Regarding the optional OpenSSL integration for the portable version

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hi,

I have been working on a portable LibreSSL build tree for a little while to test the waters: http://github.com/busterb/libressl

Someone noticed an issue with the arc4random implementation that I originally grabbed from libbsd https://github.com/busterb/libressl/issues/1

So, I looked at how OpenSSH handles it, and noticed that it uses the random functions from OpenSSL unconditionally to seed the state of its version of arc4random.

Regarding the new ‘build without OpenSSL’ flag here: http://article.gmane.org/gmane.os.openbsd.cvs/130612

it would be nice to have some feedback on this modified version of the OpenSSH portable arc4random that I incorporated, which seeds itself in the same manner as libbsd’s version:

libbsd’s version: http://cgit.freedesktop.org/libbsd/tree/src/arc4random.c

modified version: https://github.com/busterb/libressl/blob/master/crypto/compat/arc4random.c

If the seed function here doesn’t seem suitable, perhaps we could come up with a common arc4random implementation that works portably for LibreSSL and OpenSSH, which also does not depend on OpenSSL’s random number generation.

 - Brent
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev





[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux