[openssh] bump the minimum value of SSH_USE_STRONG_RNG to 14 according to SP800-131A
plautrba
plautrba at fedoraproject.org
Tue Sep 10 07:50:32 UTC 2013
commit 9acec07a0f058cd275c3a0b14f471cb95c9aae9f
Author: Petr Lautrbach <plautrba at redhat.com>
Date: Tue Sep 10 09:50:09 2013 +0200
bump the minimum value of SSH_USE_STRONG_RNG to 14 according to SP800-131A
openssh-6.2p1-entropy.patch | 18 +++++++++---------
1 files changed, 9 insertions(+), 9 deletions(-)
---
diff --git a/openssh-6.2p1-entropy.patch b/openssh-6.2p1-entropy.patch
index 7b9faeb..4553422 100644
--- a/openssh-6.2p1-entropy.patch
+++ b/openssh-6.2p1-entropy.patch
@@ -71,11 +71,11 @@ diff -up openssh-6.2p1/openbsd-compat/port-linux-prng.c.entropy openssh-6.2p1/op
+ int len;
+ char *env = getenv("SSH_USE_STRONG_RNG");
+ char *random = "/dev/random";
-+ size_t ienv, randlen = 6;
++ size_t ienv, randlen = 14;
+
+ if (!env || !strcmp(env, "0"))
+ random = "/dev/urandom";
-+ else if ((ienv = atoi(env)) > 6)
++ else if ((ienv = atoi(env)) > randlen)
+ randlen = ienv;
+
+ errno = 0;
@@ -98,7 +98,7 @@ diff -up openssh-6.2p1/ssh-add.0.entropy openssh-6.2p1/ssh-add.0
+ from /dev/urandom. If the SSH_USE_STRONG_RNG environment vari-
+ able is set to value other than 0 the OpenSSL random generator is
+ reseeded from /dev/random. The number of bytes read is defined
-+ by the SSH_USE_STRONG_RNG value. Minimum is 6 bytes. This set-
++ by the SSH_USE_STRONG_RNG value. Minimum is 14 bytes. This set-
+ ting is not recommended on the computers without the hardware
+ random generator because insufficient entropy causes the connec-
+ tion to be blocked until enough entropy is available.
@@ -123,7 +123,7 @@ diff -up openssh-6.2p1/ssh-add.1.entropy openssh-6.2p1/ssh-add.1
+the OpenSSL random generator is reseeded from
+.Cm /dev/random .
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
-+Minimum is 6 bytes.
++Minimum is 14 bytes.
+This setting is not recommended on the computers without the hardware
+random generator because insufficient entropy causes the connection to
+be blocked until enough entropy is available.
@@ -150,7 +150,7 @@ diff -up openssh-6.2p1/ssh-agent.1.entropy openssh-6.2p1/ssh-agent.1
+the OpenSSL random generator is reseeded from
+.Cm /dev/random .
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
-+Minimum is 6 bytes.
++Minimum is 14 bytes.
+This setting is not recommended on the computers without the hardware
+random generator because insufficient entropy causes the connection to
+be blocked until enough entropy is available.
@@ -178,7 +178,7 @@ diff -up openssh-6.2p1/sshd.8.entropy openssh-6.2p1/sshd.8
+the OpenSSL random generator is reseeded from
+.Cm /dev/random .
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
-+Minimum is 6 bytes.
++Minimum is 14 bytes.
+This setting is not recommended on the computers without the hardware
+random generator because insufficient entropy causes the connection to
+be blocked until enough entropy is available.
@@ -206,7 +206,7 @@ diff -up openssh-6.2p1/ssh-keygen.1.entropy openssh-6.2p1/ssh-keygen.1
+the OpenSSL random generator is reseeded from
+.Cm /dev/random .
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
-+Minimum is 6 bytes.
++Minimum is 14 bytes.
+This setting is not recommended on the computers without the hardware
+random generator because insufficient entropy causes the connection to
+be blocked until enough entropy is available.
@@ -234,7 +234,7 @@ diff -up openssh-6.2p1/ssh-keysign.8.entropy openssh-6.2p1/ssh-keysign.8
+the OpenSSL random generator is reseeded from
+.Cm /dev/random .
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
-+Minimum is 6 bytes.
++Minimum is 14 bytes.
+This setting is not recommended on the computers without the hardware
+random generator because insufficient entropy causes the connection to
+be blocked until enough entropy is available.
@@ -261,7 +261,7 @@ diff -up openssh-6.2p1/ssh.1.entropy openssh-6.2p1/ssh.1
+the OpenSSL random generator is reseeded from
+.Cm /dev/random .
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
-+Minimum is 6 bytes.
++Minimum is 14 bytes.
+This setting is not recommended on the computers without the hardware
+random generator because insufficient entropy causes the connection to
+be blocked until enough entropy is available.
More information about the scm-commits
mailing list