kevin_oconnor at standardandpoors.com
2000-May-15 17:09 UTC
[PATCH] using openssl with no-rsa?
Hello, Due to patent concerns, I compiled a version of openssl with the no-rsa, no-idea, no-rc5 options. I was able to then take this compile of openssl, with the standard openssh-2.1.0 rpms and run it on another machine. Most things seemed to work fine, except I was unable to ssh into the machine. After applying the following patch to the sshd code, a quick test with an ssh session worked: --- sshd.c~ Sat May 6 22:03:20 2000 +++ sshd.c Mon May 15 12:04:34 2000 @@ -404,9 +404,12 @@ destroy_sensitive_data(void) { /* Destroy the private and public keys. They will no longer be needed. */ - RSA_free(public_key); - RSA_free(sensitive_data.private_key); - RSA_free(sensitive_data.host_key); + if (public_key != NULL) + RSA_free(public_key); + if (sensitive_data.private_key != NULL) + RSA_free(sensitive_data.private_key); + if (sensitive_data.host_key != NULL) + RSA_free(sensitive_data.host_key); if (sensitive_data.dsa_host_key != NULL) key_free(sensitive_data.dsa_host_key); } The machine is an i686 using standard RedHat 6.2. It appears that the ssh binaries are doing some form of delayed linking that is allowing the program to run without all the functions defined. It appears that as long as no RSA_xxx calls are made the ssh server works. My question is - Am I doing something seriously wrong (that will definitely break at some point), or is this an acceptable fix for getting a working non-RSA ssh daemon on Linux? Am I going about this all wrong - is there a simpler method? I'm not on the list, so please CC me any replies. Thanks in advance, -Kevin
On Mon, 15 May 2000 kevin_oconnor at standardandpoors.com wrote:> Hello, > > Due to patent concerns, I compiled a version of openssl with the > no-rsa, no-idea, no-rc5 options. I was able to then take this > compile of openssl, with the standard openssh-2.1.0 rpms and run it > on another machine. Most things seemed to work fine, except I was > unable to ssh into the machine. After applying the following patch > to the sshd code, a quick test with an ssh session worked:Thanks, applied. -d -- | "Bombay is 250ms from New York in the new world order" - Alan Cox | Damien Miller - http://www.mindrot.org/ | Email: djm at mindrot.org (home) -or- djm at ibs.com.au (work)