aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2013-12-18 22:04:21 -0500
committerNick Mathewson <nickm@torproject.org>2013-12-18 22:04:21 -0500
commit85284c33d1952711703087eb64149ef55ea775cf (patch)
tree5d14fb6a3fdb9e599625986ada5de994e43ab26e
parentf12d3fe9aa3d2f97eb1750e30b812358ecdd9139 (diff)
parentdabdc339fe5abc5949f087621996672c122101b6 (diff)
downloadtor-85284c33d1952711703087eb64149ef55ea775cf.tar.gz
tor-85284c33d1952711703087eb64149ef55ea775cf.zip
Merge remote-tracking branch 'origin/maint-0.2.4'
Conflicts: src/common/crypto.c
-rw-r--r--changes/bug1040211
-rw-r--r--src/common/crypto.c12
2 files changed, 21 insertions, 2 deletions
diff --git a/changes/bug10402 b/changes/bug10402
new file mode 100644
index 0000000000..eac00bdc6d
--- /dev/null
+++ b/changes/bug10402
@@ -0,0 +1,11 @@
+ o Major bugfixes:
+ - Do not allow OpenSSL engines to replace the PRNG, even when
+ HardwareAccel is set. The only default builtin PRNG engine uses
+ the Intel RDRAND instruction to replace the entire PRNG, and
+ ignores all attempts to seed it with more entropy. That's
+ cryptographically stupid: the right response to a new alleged
+ entropy source is never to discard all previously used entropy
+ sources. Fixes bug 10402; works around behavior introduced in
+ OpenSSL 1.0.0. Diagnosis and investigation thanks to "coderman"
+ and "rl1987".
+
diff --git a/src/common/crypto.c b/src/common/crypto.c
index 5afb98e2c0..347f27e130 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -168,8 +168,8 @@ log_engine(const char *fn, ENGINE *e)
const char *name, *id;
name = ENGINE_get_name(e);
id = ENGINE_get_id(e);
- log_notice(LD_CRYPTO, "Using OpenSSL engine %s [%s] for %s",
- name?name:"?", id?id:"?", fn);
+ log_notice(LD_CRYPTO, "Default OpenSSL engine for %s is %s [%s]",
+ fn, name?name:"?", id?id:"?");
} else {
log_info(LD_CRYPTO, "Using default implementation for %s", fn);
}
@@ -314,6 +314,7 @@ crypto_global_init(int useAccel, const char *accelName, const char *accelDir)
log_engine("ECDH", ENGINE_get_default_ECDH());
log_engine("ECDSA", ENGINE_get_default_ECDSA());
log_engine("RAND", ENGINE_get_default_RAND());
+ log_engine("RAND (which we will not use)", ENGINE_get_default_RAND());
log_engine("SHA1", ENGINE_get_digest_engine(NID_sha1));
log_engine("3DES-CBC", ENGINE_get_cipher_engine(NID_des_ede3_cbc));
log_engine("AES-128-ECB", ENGINE_get_cipher_engine(NID_aes_128_ecb));
@@ -334,6 +335,13 @@ crypto_global_init(int useAccel, const char *accelName, const char *accelDir)
log_info(LD_CRYPTO, "NOT using OpenSSL engine support.");
}
+ if (RAND_get_rand_method() != RAND_SSLeay()) {
+ log_notice(LD_CRYPTO, "It appears that one of our engines has provided "
+ "a replacement the OpenSSL RNG. Resetting it to the default "
+ "implementation.");
+ RAND_set_rand_method(RAND_SSLeay());
+ }
+
evaluate_evp_for_aes(-1);
evaluate_ctr_for_aes();