Hanno Böck
2014-Jul-12 07:54 UTC
openssh portable and libressl portable cause recursion between arc4random and RAND_bytes
Hi, Yesterday I tried to replace the system openssl in a gentoo system with libressl. With openssh an interesting issue popped up: * RAND_bytes in libressl calls arc4random * arc4random is a compat function both in openssh and libressl * arc4random from openssh uses RAND_bytes So what's happening is a recursion. arc4random wants to use RAND_bytes and RAND_bytes wants to use arc4random. The result is a segfault. OpenSSH is the latest 6.6.1. A quick and working solution was to replace the openssh-arc4random with the one shipped by libressl. One small change is needed: the libressl-arc4random.c doesn't have the arc4random_stir()-function, I copied that back from the openssh-arc4random.c. Works so far, see attached patch. An alternative would be to check for the availability of arc4random in libcrypto and use that if available. cu, -- Hanno B?ck http://hboeck.de/ mail/jabber: hanno at hboeck.de GPG: BBB51E42 -------------- next part -------------- A non-text attachment was scrubbed... Name: openssh-arc4random.diff.gz Type: application/gzip Size: 3055 bytes Desc: not available URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20140712/38ca69a7/attachment.bin> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: not available URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20140712/38ca69a7/attachment-0001.bin>
Damien Miller
2014-Jul-13 23:39 UTC
openssh portable and libressl portable cause recursion between arc4random and RAND_bytes
On Sat, 12 Jul 2014, Hanno B?ck wrote:> Hi, > > Yesterday I tried to replace the system openssl in a gentoo system with > libressl. > > With openssh an interesting issue popped up: > * RAND_bytes in libressl calls arc4random > * arc4random is a compat function both in openssh and libressl > * arc4random from openssh uses RAND_bytesRight, I think we should just delay the checks for arc4random. I'd like to sync arc4random.c, but that's a separate issue. Can you tell me if this works for you? Index: configure.ac ==================================================================RCS file: /var/cvs/openssh/configure.ac,v retrieving revision 1.577 diff -u -p -r1.577 configure.ac --- configure.ac 3 Jul 2014 01:54:19 -0000 1.577 +++ configure.ac 13 Jul 2014 23:34:33 -0000 @@ -1575,10 +1575,6 @@ AC_CHECK_FUNCS([ \ Blowfish_expandstate \ Blowfish_expand0state \ Blowfish_stream2word \ - arc4random \ - arc4random_buf \ - arc4random_stir \ - arc4random_uniform \ asprintf \ b64_ntop \ __b64_ntop \ @@ -2639,6 +2635,13 @@ fi AC_SUBST([TEST_SSH_ECC]) AC_SUBST([COMMENT_OUT_ECC]) + +AC_CHECK_FUNCS([ \ + arc4random \ + arc4random_buf \ + arc4random_stir \ + arc4random_uniform \ +]) saved_LIBS="$LIBS" AC_CHECK_LIB([iaf], [ia_openinfo], [