Bug 1045186

Summary: tor: force disabling of RDRAND in OpenSSL when hardware acceleration is available
Product: [Fedora] Fedora Reporter: Vincent Danen <vdanen>
Component: torAssignee: Nobody's working on this, feel free to take it <nobody>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 20CC: lmacken, ohadlevy, pwouters
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-28 14:50:40 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Vincent Danen 2013-12-19 20:03:07 UTC
Upstream has filed a bug report and patches for an RFE to disable the use of RDRAND as the only source of entropy for Tor.  Patches are attached to the bug but it is not yet merged and fully tested.

I'm noting this here as a bug of interest for future releases as this seems like it could be a desirable _enhancement_ but am not filing it as a security flaw.

https://trac.torproject.org/projects/tor/ticket/10402

which has references like this:

"FreeBSD Developer Summit: Security Working Group, /dev/random" ​https://wiki.freebsd.org/201309DevSummit/Security

"Surreptitiously Tampering with Computer Chips" ​https://www.schneier.com/blog/archives/2013/09/surreptitiously.html

"How does the NSA break SSL? ... Weak random number generators" ​http://blog.cryptographyengineering.com/2013/12/how-does-nsa-break-ssl.html

Comment 1 Vincent Danen 2013-12-19 20:04:51 UTC
Oh, and the patch:

https://peertech.org/dist/tor-latest-rdrand-disable.patch

Comment 2 Jamie Nguyen 2014-03-26 15:44:01 UTC
Upstream have fixed this in 0.2.4.x branch. I have just updated the rawhide package to 0.2.4.21 so this can be considered fixed for rawhide.

nickm commented in the upstream bug report that he is "leaving open for possible 0.2.3 backport". AFAICT this has not happened yet. Since this only affects users that set a non-default option (HarwareAccel 1) in their configuration, I am happy to wait until upstream backport this fix.

Comment 3 Jamie Nguyen 2014-06-28 14:50:40 UTC
0.2.4.22 has now been pushed to all fedora and epel branches.