Hi, Yesterday I tried to replace the system openssl in a gentoo system with libressl. With openssh an interesting issue popped up: * RAND_bytes in libressl calls arc4random * arc4random is a compat function both in openssh and libressl * arc4random from openssh uses RAND_bytes So what's happening is a recursion. arc4random wants to use RAND_bytes and RAND_bytes wants to use arc4random. The result is a segfault. OpenSSH is the latest 6.6.1. A quick and working solution was to replace the openssh-arc4random with the one shipped by libressl. One small change is needed: the libressl-arc4random.c doesn't have the arc4random_stir()-function, I copied that back from the openssh-arc4random.c. Works so far, see attached patch. An alternative would be to check for the availability of arc4random in libcrypto and use that if available. cu, -- Hanno Böck http://hboeck.de/ mail/jabber: hanno@xxxxxxxxx GPG: BBB51E42
Attachment:
openssh-arc4random.diff.gz
Description: application/gzip
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev