From owner-freebsd-security@FreeBSD.ORG Fri Dec 16 15:27:30 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A3B2A106564A for ; Fri, 16 Dec 2011 15:27:30 +0000 (UTC) (envelope-from c.kworr@gmail.com) Received: from mail-ey0-f182.google.com (mail-ey0-f182.google.com [209.85.215.182]) by mx1.freebsd.org (Postfix) with ESMTP id 384528FC08 for ; Fri, 16 Dec 2011 15:27:29 +0000 (UTC) Received: by eaaf13 with SMTP id f13so4312455eaa.13 for ; Fri, 16 Dec 2011 07:27:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; bh=KWAcCwt2/wP77Yc1UuXcxT+/ntwWDyCPflKakf3TmSo=; b=Q1R5K0rElrl1z/wuCgw47UwxF/yEgSnoczr/gTIruhpr/mBcLnKLHRp3ZkbWi8IRMD kJWyLlpZ7JL6ttqWSNKdMkyDWk9DLBVjafV6SRIIp0mFbHIWulmXX1CRdsu9vBH+Ar+N /YvdE4A6E8si7UYU+MB3IK4xpjUNe5mx34bng= Received: by 10.205.81.141 with SMTP id zy13mr3027806bkb.50.1324047722796; Fri, 16 Dec 2011 07:02:02 -0800 (PST) Received: from green.tandem.local (utwig.xim.bz. [91.216.237.46]) by mx.google.com with ESMTPS id d2sm23495955bky.11.2011.12.16.07.02.00 (version=SSLv3 cipher=OTHER); Fri, 16 Dec 2011 07:02:01 -0800 (PST) Message-ID: <4EEB5D66.5090204@gmail.com> Date: Fri, 16 Dec 2011 17:01:58 +0200 From: Volodymyr Kostyrko User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:8.0) Gecko/20111111 Thunderbird/8.0 MIME-Version: 1.0 To: freebsd-security@freebsd.org Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Sun, 18 Dec 2011 22:47:57 +0000 Subject: CVE-2011-1945 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Dec 2011 15:27:30 -0000 Hi all. Recently I started to recheck usability of ssh keys and found that ECDSA keys are already available. I've tried to make one and it points me about key bit length. Reading about this on http://en.wikipedia.org/wiki/Elliptic_Curve_DSA I also noticed that a timing attack is possible against OpenSSL. Quick checking the code shows that we haven't integrated the fix yet as current revision of http://svnweb.freebsd.org/base/stable/9/crypto/openssl/crypto/ecdsa/ecs_ossl.c?revision=225736&view=markup http://svnweb.freebsd.org/base/head/crypto/openssl/crypto/ecdsa/ecs_ossl.c?revision=225736&view=markup misses the fix from: http://cvs.openssl.org/chngview?cn=20892 And after latest OpenSSH import by des: http://svnweb.freebsd.org/base?view=revision&revision=221420 we are automatically creating (and using?) private ECDSA key: http://svnweb.freebsd.org/base/stable/9/etc/rc.d/sshd?r1=221419&r2=221420& Am I missing something? -- Sphinx of black quartz judge my vow.