[PATCH] using openssl with no-rsa?

kevin_oconnor at standardandpoors.com kevin_oconnor at standardandpoors.com
Tue May 16 03:09:22 EST 2000





Hello,

Due to patent concerns, I compiled a version of openssl with the no-rsa,
no-idea, no-rc5 options.  I was able to then take this compile of openssl, with
the standard openssh-2.1.0 rpms and run it on another machine.  Most things
seemed to work fine, except I was unable to ssh into the machine.  After
applying the following patch to the sshd code, a quick test with an ssh session
worked:

--- sshd.c~     Sat May  6 22:03:20 2000
+++ sshd.c      Mon May 15 12:04:34 2000
@@ -404,9 +404,12 @@
 destroy_sensitive_data(void)
 {
        /* Destroy the private and public keys.  They will no longer be needed.
*/
-       RSA_free(public_key);
-       RSA_free(sensitive_data.private_key);
-       RSA_free(sensitive_data.host_key);
+       if (public_key != NULL)
+               RSA_free(public_key);
+       if (sensitive_data.private_key != NULL)
+               RSA_free(sensitive_data.private_key);
+       if (sensitive_data.host_key != NULL)
+               RSA_free(sensitive_data.host_key);
        if (sensitive_data.dsa_host_key != NULL)
                key_free(sensitive_data.dsa_host_key);
 }

The machine is an i686 using standard RedHat 6.2.

It appears that the ssh binaries are doing some form of delayed linking that is
allowing the program to run without all the functions defined.  It appears that
as long as no RSA_xxx calls are made the ssh server works.



My question is - Am I doing something seriously wrong (that will definitely
break at some point), or is this an acceptable fix for getting a working non-RSA
ssh daemon on Linux?  Am I going about this all wrong - is there a simpler
method?


I'm not on the list, so please CC me any replies.

Thanks in advance,
-Kevin







More information about the openssh-unix-dev mailing list