openssh/openssh-7.2p2-audit_seed_prng.patch

# HG changeset patch
# Parent  3aad88a155050008275527c0624ae6fa05d0cdad
Audit PRNG re-seeding

diff --git a/openssh-7.2p2/audit-bsm.c b/openssh-7.2p2/audit-bsm.c
--- a/openssh-7.2p2/audit-bsm.c
+++ b/openssh-7.2p2/audit-bsm.c
@@ -504,9 +504,15 @@ audit_destroy_sensitive_data(const char 
 	/* not implemented */
 }
 
 void
 audit_generate_ephemeral_server_key(const char *fp)
 {
 	/* not implemented */
 }
+
+void
+audit_linux_prng_seed(long bytes, const char *rf)
+{
+	/* not implemented */
+}
 #endif /* BSM */
diff --git a/openssh-7.2p2/audit-linux.c b/openssh-7.2p2/audit-linux.c
--- a/openssh-7.2p2/audit-linux.c
+++ b/openssh-7.2p2/audit-linux.c
@@ -402,9 +402,31 @@ audit_generate_ephemeral_server_key(cons
 	}
 	audit_ok = audit_log_user_message(audit_fd, AUDIT_CRYPTO_KEY_USER,
 			buf, NULL, 0, NULL, 1);
 	audit_close(audit_fd);
 	/* do not abort if the error is EPERM and sshd is run as non root user */
 	if ((audit_ok < 0) && ((audit_ok != -1) || (getuid() == 0)))
 		error("cannot write into audit");
 }
+
+void
+audit_linux_prng_seed(long bytes, const char *rf)
+{
+	char buf[AUDIT_LOG_SIZE];
+	int audit_fd, audit_ok;
+
+	snprintf(buf, sizeof(buf), "op=prng_seed kind=server bytes=%li source=%s ", bytes, rf);
+	audit_fd = audit_open();
+	if (audit_fd < 0) {
+		if (errno != EINVAL && errno != EPROTONOSUPPORT &&
+					 errno != EAFNOSUPPORT)
+			error("cannot open audit");
+		return;
+	}
+	audit_ok = audit_log_user_message(audit_fd, AUDIT_CRYPTO_PARAM_CHANGE_USER,
+			buf, NULL, 0, NULL, 1);
+	audit_close(audit_fd);
+	/* do not abort if the error is EPERM and sshd is run as non root user */
+	if ((audit_ok < 0) && ((audit_ok != -1) || (getuid() == 0)))
+		error("cannot write into audit");
+}
 #endif /* USE_LINUX_AUDIT */
diff --git a/openssh-7.2p2/audit.c b/openssh-7.2p2/audit.c
--- a/openssh-7.2p2/audit.c
+++ b/openssh-7.2p2/audit.c
@@ -304,10 +304,16 @@ audit_destroy_sensitive_data(const char 
 /*
  * This will be called on generation of the ephemeral server key
  */
 void
 audit_generate_ephemeral_server_key(const char *)
 {
 	debug("audit create ephemeral server key euid %d fingerprint %s", geteuid(), fp);
 }
+
+void
+audit_linux_prng_seed(long bytes, const char *rf)
+{
+	debug("audit PRNG seed euid %d bytes %li source %s", geteuid(), bytes, rf);
+}
 # endif  /* !defined CUSTOM_SSH_AUDIT_EVENTS */
 #endif /* SSH_AUDIT_EVENTS */
diff --git a/openssh-7.2p2/audit.h b/openssh-7.2p2/audit.h
--- a/openssh-7.2p2/audit.h
+++ b/openssh-7.2p2/audit.h
@@ -69,10 +69,11 @@ void	audit_key(int, int *, const Key *);
 void	audit_unsupported(int);
 void	audit_kex(int, char *, char *, char *, char *);
 void	audit_unsupported_body(int);
 void	audit_kex_body(int, char *, char *, char *, char *, pid_t, uid_t);
 void	audit_session_key_free(int ctos);
 void	audit_session_key_free_body(int ctos, pid_t, uid_t);
 void	audit_destroy_sensitive_data(const char *, pid_t, uid_t);
 void	audit_generate_ephemeral_server_key(const char *);
+void	audit_linux_prng_seed(long, const char *);
 
