openssh portable and libressl portable cause recursion between arc4random and RAND_bytes

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hi,

Yesterday I tried to replace the system openssl in a gentoo system with
libressl.

With openssh an interesting issue popped up:
* RAND_bytes in libressl calls arc4random
* arc4random is a compat function both in openssh and libressl
* arc4random from openssh uses RAND_bytes

So what's happening is a recursion. arc4random wants to use RAND_bytes
and RAND_bytes wants to use arc4random. The result is a segfault.
OpenSSH is the latest 6.6.1.

A quick and working solution was to replace the openssh-arc4random with
the one shipped by libressl. One small change is needed: the
libressl-arc4random.c doesn't have the arc4random_stir()-function,
I copied that back from the openssh-arc4random.c.

Works so far, see attached patch.

An alternative would be to check for the availability of arc4random in
libcrypto and use that if available.

cu,
-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno@xxxxxxxxx
GPG: BBB51E42

Attachment: openssh-arc4random.diff.gz
Description: application/gzip

Attachment: signature.asc
Description: PGP signature

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux