From owner-freebsd-security@FreeBSD.ORG Sun Jun 10 09:52:06 2012 Return-Path: Delivered-To: freebsd-security@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A08D1106566C; Sun, 10 Jun 2012 09:52:06 +0000 (UTC) (envelope-from simon@FreeBSD.org) Received: from emx.nitro.dk (emx.nitro.dk [IPv6:2a01:4f8:120:7384::102]) by mx1.freebsd.org (Postfix) with ESMTP id 31ED78FC12; Sun, 10 Jun 2012 09:52:06 +0000 (UTC) Received: from mailscan.leto.nitro.dk (mailscan.leto.nitro.dk [127.0.1.4]) by emx.nitro.dk (Postfix) with ESMTP id 5B697252964; Sun, 10 Jun 2012 09:52:05 +0000 (UTC) Received: from emx.nitro.dk ([127.0.1.2]) by mailscan.leto.nitro.dk (mailscan.leto.nitro.dk [127.0.1.4]) (amavisd-new, port 10024) with LMTP id GOjNNcuJ_gDS; Sun, 10 Jun 2012 09:52:03 +0000 (UTC) Received: from [192.168.4.24] (unknown [46.7.100.49]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by emx.nitro.dk (Postfix) with ESMTPSA id 4BA14252962; Sun, 10 Jun 2012 09:52:03 +0000 (UTC) Mime-Version: 1.0 (Apple Message framework v1278) Content-Type: text/plain; charset=us-ascii From: "Simon L. B. Nielsen" In-Reply-To: <20120609085141.GA1153@reks> Date: Sun, 10 Jun 2012 10:52:05 +0100 Content-Transfer-Encoding: quoted-printable Message-Id: <75AEDB7C-6246-4F01-AC6B-5521114F3205@FreeBSD.org> References: <20120531194825.GB1400@garage.freebsd.pl> <20120609085141.GA1153@reks> To: Gleb Kurtsou X-Mailer: Apple Mail (2.1278) Cc: freebsd-security@FreeBSD.org, Pawel Jakub Dawidek Subject: Re: OpenSSL change for review. X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 Jun 2012 09:52:06 -0000 On 9 Jun 2012, at 09:51, Gleb Kurtsou wrote: > On (31/05/2012 21:48), Pawel Jakub Dawidek wrote: >> As learned on someone else's mistakes, I'd like to ask for a review = of >> those changes related to random data handling: >>=20 >> http://people.freebsd.org/~pjd/patches/libc_arc4random.c.patch >> http://people.freebsd.org/~pjd/patches/openssl_rand_unix.c.patch >>=20 >> The first patch changes arc4random() to use sysctl to obtain random = data >> instead of opening /dev/random. The main reason here is to make it = more >> sandbox-friendly. Once closed in sandbox, a process can no longer = open >> files, so it has no access to proper random data. As a side-effect it >> should be a bit faster as instead of three system calls (open, read = and >> close) we use only one (__sysctl). >>=20 >> The second patch enables the use of libc's arc4random(3) in OpenSSL. >=20 > While at it, did you consider replacing default homegrown OpenSSL = random > generator (ssleay_rand_*) with something standard (this "hash > uninitialized user buffer to increase entropy" thing makes me nervous, > which was also the source of well known Debian RSA key generation = issue). Changing the random number generator without having it coming from = upstream makes me even more nervous, but I agree with your general = point. > There is standard (ANSI X9.31 A.2.4) AES-based implementation under > openssl/fips/rand. Replacing fips_get_dt with our arc4random_buf() = looks > straightforward. It may be performance improvement as well, = considering > both OpenSSL and hardware support AESNI. Or simply replace the whole > thing with arc4random_*.. If somebody is interested in doing things along these lines, I strongly = suggest trying to rope in some OpenSSL people, e.g. benl@. > Patches are good to commit, IMHO. Thanks for giving the patch more eyes. --=20 Simon L. B. Nielsen