On Thu, 1 May 2014, Brent Cook wrote: > Hi, > > I have been working on a portable LibreSSL build tree for a little > while to test the waters: http://github.com/busterb/libressl > > Someone noticed an issue with the arc4random > implementation that I originally grabbed from libbsd > https://github.com/busterb/libressl/issues/1 > > So, I looked at how OpenSSH handles it, and noticed that it uses the > random functions from OpenSSL unconditionally to seed the state of its > version of arc4random. I haven't ported the no-OpenSSL changes yet and haven't thought about how I'll handle arc4random. I'll probably make an explicit arc4random_stir() function that we can call in various places. OpenBSD has put some effort in to ensure that the kernel PRNG is available in pretty much any context (privileged, unprivileged, in chroot without devices, etc.) and AFAIK no other OS does this. IMO the libbsd code and yours both do one risky thing: for OpenSSH at least, the right response to not being able to read KEYSIZE bytes from /dev/urandom for the initial seeding is to fatal()/abort(). Obviously this isn't likely to be popular in a generic library, but it's the only safe thing to do. -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev