[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #10402 [Tor]: Force disable use of RDRAND in OpenSSL when HardwareAccel is enabled



#10402: Force disable use of RDRAND in OpenSSL when HardwareAccel is enabled
--------------------+---------------------
 Reporter:  anon    |          Owner:
     Type:  defect  |         Status:  new
 Priority:  major   |      Milestone:
Component:  Tor     |        Version:
 Keywords:          |  Actual Points:
Parent ID:          |         Points:
--------------------+---------------------
 FreeBSD announced direct use of RDRAND as sole entropy source is not
 recommended.[1][2][3]

 In Tor crypto_global_init() there is a call to
 ENGINE_load_builtin_engines() which lets OpenSSL take advantage of
 AES-NI acceleration. This is almost always A Good Thing.

 From Sandy Bridge onward, however, this also results in the application
 using RDRAND directly for all entropy.

 Since Tor cannot build the OpenSSL linked against (to set
 OPENSSL_NO_RDRAND), the workaround is to call RAND_set_rand_engine(NULL)
 after ENGINE_load_builtin_engines().


 1. "FreeBSD Developer Summit: Security Working Group, /dev/random"
   https://wiki.freebsd.org/201309DevSummit/Security

 2. "Surreptitiously Tampering with Computer Chips"
   https://www.schneier.com/blog/archives/2013/09/surreptitiously.html

 3. "How does the NSA break SSL? ... Weak random number generators"
   http://blog.cryptographyengineering.com/2013/12/how-does-nsa-break-
 ssl.html

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10402>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs