subject:"URGENT\: RNG broken for last 4 months"

Re: URGENT: RNG broken for last 4 months

2015-02-18 Thread Fabian Keil

John-Mark Gurney j...@funkthat.com wrote:

 Oliver Pinter wrote this message on Tue, Feb 17, 2015 at 23:27 +0100:
  On Tue, Feb 17, 2015 at 11:19 PM, Fabian Keil
  freebsd-lis...@fabiankeil.de wrote:
   John-Mark Gurney j...@funkthat.com wrote:
  
   If you are running a current kernel r273872 or later, please upgrade
   your kernel to r278907 or later immediately and regenerate keys.
  
   I tried ...
  
   start_init: trying /sbin/init
   118[20] Setting hostuuid: [...]
   118[20] Setting hostid: [...
   [20]
   [20]
   [20] Fatal trap 12: page fault while in kernel mode
[...]
 So, this should now be fixed w/:
 Committed revision 278927.

Works for me. Thanks.

Fabian


pgp_5WOGke3Xn.pgp
Description: OpenPGP digital signature

Re: URGENT: RNG broken for last 4 months

2015-02-17 Thread John-Mark Gurney

Oliver Pinter wrote this message on Tue, Feb 17, 2015 at 23:27 +0100:
 On Tue, Feb 17, 2015 at 11:19 PM, Fabian Keil
 freebsd-lis...@fabiankeil.de wrote:
  John-Mark Gurney j...@funkthat.com wrote:
 
  If you are running a current kernel r273872 or later, please upgrade
  your kernel to r278907 or later immediately and regenerate keys.
 
  I tried ...
 
  start_init: trying /sbin/init
  118[20] Setting hostuuid: [...]
  118[20] Setting hostid: [...
  [20]
  [20]
  [20] Fatal trap 12: page fault while in kernel mode
  [20] cpuid = 1; apic id = 01
  [20] fault virtual address  = 0xf7ff1defb51c
  [20] fault code = supervisor read data, page not present
  [20] instruction pointer= 0x20:0x819eaed5
  [20] stack pointer  = 0x28:0xfe009397b890
  [20] frame pointer  = 0x28:0xfe009397b8d0
  [20] code segment   = base 0x0, limit 0xf, type 0x1b
  [20]= DPL 0, pres 1, long 1, def32 0, gran 1
  [20] processor eflags   = interrupt enabled, resume, IOPL = 0
  [20] current process= 43 (zfs)
  [...]
  ) at pcpu.h:219
  219 pcpu.h: No such file or directory.
  in pcpu.h
  (kgdb) where
  #0  doadump (textdump=Unhandled dwarf expression opcode 0x93
  ) at pcpu.h:219
  #1  0x8031539e in db_dump (dummy=value optimized out, 
  dummy2=Unhandled dwarf expression opcode 0x93
  ) at /usr/src/sys/ddb/db_command.c:533
  #2  0x80314e7c in db_command (cmd_table=0x0) at 
  /usr/src/sys/ddb/db_command.c:440
  #3  0x80314be4 in db_command_loop () at 
  /usr/src/sys/ddb/db_command.c:493
  #4  0x803177a0 in db_trap (type=value optimized out, 
  code=Unhandled dwarf expression opcode 0x93
  ) at /usr/src/sys/ddb/db_main.c:251
  #5  0x805ff8ee in kdb_trap (type=Unhandled dwarf expression opcode 
  0x93
  ) at /usr/src/sys/kern/subr_kdb.c:654
  #6  0x80889db9 in trap_fatal (frame=0xfe009397b7e0, eva=value 
