diff options
| author | Nick Mathewson <nickm@torproject.org> | 2013-12-18 11:49:44 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2013-12-18 11:53:07 -0500 |
| commit | 7b87003957530427eadce36ed03b4645b481a335 (patch) | |
| tree | f5e6f471eb9776e822309c34a530a87da9356933 /src/common/crypto.c | |
| parent | 561d9880f8025ddbcb2f0a586d0677908320af4f (diff) | |
| download | tor-7b87003957530427eadce36ed03b4645b481a335.tar tor-7b87003957530427eadce36ed03b4645b481a335.tar.gz | |
Never allow OpenSSL engines to replace the RAND_SSLeay method
This fixes bug 10402, where the rdrand engine would use the rdrand
instruction, not as an additional entropy source, but as a replacement
for the entire userspace PRNG. That's obviously stupid: even if you
don't think that RDRAND is a likely security risk, the right response
to an alleged new alleged entropy source is never to throw away all
previously used entropy sources.
Thanks to coderman and rl1987 for diagnosing and tracking this down.
Diffstat (limited to 'src/common/crypto.c')
| -rw-r--r-- | src/common/crypto.c | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/src/common/crypto.c b/src/common/crypto.c index 0ababeaea..940a756f6 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -169,8 +169,8 @@ log_engine(const char *fn, ENGINE *e) const char *name, *id; name = ENGINE_get_name(e); id = ENGINE_get_id(e); - log_notice(LD_CRYPTO, "Using OpenSSL engine %s [%s] for %s", - name?name:"?", id?id:"?", fn); + log_notice(LD_CRYPTO, "Default OpenSSL engine for %s is %s [%s]", + fn, name?name:"?", id?id:"?"); } else { log_info(LD_CRYPTO, "Using default implementation for %s", fn); } @@ -288,7 +288,7 @@ crypto_global_init(int useAccel, const char *accelName, const char *accelDir) } log_engine("RSA", ENGINE_get_default_RSA()); log_engine("DH", ENGINE_get_default_DH()); - log_engine("RAND", ENGINE_get_default_RAND()); + log_engine("RAND (which we will not use)", ENGINE_get_default_RAND()); log_engine("SHA1", ENGINE_get_digest_engine(NID_sha1)); log_engine("3DES", ENGINE_get_cipher_engine(NID_des_ede3_ecb)); log_engine("AES", ENGINE_get_cipher_engine(NID_aes_128_ecb)); @@ -297,6 +297,13 @@ crypto_global_init(int useAccel, const char *accelName, const char *accelDir) log_info(LD_CRYPTO, "NOT using OpenSSL engine support."); } + if (RAND_get_rand_method() != RAND_SSLeay()) { + log_notice(LD_CRYPTO, "It appears that one of our engines has provided " + "a replacement the OpenSSL RNG. Resetting it to the default " + "implementation."); + RAND_set_rand_method(RAND_SSLeay()); + } + evaluate_evp_for_aes(-1); evaluate_ctr_for_aes(); |