Regarding the optional OpenSSL integration for the portable version

Brent Cook busterb at
Fri May 2 14:13:53 EST 2014


I have been working on a portable LibreSSL build tree for a little while to test the waters:

Someone noticed an issue with the arc4random implementation that I originally grabbed from libbsd

So, I looked at how OpenSSH handles it, and noticed that it uses the random functions from OpenSSL unconditionally to seed the state of its version of arc4random.

Regarding the new ‘build without OpenSSL’ flag here:

it would be nice to have some feedback on this modified version of the OpenSSH portable arc4random that I incorporated, which seeds itself in the same manner as libbsd’s version:

libbsd’s version:

modified version:

If the seed function here doesn’t seem suitable, perhaps we could come up with a common arc4random implementation that works portably for LibreSSL and OpenSSH, which also does not depend on OpenSSL’s random number generation.

 - Brent

More information about the openssh-unix-dev mailing list