Re: DSA/DSS keys and DSA 1576-1/CVE-2008-0166.
Kurt Roeckx <kurt@roeckx.be> wrote:
> So my question is, does either the ssh client or server use openssl to
> generate the random number used to sign?
Yes, they both do.
ssh-dss.c:ssh_dss_sign() calls openssh's DSA_do_sign() which finally
goes down to ssleay_rand_add() (via dsa_sign_setup()->BN_rand_range()->
RAND_add()->RAND_SSLeay()).
And ssh_dss_sign(), in turn, is used via key_sign() in the ssh server
as well as the client.
regards
Mario
--
The secret that the NSA could read the Iranian secrets was more
important than any specific Iranian secrets that the NSA could
read. -- Bruce Schneier
Reply to: