current-users: Re: no RSA with openssl on m68k systems with 1.5

Subject: Re: no RSA with openssl on m68k systems with 1.5_ALPHA2?
To: Thorsten Frueauf <milano@zhadum.de>
From: None <itojun@iijlab.net>
List: current-users
Date: 10/04/2000 10:16:03

>>Is it possilbe that rsa support only works if "pseudo-device   rnd" is
>>compiled in the kernel?
>>
>>At least I have it in my kernel on i386 and sparc where sshd works and don't
>>have it in the kernel for amiga and hp300 (its not activated in GENERIC there
>>either...). I will recompile a kernel with rnd and see if that fixes the
>>sshd daemon, but its already late and it will take some time on m68k, so
>>don't expect feedback that soon :)
>	i'll try using a kernel without RND device and see if your issue
>	repeats.  please hold.

	hmm I see.
	- ssh/rsa.c:rsa_alive() calls RSA_generate_key()
	- RSA_generate_key() calls BN_generate_prime()
	- BN_generate_prime() calls BN_rand() via probable_prime()
	- BN_rand require us to have kernel random number device
	so openssh considers that we don't have RSA in the library.

	similarly, DH_generate_key() does not work if there's no random number
	device.

	I'm not sure if it is safe to allow userland-generated pseudo random
	number.  it looks intentional.  all I can do with confidence is to
	improve error message from ssh/sshd, to warn that you don't have random
	number device.

itojun