Re: OpenSSH/OpenSSL patches to stop excessive entropy consumption

To: Pawel Jakub Dawidek <pjd%FreeBSD.org@localhost>
Subject: Re: OpenSSH/OpenSSL patches to stop excessive entropy consumption
From: Thor Lancelot Simon <tls%panix.com@localhost>
Date: Sun, 4 Mar 2012 10:48:04 -0500

On Sun, Mar 04, 2012 at 02:20:54PM +0100, Pawel Jakub Dawidek wrote:
> On Sat, Mar 03, 2012 at 11:12:23PM -0500, Thor Lancelot Simon wrote:
> > Sorry, something was wrong with that diff.  This one is right.
> 
> > -   arc4random_stir();
> > -   arc4random_buf(rnd, sizeof(rnd));
> > +   assert((read(urandom_fd, rnd, sizeof(rnd)) == sizeof(rnd)));
> 
> This is very bad idea to execute code as an assert() condition.
> assert() is optional and if code is compiled with NDEBUG it will be
> turned into no-op and in your case no random data will be read at all,
> which makes this change dangerous.

Yes.  Someone noticed this within minutes -- already fixed.  Thanks.

A bad idea to do this even for debugging during development; as this
shows, it can easily leak out into the real world...

Thor

References:
- OpenSSH/OpenSSL patches to stop excessive entropy consumption
  - From: Thor Lancelot Simon
- Re: OpenSSH/OpenSSL patches to stop excessive entropy consumption
  - From: Thor Lancelot Simon
- Re: OpenSSH/OpenSSL patches to stop excessive entropy consumption
  - From: Pawel Jakub Dawidek

Prev by Date: Re: OpenSSH/OpenSSL patches to stop excessive entropy consumption
Next by Date: Kernel entropy pool / cprng race fix
Previous by Thread: Re: OpenSSH/OpenSSL patches to stop excessive entropy consumption
Next by Thread: Re: OpenSSH/OpenSSL patches to stop excessive entropy consumption
Indexes:

Home | Main Index | Thread Index | Old Index