bin/188745: FreeBSD base OpenSSL puts private keys to RNG seeds
Kenji Rikitake
kenji at k2r.org
Fri Apr 18 04:00:01 UTC 2014
>Number: 188745
>Category: bin
>Synopsis: FreeBSD base OpenSSL puts private keys to RNG seeds
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Apr 18 04:00:00 UTC 2014
>Closed-Date:
>Last-Modified:
>Originator: Kenji Rikitake
>Release: 10.0-STABLE
>Organization:
>Environment:
FreeBSD minimax.priv.k2r.org 10.0-STABLE FreeBSD 10.0-STABLE #33 r264285: Wed Apr 9 09:25:02 JST 2014 root at minimax.priv.k2r.org:/usr/obj/usr/src/sys/K2RKERNEL amd64
>Description:
OpenBSD devs report OpenSSL puts RSA private keys as they are for seeding the PRNG. See http://freshbsd.org/commit/openbsd/e5136d69ece4682e6167c8f4a8122270236898bf for the details.
On 10.0-STABLE, I've found the same practice under /usr/src/crypto/openssl/crypto at:
rsa/rsa_crpt.c
229: RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0.0);
evp/evp_pkey.c
153: RAND_add(p8->pkey->value.octet_string->data,
pem/pem_lib.c
391: RAND_add(data,i,0);/* put in the RSA key. */
>How-To-Repeat:
Recompile the userland. (Note: the similar source code may exist in the Port OpenSSL too)
>Fix:
OpenBSD team has already removed the problematic code as described in http://freshbsd.org/commit/openbsd/e5136d69ece4682e6167c8f4a8122270236898bf
I think the same security audit on FreeBSD is seriously required.
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list