Loading changes/bug10402 0 → 100644 +11 −0 Original line number Diff line number Diff line o Major bugfixes: - Do not allow OpenSSL engines to replace the PRNG, even when HardwareAccel is set. The only default builtin PRNG engine uses the Intel RDRAND instruction to replace the entire PRNG, and ignores all attempts to seed it with more entropy. That's cryptographically stupid: the right response to a new alleged entropy source is never to discard all previously used entropy sources. Fixes bug 10402; works around behavior introduced in OpenSSL 1.0.0. Diagnosis and investigation thanks to "coderman" and "rl1987". src/common/crypto.c +10 −3 Original line number Diff line number Diff line Loading @@ -169,8 +169,8 @@ log_engine(const char *fn, ENGINE *e) const char *name, *id; name = ENGINE_get_name(e); id = ENGINE_get_id(e); log_notice(LD_CRYPTO, "Using OpenSSL engine %s [%s] for %s", name?name:"?", id?id:"?", fn); log_notice(LD_CRYPTO, "Default OpenSSL engine for %s is %s [%s]", fn, name?name:"?", id?id:"?"); } else { log_info(LD_CRYPTO, "Using default implementation for %s", fn); } Loading Loading @@ -288,7 +288,7 @@ crypto_global_init(int useAccel, const char *accelName, const char *accelDir) } log_engine("RSA", ENGINE_get_default_RSA()); log_engine("DH", ENGINE_get_default_DH()); log_engine("RAND", ENGINE_get_default_RAND()); log_engine("RAND (which we will not use)", ENGINE_get_default_RAND()); log_engine("SHA1", ENGINE_get_digest_engine(NID_sha1)); log_engine("3DES", ENGINE_get_cipher_engine(NID_des_ede3_ecb)); log_engine("AES", ENGINE_get_cipher_engine(NID_aes_128_ecb)); Loading @@ -297,6 +297,13 @@ crypto_global_init(int useAccel, const char *accelName, const char *accelDir) log_info(LD_CRYPTO, "NOT using OpenSSL engine support."); } if (RAND_get_rand_method() != RAND_SSLeay()) { log_notice(LD_CRYPTO, "It appears that one of our engines has provided " "a replacement the OpenSSL RNG. Resetting it to the default " "implementation."); RAND_set_rand_method(RAND_SSLeay()); } evaluate_evp_for_aes(-1); evaluate_ctr_for_aes(); Loading Loading
changes/bug10402 0 → 100644 +11 −0 Original line number Diff line number Diff line o Major bugfixes: - Do not allow OpenSSL engines to replace the PRNG, even when HardwareAccel is set. The only default builtin PRNG engine uses the Intel RDRAND instruction to replace the entire PRNG, and ignores all attempts to seed it with more entropy. That's cryptographically stupid: the right response to a new alleged entropy source is never to discard all previously used entropy sources. Fixes bug 10402; works around behavior introduced in OpenSSL 1.0.0. Diagnosis and investigation thanks to "coderman" and "rl1987".
src/common/crypto.c +10 −3 Original line number Diff line number Diff line Loading @@ -169,8 +169,8 @@ log_engine(const char *fn, ENGINE *e) const char *name, *id; name = ENGINE_get_name(e); id = ENGINE_get_id(e); log_notice(LD_CRYPTO, "Using OpenSSL engine %s [%s] for %s", name?name:"?", id?id:"?", fn); log_notice(LD_CRYPTO, "Default OpenSSL engine for %s is %s [%s]", fn, name?name:"?", id?id:"?"); } else { log_info(LD_CRYPTO, "Using default implementation for %s", fn); } Loading Loading @@ -288,7 +288,7 @@ crypto_global_init(int useAccel, const char *accelName, const char *accelDir) } log_engine("RSA", ENGINE_get_default_RSA()); log_engine("DH", ENGINE_get_default_DH()); log_engine("RAND", ENGINE_get_default_RAND()); log_engine("RAND (which we will not use)", ENGINE_get_default_RAND()); log_engine("SHA1", ENGINE_get_digest_engine(NID_sha1)); log_engine("3DES", ENGINE_get_cipher_engine(NID_des_ede3_ecb)); log_engine("AES", ENGINE_get_cipher_engine(NID_aes_128_ecb)); Loading @@ -297,6 +297,13 @@ crypto_global_init(int useAccel, const char *accelName, const char *accelDir) log_info(LD_CRYPTO, "NOT using OpenSSL engine support."); } if (RAND_get_rand_method() != RAND_SSLeay()) { log_notice(LD_CRYPTO, "It appears that one of our engines has provided " "a replacement the OpenSSL RNG. Resetting it to the default " "implementation."); RAND_set_rand_method(RAND_SSLeay()); } evaluate_evp_for_aes(-1); evaluate_ctr_for_aes(); Loading
