On Thu, Feb 12, 2004 at 12:19:44PM +0100, Michael Bell wrote:
Hi,
I found a problem with "openssl smime -rand filename". If I specify a randfile then this file is not updated by apps/smime.c. The program calls app_RAND_write_file with a NULL pointer even if a randfile was specified. The result is that app_RAND_write_file in apps/app_rand.c tries to get a filename via RAND_file_name from crypto/rand/randfile.c. This function checks the environment variables RANDFILE and HOME or falls back to the default position.
The problem is that this is a security issue because the randfile is never updated. We (OpenCA) work on a batch system and for such systems with high volumes of operations such a never changing random can be really critical - or at minimum I believe this today. A fix could look like this:
OLD:
if (need_rand) app_RAND_write_file(NULL, bio_err);
NEW:
if (need_rand) { if (inrand != NULL) app_RAND_write_file(inrand, bio_err); else app_RAND_write_file(NULL, bio_err); }
If you agree that this is a bug then I forward it to rt.
I tend to disagree. The randfile can be the same thing as a .rnd file, but it is actually intended to be used as a source only. Consider the case of a process run by user root that will give -rand /var/adm/syslog/syslog.log as an option. This will give quite some entropy but... Therefore ever changing entropy should be handled via .rnd file, which _is_ updated.
If you use a random file which is read only then you should not update anything because in this case $RANDFILE is usually not set and $HOME can fail if openssl is run by a process that changed it's UID.
An example is quite simple. If you run smime from a Perlscript on an Apache then the original $HOME is /root (on Linux) or / on other Unix. The result is that the process tries to write to /root/.rnd which is really stupid because the normal Apache user cannot write to the home directory of root.
Other programs like ca update the specified random file. So the behaviour is some kind of inconsistent especially if you try to update an unused randomfile. I don't know a good solution for the problem but a simple unauthorized update sounds not very well and creates wrong error messages. If you use -rand then at minimum the random file should not be updated because it is not used.
Michael -- ------------------------------------------------------------------- Michael Bell Email: [EMAIL PROTECTED] ZE Computer- und Medienservice Tel.: +49 (0)30-2093 2482 (Computing Centre) Fax: +49 (0)30-2093 2704 Humboldt-University of Berlin Unter den Linden 6 10099 Berlin Email (private): [EMAIL PROTECTED] Germany http://www.openca.org
______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
