11-CURRENT-Nutzer sollten Crypto-Keys neu generieren

Yamagi

Yamagi

Possessed With Psi Powers
Teammitglied
Nutzer von 11-CURRENT sollten so schnell es geht eine aktuelle Version bauen und alle Crypto-Keys neu generieren:

Code: 
If you are running a current kernel r273872 or later, please upgrade
your kernel to r278907 or later immediately and regenerate keys.

I discovered an issue where the new framework code was not calling
randomdev_init_reader, which means that read_random(9) was not returning
good random data.  read_random(9) is used by arc4random(9) which is
the primary method that arc4random(3) is seeded from.

This means most/all keys generated may be predictable and must be
regenerated.  This includes, but not limited to, ssh keys and keys
generated by openssl.  This is purely a kernel issue, and a simple
kernel upgrade w/ the patch is sufficient to fix the issue.

-STABLE und -RELEASEs sind davon nicht betroffen.
 
OT:

Code: 
-FreeBSD 9.1-RELEASE #0 r243825: Tue Dec  4 09:23:10 UTC 2012
-    root@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64
+FreeBSD 10.1-RELEASE-p5 #0: Tue Feb 17 05:04:45 CET 2015
+    root@fbuild.[...]:/usr/obj/usr/src/sys/VIMAGE amd64
+FreeBSD clang version 3.4.1 (tags/RELEASE_34/dot1-final 208032) 20140512
 CPU: Intel(R) Xeon(R) CPU E5-2630 v2 @ 2.60GHz (2600.00-MHz K8-class CPU)
-  Origin = "GenuineIntel"  Id = 0x306e4  Family = 6  Model = 3e  Stepping = 4
+  Origin = "GenuineIntel"  Id = 0x306e4  Family = 0x6  Model = 0x3e  Stepping = 4
   Features=0x1fa3fbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,DTS,MMX,FXSR,SSE,SSE2,SS,HTT>
-  Features2=0xfeba2203<SSE3,PCLMULQDQ,SSSE3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,AESNI,XSAVE,OSXSAVE,AVX,F16C,RDRAND,HV>
+  Features2=0x9e982203<SSE3,PCLMULQDQ,SSSE3,CX16,SSE4.1,SSE4.2,POPCNT,AESNI,XSAVE,OSXSAVE,AVX,HV>
   AMD Features=0x28100800<SYSCALL,NX,RDTSCP,LM>
   AMD Features2=0x1<LAHF>
   TSC: P-state invariant

Wieso fehlt bei 10.1 u.a. RDRAND? Edit: Beides ist eine VM auf ESXi.
 
Edit: Stellt sich raus, die 10.1-VM war auf HW version 8. Erst HW9 scheint RDRAND und noch einige andere Sachen an den Gast zu leiten. Gut zu wissen.

Und sorry, wenn das hier wegen RNG nur ganz knapp on-topic war.
 
Du musst dich einloggen oder registrieren, um hier zu antworten.
Zurück
Oben