openssl 9.3 and openssl 3.1
Nathan Wagner
nw at hydaspes.if.org
Sun Mar 19 14:01:55 AEDT 2023
On Sun, Mar 19, 2023 at 12:57:23PM +1100, Darren Tucker wrote:
> On Sun, 19 Mar 2023 at 12:25, Nathan Wagner <nw at hydaspes.if.org> wrote:
> Does the OpenSSL self-test ("make tests") pass? Does its basic RNG
> function work (eg "openssl rand -base64 9")? And if "openssl rand"
> doesn't work, if you strace it what is it trying to do?
make tests pass, and openssl rand -base64 9 produces output that looks
like base64.
> > Compile openssh with /dev/urandom as the prngd-socket?
>
> No, the prngd socket interface works differently to /dev/random.
Interesting. I compiled ssh to use /dev/urandom as the socket,
and it appears to work. Obviously there could be strange bugs.
> You might be able to get this to compile, but if the RNG seeding in
> your OpenSSL build is broken
I don't think it is. I think the openssh test isn't correct, at least
not for openssl 3.1. I did find a post to linuxquestions in 2014 that
had the same or similar problem. That obviously wasn't openssl 3.1.
> I would be concerned about what else might be broken in it, possibly
> in some subtle way. I would be looking at fixing your OpenSSL.
Any idea how? I think RAND_status() would need to be changed.
--
nw
More information about the openssh-unix-dev
mailing list