  optimized out) at /usr/src/sys/amd64/amd64/trap.c:856
  #7  0x8088a131 in trap_pfault (frame=0xfe009397b7e0, 
  usermode=value optimized out) at /usr/src/sys/amd64/amd64/trap.c:678
  #8  0x8088976e in trap (frame=0xfe009397b7e0) at 
  /usr/src/sys/amd64/amd64/trap.c:426
  #9  0x8086cd82 in calltrap () at 
  /usr/src/sys/amd64/amd64/exception.S:235
  #10 0x819eaed5 in vdev_mirror_dva_select (zio=0xf80006549398, 
  p=-974039959) at 
  /usr/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_mirror.c:317
  #11 0x819eae4a in vdev_mirror_preferred_child_randomize 
  (zio=0xf80006549398) at 
  /usr/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_mirror.c:334
  #12 0x819eaba1 in vdev_mirror_child_select (zio=0xf80006549398) 
  at /usr/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_mirror.c:404
  #13 0x819ea177 in vdev_mirror_io_start (zio=0xf80006549398) at 
  /usr/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_mirror.c:460
  #14 0x81a1d73d in zio_vdev_io_start (zio=0xf80006549398) at 
  /usr/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zio.c:2680
  #15 0x81a19c14 in zio_execute (zio=0xf80006549398) at 
  /usr/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zio.c:1499
  #16 0x81a18945 in zio_wait (zio=0xf80006549398) at 
  /usr/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zio.c:1523
  #17 0x81938db2 in arc_read (pio=0x0, spa=0xf8000634e000, 
  bp=0xf800065c5048, done=0x81937ae0 arc_getbuf_func, 
  private=0xf800065c9410, priority=ZIO_PRIORITY_SYNC_READ,
  zio_flags=128, arc_flags=0xfe009397c004, zb=0xfe009397bfe0) at 
  /usr/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/arc.c:3610
  #18 0x81964326 in dmu_objset_open_impl (spa=0xf8000634e000, 
  ds=0x0, bp=0xf800065c5048, osp=0xf800065c5008) at 
  /usr/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dmu_objset.c:307
  #19 0x81991404 in dsl_pool_init (spa=0xf8000634e000, 
  txg=1056266109, dpp=0xf8000634e2e8) at 
  /usr/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dsl_pool.c:282
  #20 0x819c8b08 in spa_load_impl (spa=0xf8000634e000, 
  pool_guid=4830954193867998892, config=0xf80002599ee0, 
  state=SPA_LOAD_OPEN, type=SPA_IMPORT_EXISTING, mosconfig=0,
  ereport=0xfe009397c4e0) at 
  /usr/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/spa.c:2406
  #21 0x819c0987 in spa_load (spa=0xf8000634e000, 
  state=SPA_LOAD_OPEN, type=SPA_IMPORT_EXISTING, mosconfig=0) at 
  /usr/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/spa.c:2178
  #22 0x819bfda9 in spa_load_best (spa=0xf8000634e000, 
  state=SPA_LOAD_OPEN, mosconfig=0, max_request=18446744073709551615, 
  rewind_flags=1)
  at /usr/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/spa.c:2903
  #23 0x819babe9 in spa_open_common (pool=0xfe0003232000 tank,

