[22274] in bugtraq
Re: qmail starttls patch does not seed the random number generator
daemon@ATHENA.MIT.EDU (Frederik Vermeulen)
Thu Aug 16 18:57:23 2001
Date: Thu, 16 Aug 2001 22:47:36 +0200 (METDST)
Message-Id: <200108162047.WAA04960@lion.imec.be>
To: felix-qmail@fefe.de
Cc: qmail@list.cr.yp.to, bugtraq@securityfocus.com
In-reply-to: <20010815025736.A11987@codeblau.de> (message from Felix von
Leitner on Wed, 15 Aug 2001 02:57:36 +0200)
From: Frederik Vermeulen <jos-tls@kotnet.org>
Felix von Leitner wrote:
>openssl-0.9.6b does not allow ssl/tls connections when the random number
>has not been seeded. This is a good idea, and it exposes that the
>starttls patch for qmail does not seed the random number generator.
I (patch maintainer) second the response of Brian Hatch in
<20010815105637.A30794@ifokr.org>. On systems that
support /dev/urandom, the openssl library uses it to seed the
PRNG, without the need to call RAND_seed in the application. On other
systems, it will fail to set up a TLS connection as you
reported. This is also the case with openssl versions < 0.9.6b.
I see no security problem with this behavior.
The openssl library provides the possibility to provide PRNG
seeding in the application. This moves the problem of providing a
platform specific PRNG seeding function from the cryptographic
library to the application programmer. The third way is to have
the PRNG seeding code in an entropy gathering daemon (EGD). This
keeps the application code platform-independent (only EGD
interfacing code is needed).
You report that your system has /dev/urandom, but openssl does not
use it. Are you sure DEVRANDOM in openssl/e_os.h was defined to
/dev/urandom when openssl was compiled?
Regards,
Frederik
