diff options
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | WARNING.RNG | 80 | ||||
-rw-r--r-- | configure.in | 17 |
3 files changed, 100 insertions, 2 deletions
@@ -1,3 +1,8 @@ | |||
1 | 20001025 | ||
2 | - (djm) Added WARNING.RNG file and modified configure to ask users of the | ||
3 | builtin entropy code to read it. | ||
4 | - (djm) Prefer builtin regex to PCRE. | ||
5 | |||
1 | 20001020 | 6 | 20001020 |
2 | - (djm) Don't define _REENTRANT for SNI/Reliant Unix | 7 | - (djm) Don't define _REENTRANT for SNI/Reliant Unix |
3 | - (bal) Imported NEWS-OS waitpid() macros into NeXT. Since implementation | 8 | - (bal) Imported NEWS-OS waitpid() macros into NeXT. Since implementation |
diff --git a/WARNING.RNG b/WARNING.RNG new file mode 100644 index 000000000..5f129f402 --- /dev/null +++ b/WARNING.RNG | |||
@@ -0,0 +1,80 @@ | |||
1 | This document contains a description of portable OpenSSH's random | ||
2 | number collection code. An alternate reading of this text could | ||
3 | well be titled "Why I should pressure my system vendor to supply | ||
4 | /dev/random in their OS". | ||
5 | |||
6 | Why is this important? OpenSSH depends on good, unpredictable numbers | ||
7 | for generating keys, performing digital signatures and forming | ||
8 | cryptographic challenges. If the random numbers that it uses are | ||
9 | predictable, then the strength of the whole system is compromised. | ||
10 | |||
11 | A particularly pernicious problem arises with DSA keys (used by the | ||
12 | ssh2 protocol). Performing a DSA signature (which is required for | ||
13 | authentication), entails the use of a 160 bit random number. If an | ||
14 | attacker can predict this number, then they can deduce your *private* | ||
15 | key and impersonate you. | ||
16 | |||
17 | If you are using the builtin random number support (configure will | ||
18 | tell you if this is the case), then read this document in its entirety | ||
19 | and consider disabling ssh2 support (by adding "Protocol 1" to | ||
20 | sshd_config and ssh_config). | ||
21 | |||
22 | Please also request that your OS vendor provides a kernel-based random | ||
23 | number collector (/dev/random) in future versions of your operating | ||
24 | systems. | ||
25 | |||
26 | On to the description... | ||
27 | |||
28 | The portable OpenSSH contains random number collection support for | ||
29 | systems which lack a kernel entropy pool (/dev/random). | ||
30 | |||
31 | This collector operates by executing the programs listed in | ||
32 | ($etcdir)/ssh_prng_cmds, reading their output and adding it to the | ||
33 | PRNG supplied by OpenSSL (which is hash-based). It also stirs in the | ||
34 | output of several system calls and timings from the execution of the | ||
35 | programs that it runs. | ||
36 | |||
37 | The ssh_prng_cmds file also specifies a 'rate' for each program. This | ||
38 | represents the number of bits of randomness per byte of output from | ||
39 | the specified program. | ||
40 | |||
41 | The random number code will also read and save a seed file to | ||
42 | ~/.ssh/prng_seed. This contents of this file are added to the random | ||
43 | number generator at startup. | ||
44 | |||
45 | This approach presents two problems: | ||
46 | |||
47 | 1. It is slow. | ||
48 | |||
49 | Executing each program in the list can take a large amount of time, | ||
50 | especially on slower machines. Additionally some program can take a | ||
51 | disproportionate time to execute. | ||
