bin/58860: wg-keygen abuses libssh for X25519 keygen

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: bin/58860: wg-keygen abuses libssh for X25519 keygen
From: campbell+netbsd%mumble.net@localhost
Date: Thu, 28 Nov 2024 13:45:00 +0000 (UTC)

>Number:         58860
>Category:       bin
>Synopsis:       wg-keygen abuses libssh for X25519 keygen
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Nov 28 13:45:00 +0000 2024
>Originator:     Taylor R Campbell
>Release:        current, 10
>Organization:
The NetWG Foundasshion
>Environment:
>Description:
wg-keygen(8) is currently linked against libssh just for access to its crypto_scalarmult_curve25519 routine.

Although this was expedient, we really shouldn't have things other than openssh executables linked against libssh.
>How-To-Repeat:
contemplate updating libssh via openssh update and observe there are non-openssh things that pull it in for some reason
>Fix:
Some other options:

1. copy & paste some X25519 keygen logic into wg-keygen itself,
2. reach over into the kernel libsodium in sys/external/isc/libsodium,
3. rewrite it with openssl (kind of a pain to use but should be stable once done).

Prev by Date: Re: kern/58859 (KASSERT in wg_task_retry_handshake)
Next by Date: Re: bin/58860 (wg-keygen abuses libssh for X25519 keygen)
Previous by Thread: Re: kern/58859 (KASSERT in wg_task_retry_handshake)
Next by Thread: Re: bin/58860 (wg-keygen abuses libssh for X25519 keygen)
Indexes:

Home | Main Index | Thread Index | Old Index