From owner-freebsd-security@FreeBSD.ORG Sat Jun 9 08:51:49 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id DF459106566C; Sat, 9 Jun 2012 08:51:49 +0000 (UTC) (envelope-from gleb.kurtsou@gmail.com) Received: from mail-lb0-f182.google.com (mail-lb0-f182.google.com [209.85.217.182]) by mx1.freebsd.org (Postfix) with ESMTP id 3157E8FC1A; Sat, 9 Jun 2012 08:51:48 +0000 (UTC) Received: by lbon10 with SMTP id n10so2290950lbo.13 for ; Sat, 09 Jun 2012 01:51:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=pGlfqDU8jGK8eErX7BNtocyVqhpPn7CdGjDK6wiB92I=; b=tzPo0cUPZjRpHWFxy/wibv6LtfEGYQ06aacSEK9o7B44nZ8JS/4tNecxDcc+rXsy0R r3nbVqb8hEaXPhvDE5D+GHi+vo0lpmruZdbCfgfz05JSl+C6TKpGX90U2OFv4ZTMFddM q2AOwqIVNK/Ym90bJkLd8pij6dmNT1z+PMtEbiTLgcCxbVLsM7rfYiiPmyn+QuHvW2Gz KSxAhvA9g1fDgNqOr7EKhZvd01Gd4U10n0J0w+IevVhHMxqDxGeNkl7zaSBpAgeUZ4zy 92mRpqhx7yV0xq1YiDgmeElP33uRe+0guhAH/7xG94WMq3LGtHtbie9czMYiY6v3LyAg +k1Q== Received: by 10.112.17.227 with SMTP id r3mr560949lbd.41.1339231907966; Sat, 09 Jun 2012 01:51:47 -0700 (PDT) Received: from localhost ([78.157.92.5]) by mx.google.com with ESMTPS id pp2sm13702224lab.3.2012.06.09.01.51.46 (version=SSLv3 cipher=OTHER); Sat, 09 Jun 2012 01:51:46 -0700 (PDT) Date: Sat, 9 Jun 2012 11:51:41 +0300 From: Gleb Kurtsou To: Pawel Jakub Dawidek Message-ID: <20120609085141.GA1153@reks> References: <20120531194825.GB1400@garage.freebsd.pl> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20120531194825.GB1400@garage.freebsd.pl> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: freebsd-security@FreeBSD.org Subject: Re: OpenSSL change for review. X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Jun 2012 08:51:50 -0000 On (31/05/2012 21:48), Pawel Jakub Dawidek wrote: > As learned on someone else's mistakes, I'd like to ask for a review of > those changes related to random data handling: > > http://people.freebsd.org/~pjd/patches/libc_arc4random.c.patch > http://people.freebsd.org/~pjd/patches/openssl_rand_unix.c.patch > > The first patch changes arc4random() to use sysctl to obtain random data > instead of opening /dev/random. The main reason here is to make it more > sandbox-friendly. Once closed in sandbox, a process can no longer open > files, so it has no access to proper random data. As a side-effect it > should be a bit faster as instead of three system calls (open, read and > close) we use only one (__sysctl). > > The second patch enables the use of libc's arc4random(3) in OpenSSL. While at it, did you consider replacing default homegrown OpenSSL random generator (ssleay_rand_*) with something standard (this "hash uninitialized user buffer to increase entropy" thing makes me nervous, which was also the source of well known Debian RSA key generation issue). There is standard (ANSI X9.31 A.2.4) AES-based implementation under openssl/fips/rand. Replacing fips_get_dt with our arc4random_buf() looks straightforward. It may be performance improvement as well, considering both OpenSSL and hardware support AESNI. Or simply replace the whole thing with arc4random_*.. It's common practice to put internal/compat syscall declarations into .c file itself in libc (like __sysctl you did). Handling such cases becomes a disaster if syscall changes. Why not move declaration to include/libc_private.h? Patches are good to commit, IMHO. > After implementing the first one I found that OpenBSD's arc4random(3) > also uses sysctl, but without fall back to /dev/random. > > -- > Pawel Jakub Dawidek http://www.wheelsystems.com > FreeBSD committer http://www.FreeBSD.org > Am I Evil? Yes, I Am! http://tupytaj.pl