Date: Fri, 18 Apr 2014 03:51:48 GMT From: Kenji Rikitake <kenji@k2r.org> To: freebsd-gnats-submit@FreeBSD.org Subject: bin/188745: FreeBSD base OpenSSL puts private keys to RNG seeds Message-ID: <201404180351.s3I3pm4l016901@cgiserv.freebsd.org> Resent-Message-ID: <201404180400.s3I400AH043660@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 188745 >Category: bin >Synopsis: FreeBSD base OpenSSL puts private keys to RNG seeds >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Apr 18 04:00:00 UTC 2014 >Closed-Date: >Last-Modified: >Originator: Kenji Rikitake >Release: 10.0-STABLE >Organization: >Environment: FreeBSD minimax.priv.k2r.org 10.0-STABLE FreeBSD 10.0-STABLE #33 r264285: Wed Apr 9 09:25:02 JST 2014 root@minimax.priv.k2r.org:/usr/obj/usr/src/sys/K2RKERNEL amd64 >Description: OpenBSD devs report OpenSSL puts RSA private keys as they are for seeding the PRNG. See http://freshbsd.org/commit/openbsd/e5136d69ece4682e6167c8f4a8122270236898bf for the details. On 10.0-STABLE, I've found the same practice under /usr/src/crypto/openssl/crypto at: rsa/rsa_crpt.c 229: RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0.0); evp/evp_pkey.c 153: RAND_add(p8->pkey->value.octet_string->data, pem/pem_lib.c 391: RAND_add(data,i,0);/* put in the RSA key. */ >How-To-Repeat: Recompile the userland. (Note: the similar source code may exist in the Port OpenSSL too) >Fix: OpenBSD team has already removed the problematic code as described in http://freshbsd.org/commit/openbsd/e5136d69ece4682e6167c8f4a8122270236898bf I think the same security audit on FreeBSD is seriously required. >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201404180351.s3I3pm4l016901>