Impact of the Debian OpenSSL vulnerability [LWN.net]

Impact of the Debian OpenSSL vulnerability

Posted May 17, 2008 2:35 UTC (Sat) by ianburrell (subscriber, #47313)
In reply to: Impact of the Debian OpenSSL vulnerability by socket
Parent article: Impact of the Debian OpenSSL vulnerability

OpenSSL does use /dev/random for entropy if it is available.  My guess is that goes through
the interface that was commented out.  The security hole is that someone removed the hook that
entered all buffers into the entropy pool while trying to just remove unitialized buffers.  So
/dev/random was being used but it didn't do any good.

(Log in to post comments)

Impact of the Debian OpenSSL vulnerability

Posted May 17, 2008 12:10 UTC (Sat) by pflugstad (subscriber, #224) [Link]

Yes, this is exactly what happened.

OpenSSL has an internal random number generator. It uses MD5, SHA or some other hash (that's what the MD_Update function is that was commented out: Message Digests or hash function) over a pool of data.

When you first start up OpenSSL, and periodically during it's use, it/you add (or seed) more entropy to the pool by calling RAND_add. Typically, you'd call RAND_add, passing it a buffer of data from /dev/random or /dev/urandom. You keep doing this until until it got to a certain level of entropy. And then periodically call it again as entropy is used up.

Well, RAND_add maps to one of the functions that was patched by Debian to remove the MD_Update line that takes the provided buffer and stirs it into the pool. So basically, the only entropy left in the pool are basic things the OpenSSL like the process id.