On Thu, 4 Feb 2016, Rainer Gerhards wrote:
2016-02-04 3:06 GMT+01:00 David Lang <[email protected]>:
530f91a42307f33c9dd43a7d0c802b3fa469beec
Author: Rainer Gerhards <[email protected]>
Date: Tue Feb 2 15:51:52 2016 +0100
prevent a clang static analyzer warning
The static analyzer correctly complains about "garbagge
value being used", but this is exactly what we want. The
code in question is a fallback when we cannot obtain any
other source of randomness for cryptography needs.
If there is absolutely no source of randomness, cryptography should abort,
not use whatever value happens to be in ram (which should be 0)
If urandom isn't available, abort with a clear message that access to it
is required, don't silently use garbage to initialize the cryptography.
Just to make things clear: this commit didn't change behaviour. It just
addresses the static analyzer warning but keeps everything else as-is. So
if I revert that change, the only thing that will change is that the static
analyzer will break all builds.
understood
So the real issue is how to work if /dev/urandom is not available. I used
per-existing values in memory so far (based on my understanding that a
couple of tools do so).
various tools have done so, and been caught generating predicatable keys (this
was the source of the debian ssh key fiasco a few years back)
If the consensus is that this is a bad idea, we
have actually two choices:
a) error out (which could potentially completey exclude some platform)
what platform doesn't offer _some_ random source? Anything Linux based will have
/dev/random and /dev/urandom. urandom may not be very good quality randomness
(by some measurements on some systems), but the kernel provides the best that is
available.
so it would only be non-linux systems that could have a problem, right?
b) use the c runtime library randon number generator (which, I think, is
*not* crypto-grade).
you still need something to initialize the random number generator
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
