[Bug 2995] New: Use SSH KDF from OpenSSL

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Wed Apr 17 19:29:51 AEST 2019


https://bugzilla.mindrot.org/show_bug.cgi?id=2995

            Bug ID: 2995
           Summary: Use SSH KDF from OpenSSL
           Product: Portable OpenSSH
           Version: 7.9p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: jjelen at redhat.com

Created attachment 3264
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3264&action=edit
Use SSH KDF from OpenSSL

The new OpenSSL 1.1.1b implements the SSH KDF [1], which should be
preferably used in (portable) OpenSSH instead of the internal
implementation.

The attached patch implements alternative derive_key() function inside
of kex.c, which is compiled in when the new KDF API in OpenSSL is
detected during build time.

[1] https://www.openssl.org/docs/manmaster/man7/EVP_KDF_SSHKDF.html

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list