Bugtraq mailing list archives
Re: qmail starttls patch does not seed the random number generator
From: Wojciech Purczynski <wp () supermedia pl>
Date: Wed, 15 Aug 2001 17:02:15 +0200 (CEST)
Hi, The way you fixed the problem is not secure. It works in most cases but it may fail in some cases. Your patch does not check for error codes that may be returned by open() and if read() returns less characters than 33 your code just skips seeding the PRNG without returning any error. As we can read in kernel sources, open("/dev/urandom") and read() should not return error but you can't depend on this if you wan't to provide secure fix. If kernel changes your code may become insecure and would need to be fixed again and again... Cheers, wp
openssl-0.9.6b does not allow ssl/tls connections when the random number has not been seeded. This is a good idea, and it exposes that the starttls patch for qmail does not seed the random number generator. Here is a small patch that fixes the problem in qmail-remote for systems that support /dev/urandom (the same can be done for qmail-smtpd but I can't test it right now). Not seeding the random number generator is a serious bug and it completely compromises the cryptographic privacy of TLS encrypted emails. Felix --- qmail-1.03/qmail-remote.c Wed Aug 15 02:52:23 2001 +++ qmail-1.03-diet/qmail-remote.c Wed Aug 15 02:43:07 2001 @@ -431,6 +431,13 @@ SSL_set_fd(ssl,smtpfd); alarm(timeout); + { + int randfd=open_read("/dev/urandom"); + char buf[64]; + int len=read(randfd,buf,64); + close(randfd); + if (len>32) RAND_seed(buf,len); + } r = SSL_connect(ssl); saveerrno = errno; alarm(0); if (flagtimedout)
_________________________________________________________________ Wojciech PurczyĆski | Security Officer | http://cliph.linux.pl/ ----------------------------------------------------------------- Murphy's law says that there is always one more bug... ...but he forgot to mention if it is exploitable.
Current thread:
- qmail starttls patch does not seed the random number generator Felix von Leitner (Aug 15)
- Re: qmail starttls patch does not seed the random number generator Wojciech Purczynski (Aug 15)
- Re: qmail starttls patch does not seed the random number generator Jack Lloyd (Aug 15)
- Re: qmail starttls patch does not seed the random number generator Scott Renfro (Aug 16)
- Re: qmail starttls patch does not seed the random number generator D. J. Bernstein (Aug 19)
- Re: qmail starttls patch does not seed the random number generator Jack Lloyd (Aug 15)
- Re: qmail starttls patch does not seed the random number generator Brian Hatch (Aug 15)
- Re: qmail starttls patch does not seed the random number generator Frederik Vermeulen (Aug 16)
- Re: qmail starttls patch does not seed the random number generator Wojciech Purczynski (Aug 15)