openssl 9.3 and openssl 3.1
dtucker at dtucker.net
Sun Mar 19 15:25:11 AEDT 2023
On Sun, 19 Mar 2023 at 14:07, Nathan Wagner <nw at hydaspes.if.org> wrote:
> On Sun, Mar 19, 2023 at 12:57:23PM +1100, Darren Tucker wrote:
> > No, the prngd socket interface works differently to /dev/random.
> Interesting. I compiled ssh to use /dev/urandom as the socket,
> and it appears to work. Obviously there could be strange bugs.
That is interesting. The prngd interface is "connect to Unix domain
socket, send a byte with the number of random bytes you want and read
that number of bytes back." I thought the connect(2) would fail, but
if can connect to a device node, the random device will ignore the
count byte and the final read should work OK.
> > I would be concerned about what else might be broken in it, possibly
> > in some subtle way. I would be looking at fixing your OpenSSL.
> Any idea how? I think RAND_status() would need to be changed.
Did the OpenSSH RAND_status test program fail at runtime, or did it
fail to compile for some reason? That should be in config.log.
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev