[openssh] bump the minimum value of SSH_USE_STRONG_RNG to 14 according to SP800-131A

plautrba plautrba at fedoraproject.org
Tue Sep 10 07:50:32 UTC 2013 

commit 9acec07a0f058cd275c3a0b14f471cb95c9aae9f
Author: Petr Lautrbach <plautrba at redhat.com>
Date:   Tue Sep 10 09:50:09 2013 +0200

    bump the minimum value of SSH_USE_STRONG_RNG to 14 according to SP800-131A

 openssh-6.2p1-entropy.patch |   18 +++++++++---------
 1 files changed, 9 insertions(+), 9 deletions(-)
---
diff --git a/openssh-6.2p1-entropy.patch b/openssh-6.2p1-entropy.patch
index 7b9faeb..4553422 100644
--- a/openssh-6.2p1-entropy.patch
+++ b/openssh-6.2p1-entropy.patch
@@ -71,11 +71,11 @@ diff -up openssh-6.2p1/openbsd-compat/port-linux-prng.c.entropy openssh-6.2p1/op
 +	int len;
 +	char *env = getenv("SSH_USE_STRONG_RNG");
 +	char *random = "/dev/random";
-+	size_t ienv, randlen = 6;
++	size_t ienv, randlen = 14;
 +
 +	if (!env || !strcmp(env, "0"))
 +		random = "/dev/urandom";
-+	else if ((ienv = atoi(env)) > 6)
++	else if ((ienv = atoi(env)) > randlen)
 +		randlen = ienv;
 +
 +	errno = 0;
@@ -98,7 +98,7 @@ diff -up openssh-6.2p1/ssh-add.0.entropy openssh-6.2p1/ssh-add.0
 +             from /dev/urandom.  If the SSH_USE_STRONG_RNG environment vari-
 +             able is set to value other than 0 the OpenSSL random generator is
 +             reseeded from /dev/random.  The number of bytes read is defined
-+             by the SSH_USE_STRONG_RNG value.  Minimum is 6 bytes.  This set-
++             by the SSH_USE_STRONG_RNG value.  Minimum is 14 bytes.  This set-
 +             ting is not recommended on the computers without the hardware
 +             random generator because insufficient entropy causes the connec-
 +             tion to be blocked until enough entropy is available.
@@ -123,7 +123,7 @@ diff -up openssh-6.2p1/ssh-add.1.entropy openssh-6.2p1/ssh-add.1
 +the OpenSSL random generator is reseeded from
 +.Cm /dev/random .
 +The number of bytes read is defined by the SSH_USE_STRONG_RNG value. 
-+Minimum is 6 bytes.
++Minimum is 14 bytes.
 +This setting is not recommended on the computers without the hardware
 +random generator because insufficient entropy causes the connection to 
 +be blocked until enough entropy is available.
@@ -150,7 +150,7 @@ diff -up openssh-6.2p1/ssh-agent.1.entropy openssh-6.2p1/ssh-agent.1
 +the OpenSSL random generator is reseeded from
 +.Cm /dev/random .
 +The number of bytes read is defined by the SSH_USE_STRONG_RNG value. 
-+Minimum is 6 bytes.
++Minimum is 14 bytes.
 +This setting is not recommended on the computers without the hardware
 +random generator because insufficient entropy causes the connection to 
 +be blocked until enough entropy is available.
@@ -178,7 +178,7 @@ diff -up openssh-6.2p1/sshd.8.entropy openssh-6.2p1/sshd.8
 +the OpenSSL random generator is reseeded from
 +.Cm /dev/random .
 +The number of bytes read is defined by the SSH_USE_STRONG_RNG value. 
-+Minimum is 6 bytes.
++Minimum is 14 bytes.
 +This setting is not recommended on the computers without the hardware
 +random generator because insufficient entropy causes the connection to 
 +be blocked until enough entropy is available.
@@ -206,7 +206,7 @@ diff -up openssh-6.2p1/ssh-keygen.1.entropy openssh-6.2p1/ssh-keygen.1
 +the OpenSSL random generator is reseeded from
 +.Cm /dev/random .
 +The number of bytes read is defined by the SSH_USE_STRONG_RNG value. 
-+Minimum is 6 bytes.
++Minimum is 14 bytes.
 +This setting is not recommended on the computers without the hardware
 +random generator because insufficient entropy causes the connection to 
 +be blocked until enough entropy is available.
@@ -234,7 +234,7 @@ diff -up openssh-6.2p1/ssh-keysign.8.entropy openssh-6.2p1/ssh-keysign.8
 +the OpenSSL random generator is reseeded from
 +.Cm /dev/random .
 +The number of bytes read is defined by the SSH_USE_STRONG_RNG value. 
-+Minimum is 6 bytes.
++Minimum is 14 bytes.
 +This setting is not recommended on the computers without the hardware
 +random generator because insufficient entropy causes the connection to 
 +be blocked until enough entropy is available.
@@ -261,7 +261,7 @@ diff -up openssh-6.2p1/ssh.1.entropy openssh-6.2p1/ssh.1
 +the OpenSSL random generator is reseeded from
 +.Cm /dev/random .
 +The number of bytes read is defined by the SSH_USE_STRONG_RNG value. 
-+Minimum is 6 bytes.
++Minimum is 14 bytes.
 +This setting is not recommended on the computers without the hardware
 +random generator because insufficient entropy causes the connection to 
 +be blocked until enough entropy is available.

More information about the scm-commits mailing list