[Bug 2995] New: Use SSH KDF from OpenSSL
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Wed Apr 17 19:29:51 AEST 2019
https://bugzilla.mindrot.org/show_bug.cgi?id=2995
Bug ID: 2995
Summary: Use SSH KDF from OpenSSL
Product: Portable OpenSSH
Version: 7.9p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: jjelen at redhat.com
Created attachment 3264
--> https://bugzilla.mindrot.org/attachment.cgi?id=3264&action=edit
Use SSH KDF from OpenSSL
The new OpenSSL 1.1.1b implements the SSH KDF [1], which should be
preferably used in (portable) OpenSSH instead of the internal
implementation.
The attached patch implements alternative derive_key() function inside
of kex.c, which is compiled in when the new KDF API in OpenSSL is
detected during build time.
[1] https://www.openssl.org/docs/manmaster/man7/EVP_KDF_SSHKDF.html
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list