 #endif /* _SSH_AUDIT_H */
diff --git a/openssh-7.2p2/sshd.c b/openssh-7.2p2/sshd.c
--- a/openssh-7.2p2/sshd.c
+++ b/openssh-7.2p2/sshd.c
@@ -1421,16 +1421,19 @@ server_accept_loop(int *sock_in, int *so
 					if (maxfd < startup_p[0])
 						maxfd = startup_p[0];
 					startups++;
 					break;
 				}
 			if(!(--re_seeding_counter)) {
 				re_seeding_counter = RESEED_AFTER;
 				linux_seed();
+#ifdef SSH_AUDIT_EVENTS
+				audit_linux_prng_seed(rand_bytes, rand_file);
+#endif
 			}
 
 			/*
 			 * Got connection.  Fork a child to handle it, unless
 			 * we are in debugging mode.
 			 */
 			if (debug_flag) {
 				/*
Accepting request 433779 from home:pcerny:factory - remaining patches that were still missing since the update to 7.2p2 (FATE#319675): [openssh-7.2p2-disable_openssl_abi_check.patch] - fix forwarding with IPv6 addresses in DISPLAY (bnc#847710) [openssh-7.2p2-IPv6_X_forwarding.patch] - ignore PAM environment when using login (bsc#975865, CVE-2015-8325) [openssh-7.2p2-ignore_PAM_with_UseLogin.patch] - limit accepted password length (prevents possible DoS) (bsc#992533, CVE-2016-6515) [openssh-7.2p2-limit_password_length.patch] - Prevent user enumeration through the timing of password processing (bsc#989363, CVE-2016-6210) [openssh-7.2p2-prevent_timing_user_enumeration.patch] - Add auditing for PRNG re-seeding [openssh-7.2p2-audit_seed_prng.patch] OBS-URL: https://build.opensuse.org/request/show/433779 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=113 2016-10-07 17:57:29 +02:00			`# HG changeset patch`
			`# Parent 3aad88a155050008275527c0624ae6fa05d0cdad`
			`Audit PRNG re-seeding`

			`diff --git a/openssh-7.2p2/audit-bsm.c b/openssh-7.2p2/audit-bsm.c`
			`--- a/openssh-7.2p2/audit-bsm.c`
			`+++ b/openssh-7.2p2/audit-bsm.c`
			`@@ -504,9 +504,15 @@ audit_destroy_sensitive_data(const char`
			`/* not implemented */`
			`}`