Re: URGENT: RNG broken for last 4 months

2015-02-17 Thread Ed Maste

On 17 February 2015 at 13:15, Ed Maste ema...@freebsd.org wrote:

 One other point - this only applies to keys generated while running on
 a kernel in that range. If you previously generated keys and then
 upgraded to r273872 or later there's no concern with respect to key
 randomness from this issue.

One further followup, it's been pointed out that a lack of entropy can
leak DSA private key material. See for example:

http://rdist.root.org/2010/11/19/dsa-requirements-for-random-k-value/
https://www.imperialviolet.org/2013/06/15/suddendeathentropy.html

In other words, an existing key does not become less random as a
result of this flaw (which is the point I was trying to make), but it
the flaw could cause it to be exposed.
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org

Re: URGENT: RNG broken for last 4 months

2015-02-17 Thread Ed Maste

On 17 February 2015 at 12:37, John-Mark Gurney j...@funkthat.com wrote:
 If you are running a current kernel r273872 or later, please upgrade
 your kernel to r278907 or later immediately and regenerate keys.

One other point - this only applies to keys generated while running on
a kernel in that range. If you previously generated keys and then
upgraded to r273872 or later there's no concern with respect to key
randomness from this issue.
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org

URGENT: RNG broken for last 4 months

2015-02-17 Thread John-Mark Gurney

If you are running a current kernel r273872 or later, please upgrade
your kernel to r278907 or later immediately and regenerate keys.

I discovered an issue where the new framework code was not calling
randomdev_init_reader, which means that read_random(9) was not returning
good random data.  read_random(9) is used by arc4random(9) which is
the primary method that arc4random(3) is seeded from.

This means most/all keys generated may be predictable and must be
regenerated.  This includes, but not limited to, ssh keys and keys
generated by openssl.  This is purely a kernel issue, and a simple
kernel upgrade w/ the patch is sufficient to fix the issue.

