bin/188745: FreeBSD base OpenSSL puts private keys to RNG seeds
Eitan Adler
lists at eitanadler.com
Fri Apr 18 22:00:02 UTC 2014
The following reply was made to PR bin/188745; it has been noted by GNATS.
From: Eitan Adler <lists at eitanadler.com>
To: Kenji Rikitake <kenji at k2r.org>
Cc: bug-followup <bug-followup at freebsd.org>
Subject: Re: bin/188745: FreeBSD base OpenSSL puts private keys to RNG seeds
Date: Fri, 18 Apr 2014 14:58:17 -0700
On 17 April 2014 20:51, Kenji Rikitake <kenji at k2r.org> wrote:
>>Environment:
> FreeBSD minimax.priv.k2r.org 10.0-STABLE FreeBSD 10.0-STABLE #33 r264285: Wed Apr 9 09:25:02 JST 2014 root at minimax.priv.k2r.org:/usr/obj/usr/src/sys/K2RKERNEL amd64
>>Description:
> OpenBSD devs report OpenSSL puts RSA private keys as they are for seeding the PRNG. See http://freshbsd.org/commit/openbsd/e5136d69ece4682e6167c8f4a8122270236898bf for the details.
>
> On 10.0-STABLE, I've found the same practice under /usr/src/crypto/openssl/crypto at:
Please see: http://blog.ngas.ch/archives/2014/04/17/what_is_this_private_key_doing_in_my_random_pool/index.html
In particular: "So the patch which was committed by the OpenBSD people
actually has the potential to weaken the entropy of the OpenSSL random
pool, but it was never a security or privacy concern,"
--
Eitan Adler
More information about the freebsd-bugs
mailing list