			`void`
			`audit_generate_ephemeral_server_key(const char *fp)`
			`{`
			`/* not implemented */`
			`}`
			`+`
			`+void`
			`+audit_linux_prng_seed(long bytes, const char *rf)`
			`+{`
			`+ /* not implemented */`
			`+}`
			`#endif /* BSM */`
			`diff --git a/openssh-7.2p2/audit-linux.c b/openssh-7.2p2/audit-linux.c`
			`--- a/openssh-7.2p2/audit-linux.c`
			`+++ b/openssh-7.2p2/audit-linux.c`
			`@@ -402,9 +402,31 @@ audit_generate_ephemeral_server_key(cons`
			`}`
			`audit_ok = audit_log_user_message(audit_fd, AUDIT_CRYPTO_KEY_USER,`
			`buf, NULL, 0, NULL, 1);`
			`audit_close(audit_fd);`
			`/* do not abort if the error is EPERM and sshd is run as non root user */`
			`if ((audit_ok < 0) && ((audit_ok != -1) \|\| (getuid() == 0)))`
			`error("cannot write into audit");`
			`}`
			`+`
			`+void`
			`+audit_linux_prng_seed(long bytes, const char *rf)`
			`+{`
			`+ char buf[AUDIT_LOG_SIZE];`
			`+ int audit_fd, audit_ok;`
			`+`
			`+ snprintf(buf, sizeof(buf), "op=prng_seed kind=server bytes=%li source=%s ", bytes, rf);`
			`+ audit_fd = audit_open();`
			`+ if (audit_fd < 0) {`
			`+ if (errno != EINVAL && errno != EPROTONOSUPPORT &&`
			`+ errno != EAFNOSUPPORT)`
			`+ error("cannot open audit");`
			`+ return;`
			`+ }`
			`+ audit_ok = audit_log_user_message(audit_fd, AUDIT_CRYPTO_PARAM_CHANGE_USER,`
			`+ buf, NULL, 0, NULL, 1);`
			`+ audit_close(audit_fd);`
			`+ /* do not abort if the error is EPERM and sshd is run as non root user */`
			`+ if ((audit_ok < 0) && ((audit_ok != -1) \|\| (getuid() == 0)))`
			`+ error("cannot write into audit");`
			`+}`
			`#endif /* USE_LINUX_AUDIT */`
			`diff --git a/openssh-7.2p2/audit.c b/openssh-7.2p2/audit.c`
			`--- a/openssh-7.2p2/audit.c`
			`+++ b/openssh-7.2p2/audit.c`
			`@@ -304,10 +304,16 @@ audit_destroy_sensitive_data(const char`
			`/*`
			`* This will be called on generation of the ephemeral server key`
			`*/`
			`void`
			`audit_generate_ephemeral_server_key(const char *)`
			`{`
			`debug("audit create ephemeral server key euid %d fingerprint %s", geteuid(), fp);`
			`}`
			`+`
			`+void`
			`+audit_linux_prng_seed(long bytes, const char *rf)`
			`+{`
			`+ debug("audit PRNG seed euid %d bytes %li source %s", geteuid(), bytes, rf);`
			`+}`
			`# endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */`
			`#endif /* SSH_AUDIT_EVENTS */`
			`diff --git a/openssh-7.2p2/audit.h b/openssh-7.2p2/audit.h`
			`--- a/openssh-7.2p2/audit.h`
			`+++ b/openssh-7.2p2/audit.h`
			`@@ -69,10 +69,11 @@ void audit_key(int, int , const Key );`
			`void audit_unsupported(int);`
			`void audit_kex(int, char , char , char , char );`
			`void audit_unsupported_body(int);`
			`void audit_kex_body(int, char , char , char , char , pid_t, uid_t);`
			`void audit_session_key_free(int ctos);`
			`void audit_session_key_free_body(int ctos, pid_t, uid_t);`
			`void audit_destroy_sensitive_data(const char *, pid_t, uid_t);`
			`void audit_generate_ephemeral_server_key(const char *);`
			`+void audit_linux_prng_seed(long, const char *);`

			`#endif /* _SSH_AUDIT_H */`
			`diff --git a/openssh-7.2p2/sshd.c b/openssh-7.2p2/sshd.c`
			`--- a/openssh-7.2p2/sshd.c`
			`+++ b/openssh-7.2p2/sshd.c`
			`@@ -1421,16 +1421,19 @@ server_accept_loop(int sock_in, int so`
			`if (maxfd < startup_p[0])`
			`maxfd = startup_p[0];`
			`startups++;`
			`break;`
			`}`
			`if(!(--re_seeding_counter)) {`
			`re_seeding_counter = RESEED_AFTER;`
			`linux_seed();`
			`+#ifdef SSH_AUDIT_EVENTS`
			`+ audit_linux_prng_seed(rand_bytes, rand_file);`
			`+#endif`
			`}`

			`/*`
			`* Got connection. Fork a child to handle it, unless`
			`* we are in debugging mode.`
			`*/`
			`if (debug_flag) {`
			`/*`