[tor-bugs] #10402 [Tor]: Force disable use of RDRAND in OpenSSL when HardwareAccel is enabled
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Dec 14 12:52:31 UTC 2013
#10402: Force disable use of RDRAND in OpenSSL when HardwareAccel is enabled
--------------------+---------------------
Reporter: anon | Owner:
Type: defect | Status: new
Priority: major | Milestone:
Component: Tor | Version:
Keywords: | Actual Points:
Parent ID: | Points:
--------------------+---------------------
FreeBSD announced direct use of RDRAND as sole entropy source is not
recommended.[1][2][3]
In Tor crypto_global_init() there is a call to
ENGINE_load_builtin_engines() which lets OpenSSL take advantage of
AES-NI acceleration. This is almost always A Good Thing.
From Sandy Bridge onward, however, this also results in the application
using RDRAND directly for all entropy.
Since Tor cannot build the OpenSSL linked against (to set
OPENSSL_NO_RDRAND), the workaround is to call RAND_set_rand_engine(NULL)
after ENGINE_load_builtin_engines().
1. "FreeBSD Developer Summit: Security Working Group, /dev/random"
https://wiki.freebsd.org/201309DevSummit/Security
2. "Surreptitiously Tampering with Computer Chips"
https://www.schneier.com/blog/archives/2013/09/surreptitiously.html
3. "How does the NSA break SSL? ... Weak random number generators"
http://blog.cryptographyengineering.com/2013/12/how-does-nsa-break-
ssl.html
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10402>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list