52 | |||
53 | This can be tuned by the administrator. To debug the entropy | ||
54 | collection is great detail, turn on full debugging ("ssh -v -v -v" or | ||
55 | "sshd -d -d -d"). This will list each program as it is executed, how | ||
56 | long it took to execute, its exit status and whether and how much data | ||
57 | it generated. You can the find the culprit programs which are causing | ||
58 | the real slow-downs. | ||
59 | |||
60 | The entropy collector will timeout programs which take too long | ||
61 | to execute, the actual timeout used can be adjusted with the | ||
62 | --with-entropy-timeout configure option. OpenSSH will not try to | ||
63 | re-execute programs which have not been found, have had a non-zero | ||
64 | exit status or have timed out more than a couple of times. | ||
65 | |||
66 | 2. Estimating the real 'rate' of program outputs is non-trivial | ||
67 | |||
68 | The shear volume of the task is problematic: there are currently | ||
69 | around 50 commands in the ssh_prng_cmds list, portable OpenSSH | ||
70 | supports at least 12 different OSs. That is already 600 sets of data | ||
71 | to be analysed, without taking into account the numerous differences | ||
72 | between versions of each OS. | ||
73 | |||
74 | On top of this, the different commands can produce varying amounts of | ||
75 | usable data depending on how busy the machine is, how long it has been | ||
76 | up and various other factors. | ||
77 | |||
78 | To make matters even more complex, some of the commands are reporting | ||
79 | largely the same data as other commands (eg. the various "ps" calls). | ||
80 | |||
diff --git a/configure.in b/configure.in index ed4d05199..90e75bef4 100644 --- a/configure.in +++ b/configure.in | |||
@@ -266,8 +266,14 @@ AC_ARG_WITH(libs, | |||
266 | # Checks for libraries. | 266 | # Checks for libraries. |
267 | AC_CHECK_LIB(z, deflate, ,AC_MSG_ERROR([*** zlib missing - please install first ***])) | 267 | AC_CHECK_LIB(z, deflate, ,AC_MSG_ERROR([*** zlib missing - please install first ***])) |
268 | AC_CHECK_LIB(util, login, AC_DEFINE(HAVE_LIBUTIL_LOGIN) LIBS="$LIBS -lutil") | 268 | AC_CHECK_LIB(util, login, AC_DEFINE(HAVE_LIBUTIL_LOGIN) LIBS="$LIBS -lutil") |
269 | AC_CHECK_LIB(pcre, pcre_info, | 269 | |
270 | AC_DEFINE(HAVE_LIBPCRE) LIBS="$LIBS -lpcreposix -lpcre") | 270 | AC_CHECK_FUNC(regcomp, |
271 | [], | ||
272 | [ | ||
273 | AC_CHECK_LIB(pcre, pcre_info, | ||
274 | AC_DEFINE(HAVE_LIBPCRE) LIBS="$LIBS -lpcreposix -lpcre") | ||
275 | ] | ||
276 | ) | ||
271 | 277 | ||
272 | if test -z "$no_libsocket" ; then | 278 | if test -z "$no_libsocket" ; then |
273 | AC_CHECK_LIB(nsl, yp_match, , ) | 279 | AC_CHECK_LIB(nsl, yp_match, , ) |
@@ -1531,6 +1537,7 @@ else | |||
1531 | RAND_MSG="EGD ($EGD_SOCKET)" | 1537 | RAND_MSG="EGD ($EGD_SOCKET)" |
1532 | else | 1538 | else |
1533 | RAND_MSG="Builtin (timeout $entropy_timeout)" | 1539 | RAND_MSG="Builtin (timeout $entropy_timeout)" |
1540 | BUILTIN_RNG=1 | ||
1534 | fi | 1541 | fi |
1535 | fi | 1542 | fi |
1536 | 1543 | ||
@@ -1574,3 +1581,9 @@ echo " Libraries: ${LIBS}" | |||
1574 | 1581 | ||
1575 | echo "" | 1582 | echo "" |
1576 | 1583 | ||
1584 | if test ! -z "$BUILTIN_RNG" ; then | ||
1585 | echo "WARNING: you are using the builtin random number collection service." | ||
1586 | echo "Please read WARNING.RNG and request that your OS vendor includes" | ||
1587 | echo "/dev/random in future versions of their OS." | ||
1588 | echo "" | ||
1589 | fi | ||