startup_pipes[j] == -1) {
|
||||
startup_pipes[j] = startup_p[0];
|
||||
if (maxfd < startup_p[0])
|
||||
maxfd = startup_p[0];
|
||||
startups++;
|
||||
break;
|
||||
}
|
||||
+ if(!(--re_seeding_counter)) {
|
||||
+ re_seeding_counter = RESEED_AFTER;
|
||||
+ linux_seed();
|
||||
+ }
|
||||
|
||||
/*
|
||||
* Got connection. Fork a child to handle it, unless
|
||||
* we are in debugging mode.
|
||||
*/
|
||||
if (debug_flag) {
|
||||
/*
|
||||
* In debugging mode. Close the listening
|
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package openssh-askpass-gnome
|
||||
#
|
||||
# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||
# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
|
@ -1,3 +1,13 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Sep 16 12:45:11 UTC 2016 - pcerny@suse.com
|
||||
|
||||
- FIPS compatibility (no selfchecks, only crypto restrictions)
|
||||
[openssh-7.2p2-fips.patch]
|
||||
- PRNG re-seeding
|
||||
[openssh-7.2p2-seed-prng.patch]
|
||||
- preliminary version of GSSAPI KEX
|
||||
[openssh-7.2p2-gssapi_key_exchange.patch]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jul 25 13:46:06 UTC 2016 - meissner@suse.com
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package openssh
|
||||
#
|
||||
# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||
# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@ -125,6 +125,9 @@ Patch12: openssh-7.2p2-pam_check_locks.patch
|
||||
Patch13: openssh-7.2p2-disable_short_DH_parameters.patch
|
||||
Patch14: openssh-7.2p2-seccomp_getuid.patch
|
||||
Patch15: openssh-7.2p2-seccomp_stat.patch
|
||||
Patch16: openssh-7.2p2-fips.patch
|
||||
Patch17: openssh-7.2p2-seed-prng.patch
|
||||
Patch18: openssh-7.2p2-gssapi_key_exchange.patch
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
Conflicts: nonfreessh
|
||||
Recommends: audit
|
||||
@ -192,6 +195,9 @@ FIPS140 CAVS tests related parts of the OpenSSH package
|
||||
%patch13 -p2
|
||||
%patch14 -p2
|
||||
%patch15 -p2
|
||||
%patch16 -p2
|
||||
%patch17 -p2
|
||||
%patch18 -p2
|
||||
cp %{SOURCE3} %{SOURCE4} %{SOURCE11} .
|
||||
|
||||
%build
|
||||
|
Loading…
Reference in New Issue
Block a user