Date: Fri, 21 Apr 2000 00:21:04 -0700 (PDT) From: Kris Kennaway <kris@FreeBSD.org> To: current@freebsd.org Subject: Re: HEADS UP: Alpha OpenSSH/OpenSSL breakage Message-ID: <Pine.BSF.4.21.0004210016380.76699-100000@freefall.freebsd.org> In-Reply-To: <Pine.BSF.4.21.0004200237550.27823-100000@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 20 Apr 2000, Kris Kennaway wrote:
> I've tracked down what seems to be a bug in the new version of OpenSSL I
> imported a week ago which affects the alpha platform. It *looks* like a
> bug in OpenSSL's "bignum" library which might not have shown up for users
> of the default openssl distribution, which uses assembly to implement
> (parts of) bignum on alpha. We don't currently use asm on either platform
> (i386 or alpha) because of a lack of support for a target "CPU revision"
> (e.g. i[3456]86) during make world.
This turns out to have been a bad guess: OpenSSL don't even use asm on
alpha for some reason, although they have the .s files there. The actual
bug here is that FreeBSD/Alpha doesn't support /dev/random, and
OpenSSL-0.9.5a is more stringent about having good-quality random input
than 0.9.4 was. When OpenSSH tries to generate an RSA key it cant get the
randomness it wants at a lower level in the library, and the operation
fails.
I'm looking at how this can be worked around, but obviously the real fix
is to get /dev/[u]random support working on alpha ASAP - this is a
serious omission. Any takers?
Kris
----
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythe@alum.mit.edu>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0004210016380.76699-100000>