[124242] in cryptography@c2.net mail archive

home help back first fref pref prev next nref lref last post

Re: The perils of security tools

daemon@ATHENA.MIT.EDU (Alexander Klimov)
Thu May 22 14:43:36 2008

Date: Thu, 22 May 2008 19:25:42 +0300 (IDT)
From: Alexander Klimov <alserkli@inbox.ru>
To: Cryptography <cryptography@metzdowd.com>
In-Reply-To: <p0624081fc451f90ab418@[10.20.30.162]>

On Thu, 15 May 2008, Paul Hoffman wrote:
> The bigger picture is that distributions who are doing local mods
> should really have an ongoing conversation with the software's
> developers. Even if the developers don't want to talk to you, a
> one-way conversation of "we're doing this, we're doing that" could be
> useful.

Apparently, there was even a "two-way" communication about the
issue in openssl-dev [1]

  The code in question that has the problem are the following
  2 pieces of code in crypto/rand/md_rand.c:

  247:
                MD_Update(&m,buf,j);

  467:
  #ifndef PURIFY
                MD_Update(&m,buf,j); /* purify complains */
  #endif

  [...]

  What I currently see as best option is to actually comment out
  those 2 lines of code.  But I have no idea what effect this
  really has on the RNG.  The only effect I see is that the pool
  might receive less entropy.  But on the other hand, I'm not
  even sure how much entropy some unitialised data has.

  What do you people think about removing those 2 lines of code?

but I guess nobody on the openssl side was bothered to check
exactly what code Kurt was talking about and thus a potential
ROTFL moment turns out to be a security disaster.


[1] Random number generator, uninitialised data and valgrind
    <http://www.mail-archive.com/openssl-dev@openssl.org/msg21156.html>

-- 
Regards,
ASK

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com

home help back first fref pref prev next nref lref last post