Dubious use of BN_num_bits in sshconnect1.c (resend)

Ulf Moeller ulf at openssl.org
Tue Feb 20 09:41:19 EST 2001


>>(this brings up a related flaw in the BN_rand/BN_pseudo_rand (which is the 
>>reason this bug doesn't show up with OpenSSH servers) in that when called to 
>>generate an N-bit (pseudo)random number, these functions actually return N-1 
>>bits of random data, with the msb set to 1, instead of the N random bits 
>>promised, but that's a side issue)
>There is no flaw in BN_[pseudo_]rand()

Looks like there is one, dating back all the way to SSLeay 0.6, and the
OpenSSL manpage for this function was (foolishly) based on the SSLeay
documentation. We'll investigate if this can be fixed directly or if we
need a new bug-compatible option.

By the way, it would be absolutely lovely and wonderful if people could
report OpenSSL bugs to openssl-bugs at openssl.org.

Ulf






More information about the openssh-unix-dev mailing list