The perils of security tools

Alexander Klimov alserkli at inbox.ru
Thu May 22 12:25:42 EDT 2008


On Thu, 15 May 2008, Paul Hoffman wrote:
> The bigger picture is that distributions who are doing local mods
> should really have an ongoing conversation with the software's
> developers. Even if the developers don't want to talk to you, a
> one-way conversation of "we're doing this, we're doing that" could be
> useful.

Apparently, there was even a "two-way" communication about the
issue in openssl-dev [1]

  The code in question that has the problem are the following
  2 pieces of code in crypto/rand/md_rand.c:

  247:
                MD_Update(&m,buf,j);

  467:
  #ifndef PURIFY
                MD_Update(&m,buf,j); /* purify complains */
  #endif

  [...]

  What I currently see as best option is to actually comment out
  those 2 lines of code.  But I have no idea what effect this
  really has on the RNG.  The only effect I see is that the pool
  might receive less entropy.  But on the other hand, I'm not
  even sure how much entropy some unitialised data has.

  What do you people think about removing those 2 lines of code?

but I guess nobody on the openssl side was bothered to check
exactly what code Kurt was talking about and thus a potential
ROTFL moment turns out to be a security disaster.


[1] Random number generator, uninitialised data and valgrind
    <http://www.mail-archive.com/openssl-dev@openssl.org/msg21156.html>

-- 
Regards,
ASK

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list