Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 18 Apr 2014 03:51:48 GMT
From:      Kenji Rikitake <kenji@k2r.org>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   bin/188745: FreeBSD base OpenSSL puts private keys to RNG seeds
Message-ID:  <201404180351.s3I3pm4l016901@cgiserv.freebsd.org>
Resent-Message-ID: <201404180400.s3I400AH043660@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help

>Number:         188745
>Category:       bin
>Synopsis:       FreeBSD base OpenSSL puts private keys to RNG seeds
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Apr 18 04:00:00 UTC 2014
>Closed-Date:
>Last-Modified:
>Originator:     Kenji Rikitake
>Release:        10.0-STABLE
>Organization:
>Environment:
FreeBSD minimax.priv.k2r.org 10.0-STABLE FreeBSD 10.0-STABLE #33 r264285: Wed Apr  9 09:25:02 JST 2014     root@minimax.priv.k2r.org:/usr/obj/usr/src/sys/K2RKERNEL  amd64
>Description:
OpenBSD devs report OpenSSL puts RSA private keys as they are for seeding the PRNG. See http://freshbsd.org/commit/openbsd/e5136d69ece4682e6167c8f4a8122270236898bf for the details.

On 10.0-STABLE, I've found the same practice under /usr/src/crypto/openssl/crypto at:

rsa/rsa_crpt.c
229:         RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0.0);

evp/evp_pkey.c
153: RAND_add(p8->pkey->value.octet_string->data,

pem/pem_lib.c
391:         RAND_add(data,i,0);/* put in the RSA key. */
>How-To-Repeat:
Recompile the userland. (Note: the similar source code may exist in the Port OpenSSL too)
>Fix:
OpenBSD team has already removed the problematic code as described in http://freshbsd.org/commit/openbsd/e5136d69ece4682e6167c8f4a8122270236898bf

I think the same security audit on FreeBSD is seriously required.

>Release-Note:
>Audit-Trail:
>Unformatted:



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201404180351.s3I3pm4l016901>