On Mon, Jun 14, 2010, Nicholas Maniscalco wrote: > William A. Rowe Jr. wrote: >> On 6/14/2010 7:59 PM, Nicholas Maniscalco wrote: >>> Is using OpenSSL built with the PURIFY flag considered "secure"? >>> I ask because I came across this comment, in md_rand.c: >>> >>> #ifndef PURIFY /* purify complains */ >>> /* DO NOT REMOVE THE FOLLOWING CALL TO MD_Update()! */ >>> if (!MD_Update(&m,buf,j)) >>> goto err; >>> /* We know that line may cause programs such as >>> purify and valgrind to complain about use of >>> uninitialized data. */ >>> #endif >> The last time someone went by such nonsense[1], they created an entirely >> exploitable set of keys on all debian/ubuntu-derived distributions. Good >> luck with that, and please let us know what you are maintaining, so that >> we might avoid such distributions and products. >> [1] http://www.debian.org/security/2008/dsa-1571 > > Thanks, William. I am familiar with the Debian issue. > > The code I pasted above is from ssleay_rand_bytes. Perhaps you were > thinking I was talking about the call in ssleay_rand_add? I am quite aware > that removing the call from ssleay_rand_add is a very bad idea :) > > Are you still of the opinion that an OpenSSL built with PURIFY is insecure? > David Schwartz, indicated otherwise in a similar thread I started a few > weeks back (see his last sentence), > > http://www.mail-archive.com/[email protected]/msg27732.html > > I was satisfied with his answer until I saw the comment above, hence the > new thread. Again, I'm just trying to get a definitive answer on whether > the PURIFY flag is considered secure. Thanks.
Well I can give you an initial provisional opinion... I'm being very guarded when commenting on the PRNG based on past history ;-) I think that extra comment within the #ifndef PURIFY was added in error. That call just uses the (possibly unitialised) buffer passed into ssleay_rand_bytes() as a very minor source of entropy and is not part of PURIFY builds with no ill effects other than removing that minor source of entropy. Richard, it was your commit. Would you care to comment? Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
