LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for June 20, 2013

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Cryptographic weakness on Debian systems

Cryptographic weakness on Debian systems

Posted May 13, 2008 16:22 UTC (Tue) by IkeTo (subscriber, #2122)
In reply to: Cryptographic weakness on Debian systems by jwb
Parent article: Cryptographic weakness on Debian systems 

> The patch is only half undone.  Oversight?

Unlikely.  The original intent is quite defensible: if some data is not initialized, you don't
know whether it is coming from some attacker, so you shouldn't use it as part of the random
number to generate your key.  I expect that is the part that is left alone, in the function
ssleay_rand_bytes.  The "#ifndef PURIFY" macro probably is there because some tools detects
that it is using uninitialized data, and would die or produce other ugly result if the code is
allowed to run.

But the patch change another function ssleay_rand_add as well.  I'm wondering whether the buf
being passed in is actually the data that it want to add to the random pool.  If so, the
original removal of line 274 probably drops nearly all randomness that the random number
generator can ever obtain.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds