Regarding the optional OpenSSL integration for the portable version

Damien Miller djm at mindrot.org
Fri May 2 14:56:59 EST 2014


On Thu, 1 May 2014, Brent Cook wrote:

> Hi,
>
> I have been working on a portable LibreSSL build tree for a little
> while to test the waters: http://github.com/busterb/libressl
>
> Someone noticed an issue with the arc4random
> implementation that I originally grabbed from libbsd
> https://github.com/busterb/libressl/issues/1
>
> So, I looked at how OpenSSH handles it, and noticed that it uses the
> random functions from OpenSSL unconditionally to seed the state of its
> version of arc4random.

I haven't ported the no-OpenSSL changes yet and haven't thought about
how I'll handle arc4random.

I'll probably make an explicit arc4random_stir() function that we can
call in various places. OpenBSD has put some effort in to ensure that
the kernel PRNG is available in pretty much any context (privileged,
unprivileged, in chroot without devices, etc.) and AFAIK no other OS
does this.

IMO the libbsd code and yours both do one risky thing: for OpenSSH at
least, the right response to not being able to read KEYSIZE bytes from
/dev/urandom for the initial seeding is to fatal()/abort(). Obviously
this isn't likely to be popular in a generic library, but it's the
only safe thing to do.

-d


More information about the openssh-unix-dev mailing list