Re: openssl 9.3 and openssl 3.1

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Sun, Mar 19, 2023 at 12:57:23PM +1100, Darren Tucker wrote:
> On Sun, 19 Mar 2023 at 12:25, Nathan Wagner <nw@xxxxxxxxxxxxxxx> wrote:

> Does the OpenSSL self-test ("make tests") pass?   Does its basic RNG
> function work (eg "openssl rand -base64 9")?  And if "openssl rand"
> doesn't work, if you strace it what is it trying to do?

make tests pass, and openssl rand -base64 9 produces output that looks
like base64.

> > Compile openssh with /dev/urandom as the prngd-socket?
> 
> No, the prngd socket interface works differently to /dev/random.

Interesting.  I compiled ssh to use /dev/urandom as the socket,
and it appears to work.  Obviously there could be strange bugs.

> You might be able to get this to compile, but if the RNG seeding in
> your OpenSSL build is broken

I don't think it is.  I think the openssh test isn't correct, at least
not for openssl 3.1.  I did find a post to linuxquestions in 2014 that
had the same or similar problem.  That obviously wasn't openssl 3.1.

> I would be concerned about what else might be broken in it, possibly
> in some subtle way.  I would be looking at fixing your OpenSSL.

Any idea how?  I think RAND_status() would need to be changed.

-- 
nw
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux