diff options
| author | Nick Mathewson <nickm@torproject.org> | 2013-12-18 21:55:06 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2013-12-18 21:55:06 -0500 |
| commit | dabdc339fe5abc5949f087621996672c122101b6 (patch) | |
| tree | f5e6f471eb9776e822309c34a530a87da9356933 | |
| parent | 561d9880f8025ddbcb2f0a586d0677908320af4f (diff) | |
| parent | 7b87003957530427eadce36ed03b4645b481a335 (diff) | |
| download | tor-dabdc339fe5abc5949f087621996672c122101b6.tar.gz tor-dabdc339fe5abc5949f087621996672c122101b6.zip | |
Merge branch 'bug10402_redux_024' into maint-0.2.4
| -rw-r--r-- | changes/bug10402 | 11 | ||||
| -rw-r--r-- | src/common/crypto.c | 13 |
2 files changed, 21 insertions, 3 deletions
diff --git a/changes/bug10402 b/changes/bug10402 new file mode 100644 index 0000000000..eac00bdc6d --- /dev/null +++ b/changes/bug10402 @@ -0,0 +1,11 @@ + o Major bugfixes: + - Do not allow OpenSSL engines to replace the PRNG, even when + HardwareAccel is set. The only default builtin PRNG engine uses + the Intel RDRAND instruction to replace the entire PRNG, and + ignores all attempts to seed it with more entropy. That's + cryptographically stupid: the right response to a new alleged + entropy source is never to discard all previously used entropy + sources. Fixes bug 10402; works around behavior introduced in + OpenSSL 1.0.0. Diagnosis and investigation thanks to "coderman" + and "rl1987". + diff --git a/src/common/crypto.c b/src/common/crypto.c index 0ababeaea5..940a756f61 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -169,8 +169,8 @@ log_engine(const char *fn, ENGINE *e) const char *name, *id; name = ENGINE_get_name(e); id = ENGINE_get_id(e); - log_notice(LD_CRYPTO, "Using OpenSSL engine %s [%s] for %s", - name?name:"?", id?id:"?", fn); + log_notice(LD_CRYPTO, "Default OpenSSL engine for %s is %s [%s]", + fn, name?name:"?", id?id:"?"); } else { log_info(LD_CRYPTO, "Using default implementation for %s", fn); } @@ -288,7 +288,7 @@ crypto_global_init(int useAccel, const char *accelName, const char *accelDir) } log_engine("RSA", ENGINE_get_default_RSA()); log_engine("DH", ENGINE_get_default_DH()); - log_engine("RAND", ENGINE_get_default_RAND()); + log_engine("RAND (which we will not use)", ENGINE_get_default_RAND()); log_engine("SHA1", ENGINE_get_digest_engine(NID_sha1)); log_engine("3DES", ENGINE_get_cipher_engine(NID_des_ede3_ecb)); log_engine("AES", ENGINE_get_cipher_engine(NID_aes_128_ecb)); @@ -297,6 +297,13 @@ crypto_global_init(int useAccel, const char *accelName, const char *accelDir) log_info(LD_CRYPTO, "NOT using OpenSSL engine support."); } + if (RAND_get_rand_method() != RAND_SSLeay()) { + log_notice(LD_CRYPTO, "It appears that one of our engines has provided " + "a replacement the OpenSSL RNG. Resetting it to the default " + "implementation."); + RAND_set_rand_method(RAND_SSLeay()); + } + evaluate_evp_for_aes(-1); evaluate_ctr_for_aes(); |