Bug 1045186 - tor: force disabling of RDRAND in OpenSSL when hardware acceleration is available
Summary: tor: force disabling of RDRAND in OpenSSL when hardware acceleration is avail...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: tor
Version: 20
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Nobody's working on this, feel free to take it
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-12-19 20:03 UTC by Vincent Danen
Modified: 2020-11-05 09:54 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-06-28 14:50:40 UTC
Type: Bug


Attachments (Terms of Use)

Description Vincent Danen 2013-12-19 20:03:07 UTC
Upstream has filed a bug report and patches for an RFE to disable the use of RDRAND as the only source of entropy for Tor.  Patches are attached to the bug but it is not yet merged and fully tested.

I'm noting this here as a bug of interest for future releases as this seems like it could be a desirable _enhancement_ but am not filing it as a security flaw.

https://trac.torproject.org/projects/tor/ticket/10402

which has references like this:

"FreeBSD Developer Summit: Security Working Group, /dev/random" ​https://wiki.freebsd.org/201309DevSummit/Security

"Surreptitiously Tampering with Computer Chips" ​https://www.schneier.com/blog/archives/2013/09/surreptitiously.html

"How does the NSA break SSL? ... Weak random number generators" ​http://blog.cryptographyengineering.com/2013/12/how-does-nsa-break-ssl.html

Comment 1 Vincent Danen 2013-12-19 20:04:51 UTC
Oh, and the patch:

https://peertech.org/dist/tor-latest-rdrand-disable.patch

Comment 2 Jamie Nguyen 2014-03-26 15:44:01 UTC
Upstream have fixed this in 0.2.4.x branch. I have just updated the rawhide package to 0.2.4.21 so this can be considered fixed for rawhide.

nickm commented in the upstream bug report that he is "leaving open for possible 0.2.3 backport". AFAICT this has not happened yet. Since this only affects users that set a non-default option (HarwareAccel 1) in their configuration, I am happy to wait until upstream backport this fix.

Comment 3 Jamie Nguyen 2014-06-28 14:50:40 UTC
0.2.4.22 has now been pushed to all fedora and epel branches.


Note You need to log in before you can comment on or make changes to this bug.