| Summary: | FIPS-140-2 requires call to RAND_cleanup() before the program using RAND exits | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Portable OpenSSH | Reporter: | jchadima | ||||||
| Component: | Miscellaneous | Assignee: | Assigned to nobody <unassigned-bugs> | ||||||
| Status: | NEW --- | ||||||||
| Severity: | normal | CC: | dtucker, jfch, pcerny, t8m | ||||||
| Priority: | P2 | ||||||||
| Version: | 5.3p1 | ||||||||
| Hardware: | Other | ||||||||
| OS: | Linux | ||||||||
| Attachments: |
|
||||||||
|
Description
jchadima
2010-01-21 23:01:50 AEDT
Created attachment 1781 [details]
Patch solving the problem
This is the patch which initilaizing the random device, ensure the call to RAND_cleanup at the exit of the program.
Is RAND_cleanup() signal-safe? (I suspect not, and if it's not then this potentially opens a signal race vulnerability in sshd, which is the reason why all use of atexit was removed from OpenSSH previously.) RAND_cleanup() is not signal safe if the rand generator is supplied by an engine which would be released by the call (no other references than the generator). But this is irrelevant anyway as the functions registered with atexit() are called only in exit() calls and not in the default signal handler termination or in _exit(). If openssh called exit() in signal handler it would be a security problem anyway as this is signal handler unsafe call itself. Created attachment 1828 [details]
Alternate patch using cleanup_exit
|