-- 
  John-Mark Gurney  Voice: +1 415 225 5579

 All that I will do, has been done, All that I have, has not.
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org

Re: URGENT: RNG broken for last 4 months

2015-02-17 Thread John-Mark Gurney

John-Mark Gurney wrote this message on Tue, Feb 17, 2015 at 09:37 -0800:
 If you are running a current kernel r273872 or later, please upgrade
 your kernel to r278907 or later immediately and regenerate keys.
 
 I discovered an issue where the new framework code was not calling
 randomdev_init_reader, which means that read_random(9) was not returning
 good random data.  read_random(9) is used by arc4random(9) which is
 the primary method that arc4random(3) is seeded from.
 
 This means most/all keys generated may be predictable and must be
 regenerated.  This includes, but not limited to, ssh keys and keys
 generated by openssl.  This is purely a kernel issue, and a simple
 kernel upgrade w/ the patch is sufficient to fix the issue.

It was brought to my attention (thanks Juli) that it might not be
clear that this issue does not effect any released version of FreeBSD.
It only effects people who run -current.

-- 
  John-Mark Gurney  Voice: +1 415 225 5579

 All that I will do, has been done, All that I have, has not.
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org

Re: URGENT: RNG broken for last 4 months

2015-02-17 Thread Fabian Keil

John-Mark Gurney j...@funkthat.com wrote:

 If you are running a current kernel r273872 or later, please upgrade
 your kernel to r278907 or later immediately and regenerate keys.

I tried ...

start_init: trying /sbin/init
118[20] Setting hostuuid: [...]
118[20] Setting hostid: [...
[20] 
[20] 
[20] Fatal trap 12: page fault while in kernel mode
[20] cpuid = 1; apic id = 01
[20] fault virtual address  = 0xf7ff1defb51c
[20] fault code = supervisor read data, page not present
[20] instruction pointer= 0x20:0x819eaed5
[20] stack pointer  = 0x28:0xfe009397b890
[20] frame pointer  = 0x28:0xfe009397b8d0
[20] code segment   = base 0x0, limit 0xf, type 0x1b
[20]= DPL 0, pres 1, long 1, def32 0, gran 1
[20] processor eflags   = interrupt enabled, resume, IOPL = 0
[20] current process= 43 (zfs)
[...]
) at pcpu.h:219
219 pcpu.h: No such file or directory.
in pcpu.h
(kgdb) where
#0  doadump (textdump=Unhandled dwarf expression opcode 0x93
) at pcpu.h:219
#1  0x8031539e in db_dump (dummy=value optimized out, 
dummy2=Unhandled dwarf expression opcode 0x93
) at /usr/src/sys/ddb/db_command.c:533
#2  0x80314e7c in db_command (cmd_table=0x0) at 
/usr/src/sys/ddb/db_command.c:440
#3  0x80314be4 in db_command_loop () at 
/usr/src/sys/ddb/db_command.c:493
#4  0x803177a0 in db_trap (type=value optimized out, code=Unhandled 
dwarf expression opcode 0x93
) at /usr/src/sys/ddb/db_main.c:251
#5  0x805ff8ee in kdb_trap (type=Unhandled dwarf expression opcode 0x93
) at /usr/src/sys/kern/subr_kdb.c:654
#6  0x80889db9 in trap_fatal (frame=0xfe009397b7e0, eva=value 
optimized out) at /usr/src/sys/amd64/amd64/trap.c:856
#7  0x8088a131 in trap_pfault (frame=0xfe009397b7e0, 
usermode=value optimized out) at /usr/src/sys/amd64/amd64/trap.c:678
#8  0x8088976e in trap (frame=0xfe009397b7e0) at 
/usr/src/sys/amd64/amd64/trap.c:426
#9  0x8086cd82 in calltrap () at 
/usr/src/sys/amd64/amd64/exception.S:235
#10 0x819eaed5 in vdev_mirror_dva_select (zio=0xf80006549398, 
p=-974039959) at 
/usr/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_mirror.c:317
#11 0x819eae4a in vdev_mirror_preferred_child_randomize 
(zio=0xf80006549398) at 
/usr/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_mirror.c:334
#12 0x819eaba1 in vdev_mirror_child_select (zio=0xf80006549398) at 
/usr/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_mirror.c:404
#13 0x819ea177 in vdev_mirror_io_start (zio=0xf80006549398) at 
/usr/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_mirror.c:460
#14 0x81a1d73d in zio_vdev_io_start (zio=0xf80006549398) at 
/usr/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zio.c:2680
#15 0x81a19c14 in zio_execute (zio=0xf80006549398) at 
/usr/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zio.c:1499
#16 0x81a18945 in zio_wait (zio=0xf80006549398) at 
/usr/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zio.c:1523
#17 0x81938db2 in arc_read (pio=0x0, spa=0xf8000634e000, 
bp=0xf800065c5048, done=0x81937ae0 arc_getbuf_func, 
private=0xf800065c9410, priority=ZIO_PRIORITY_SYNC_READ, 
zio_flags=128, arc_flags=0xfe009397c004, zb=0xfe009397bfe0) at 
/usr/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/arc.c:3610
#18 0x81964326 in dmu_objset_open_impl (spa=0xf8000634e000, ds=0x0, 
bp=0xf800065c5048, osp=0xf800065c5008) at 
/usr/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dmu_objset.c:307
#19 0x81991404 in dsl_pool_init (spa=0xf8000634e000, 
txg=1056266109, dpp=0xf8000634e2e8) at 
/usr/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dsl_pool.c:282
#20 0x819c8b08 in spa_load_impl (spa=0xf8000634e000, 
pool_guid=4830954193867998892, config=0xf80002599ee0, state=SPA_LOAD_OPEN, 
type=SPA_IMPORT_EXISTING, mosconfig=0, 
ereport=0xfe009397c4e0) at 
/usr/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/spa.c:2406
#21 0x819c0987 in spa_load (spa=0xf8000634e000, 
state=SPA_LOAD_OPEN, type=SPA_IMPORT_EXISTING, mosconfig=0) at 
/usr/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/spa.c:2178
#22 0x819bfda9 in spa_load_best (spa=0xf8000634e000, 
state=SPA_LOAD_OPEN, mosconfig=0, max_request=18446744073709551615, 
rewind_flags=1)
at /usr/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/spa.c:2903
#23 0x819babe9 in spa_open_common (pool=0xfe0003232000 tank, 
spapp=0xfe009397c6f0, tag=0x81ade789, nvpolicy=0x0, config=0x0)
at /usr/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/spa.c:3026
#24 0x819bafcb in spa_open (name=0xfe0003232000 tank, 
spapp=0xfe009397c6f0, tag=0x81ade789) at 
/usr/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/spa.c:3111

Re: URGENT: RNG broken for last 4 months

2015-02-17 Thread Oliver Pinter

On Tue, Feb 17, 2015 at 11:19 PM, Fabian Keil
freebsd-lis...@fabiankeil.de wrote:
 John-Mark Gurney j...@funkthat.com wrote:

 If you are running a current kernel r273872 or later, please upgrade
 your kernel to r278907 or later immediately and regenerate keys.

 I tried ...

 start_init: trying /sbin/init
 118[20] Setting hostuuid: [...]
 118[20] Setting hostid: [...
 [20]
 [20]
 [20] Fatal trap 12: page fault while in kernel mode
 [20] cpuid = 1; apic id = 01
 [20] fault virtual address  = 0xf7ff1defb51c
 [20] fault code = supervisor read data, page not present
 [20] instruction pointer= 0x20:0x819eaed5
 [20] stack pointer  = 0x28:0xfe009397b890
 [20] frame pointer  = 0x28:0xfe009397b8d0
 [20] code segment   = base 0x0, limit 0xf, type 0x1b
 [20]= DPL 0, pres 1, long 1, def32 0, gran 1
 [20] processor eflags   = interrupt enabled, resume, IOPL = 0
 [20] current process= 43 (zfs)
 [...]
 ) at pcpu.h:219
 219 pcpu.h: No such file or directory.
 in pcpu.h
 (kgdb) where
 #0  doadump (textdump=Unhandled dwarf expression opcode 0x93
 ) at pcpu.h:219
 #1  0x8031539e in db_dump (dummy=value optimized out, 
 dummy2=Unhandled dwarf expression opcode 0x93
 ) at /usr/src/sys/ddb/db_command.c:533
 #2  0x80314e7c in db_command (cmd_table=0x0) at 
 /usr/src/sys/ddb/db_command.c:440
 #3  0x80314be4 in db_command_loop () at 
 /usr/src/sys/ddb/db_command.c:493
 #4  0x803177a0 in db_trap (type=value optimized out, code=Unhandled 
 dwarf expression opcode 0x93
 ) at /usr/src/sys/ddb/db_main.c:251
 #5  0x805ff8ee in kdb_trap (type=Unhandled dwarf expression opcode 
 0x93
 ) at /usr/src/sys/kern/subr_kdb.c:654
 #6  0x80889db9 in trap_fatal (frame=0xfe009397b7e0, eva=value 
 optimized out) at /usr/src/sys/amd64/amd64/trap.c:856
 #7  0x8088a131 in trap_pfault (frame=0xfe009397b7e0, 
 usermode=value optimized out) at /usr/src/sys/amd64/amd64/trap.c:678
 #8  0x8088976e in trap (frame=0xfe009397b7e0) at 
 /usr/src/sys/amd64/amd64/trap.c:426
 #9  0x8086cd82 in calltrap () at 
 /usr/src/sys/amd64/amd64/exception.S:235
 #10 0x819eaed5 in vdev_mirror_dva_select (zio=0xf80006549398, 
 p=-974039959) at 
 /usr/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_mirror.c:317
 #11 0x819eae4a in vdev_mirror_preferred_child_randomize 
 (zio=0xf80006549398) at 
 /usr/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_mirror.c:334
 #12 0x819eaba1 in vdev_mirror_child_select (zio=0xf80006549398) 
 at /usr/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_mirror.c:404
 #13 0x819ea177 in vdev_mirror_io_start (zio=0xf80006549398) at 
 /usr/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_mirror.c:460
 #14 0x81a1d73d in zio_vdev_io_start (zio=0xf80006549398) at 
 /usr/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zio.c:2680
 #15 0x81a19c14 in zio_execute (zio=0xf80006549398) at 
 /usr/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zio.c:1499
 #16 0x81a18945 in zio_wait (zio=0xf80006549398) at 
 /usr/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zio.c:1523
 #17 0x81938db2 in arc_read (pio=0x0, spa=0xf8000634e000, 
 bp=0xf800065c5048, done=0x81937ae0 arc_getbuf_func, 
 private=0xf800065c9410, priority=ZIO_PRIORITY_SYNC_READ,
 zio_flags=128, arc_flags=0xfe009397c004, zb=0xfe009397bfe0) at 
 /usr/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/arc.c:3610
 #18 0x81964326 in dmu_objset_open_impl (spa=0xf8000634e000, 
 ds=0x0, bp=0xf800065c5048, osp=0xf800065c5008) at 
 /usr/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dmu_objset.c:307
 #19 0x81991404 in dsl_pool_init (spa=0xf8000634e000, 
 txg=1056266109, dpp=0xf8000634e2e8) at 
 /usr/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dsl_pool.c:282
 #20 0x819c8b08 in spa_load_impl (spa=0xf8000634e000, 
 pool_guid=4830954193867998892, config=0xf80002599ee0, 
 state=SPA_LOAD_OPEN, type=SPA_IMPORT_EXISTING, mosconfig=0,
 ereport=0xfe009397c4e0) at 
 /usr/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/spa.c:2406
 #21 0x819c0987 in spa_load (spa=0xf8000634e000, 
 state=SPA_LOAD_OPEN, type=SPA_IMPORT_EXISTING, mosconfig=0) at 
 /usr/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/spa.c:2178
 #22 0x819bfda9 in spa_load_best (spa=0xf8000634e000, 
 state=SPA_LOAD_OPEN, mosconfig=0, max_request=18446744073709551615, 
 rewind_flags=1)
 at /usr/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/spa.c:2903
 #23 0x819babe9 in spa_open_common (pool=0xfe0003232000 tank, 
 spapp=0xfe009397c6f0, tag=0x81ade789, nvpolicy=0x0, config=0x0)
 at /usr/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/spa.c:3026
 #24 0x819bafcb

Re: URGENT: RNG broken for last 4 months

Re: URGENT: RNG broken for last 4 months

Re: URGENT: RNG broken for last 4 months

Re: URGENT: RNG broken for last 4 months

URGENT: RNG broken for last 4 months

Re: URGENT: RNG broken for last 4 months

Re: URGENT: RNG broken for last 4 months

Re: URGENT: RNG broken for last 4 months

8 matches

Site Navigation

Mail list logo

Footer information