Regarding the optional OpenSSL integration for the portable version
Brent Cook
busterb at gmail.com
Fri May 2 14:13:53 EST 2014
Hi,
I have been working on a portable LibreSSL build tree for a little while to test the waters: http://github.com/busterb/libressl
Someone noticed an issue with the arc4random implementation that I originally grabbed from libbsd https://github.com/busterb/libressl/issues/1
So, I looked at how OpenSSH handles it, and noticed that it uses the random functions from OpenSSL unconditionally to seed the state of its version of arc4random.
Regarding the new ‘build without OpenSSL’ flag here: http://article.gmane.org/gmane.os.openbsd.cvs/130612
it would be nice to have some feedback on this modified version of the OpenSSH portable arc4random that I incorporated, which seeds itself in the same manner as libbsd’s version:
libbsd’s version: http://cgit.freedesktop.org/libbsd/tree/src/arc4random.c
modified version: https://github.com/busterb/libressl/blob/master/crypto/compat/arc4random.c
If the seed function here doesn’t seem suitable, perhaps we could come up with a common arc4random implementation that works portably for LibreSSL and OpenSSH, which also does not depend on OpenSSL’s random number generation.
- Brent
More information about the openssh-unix-dev
mailing list