-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-EN-14:01.random Errata Notice
The FreeBSD Project
Topic: /dev/random should not make direct usage of hardware RNG
Category: core
Module: random
Announced: 2014-01-14
Affects: All versions of FreeBSD prior to 10.0-BETA1
Corrected: 2014-01-14 19:27:42 UTC (stable/9, 9.2-STABLE)
2014-01-14 19:42:28 UTC (releng/9.2, 9.2-RELEASE-p3)
2014-01-14 19:42:28 UTC (releng/9.1, 9.1-RELEASE-p10)
2014-01-14 19:27:42 UTC (stable/8, 8.4-STABLE)
2014-01-14 19:42:28 UTC (releng/8.4, 8.4-RELEASE-p7)
2014-01-14 19:42:28 UTC (releng/8.3, 8.3-RELEASE-p14)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
.
I. Background
The random(4) and urandom(4) devices return an endless supply of pseudo-random
bytes when read. Cryptographic algorithms often depend on the secrecy of these
pseudo-random values for security.
Yarrow is a secure pseudo-random number generator that combines entropy from
several entropy sources, mitigating a possible attack when someone could
predict the output when they are able to intercept one or more of the
entropy sources
II. Problem Description
When a hardware RNG exists, the FreeBSD random(4) and urandom(4) devices
would use their output directly.
III. Impact
Someone who has control over these hardware RNGs would be able to
predicate the output from random(4) and urandom(4) devices and may be able
to reveal unique keys that are used to encrypt data.
IV. Workaround
Disable the hardware RNGs by adding the following settings to /boot/loader.conf
and reboot the system:
hw.nehemiah_rng_enable=0
hw.ivy_rng_enable=0
V. Solution
Hardware RNGs would be disabled by default with this errata notice. They
can be re-enabled by setting the corresponding loader tunables to non-zero
value.
Perform one of the following:
1) Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date.
2) To update your present system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 9.2 and 8.4]
# fetch http://security.FreeBSD.org/patches/EN-14:01/random-9.2-8.4.patch
# fetch http://security.FreeBSD.org/patches/EN-14:01/random-9.2-8.4.patch.asc
# gpg --verify random-9.2-8.4.patch.asc
[FreeBSD 9.1]
# fetch http://security.FreeBSD.org/patches/EN-14:01/random-9.1.patch
# fetch http://security.FreeBSD.org/patches/EN-14:01/random-9.1.patch.asc
# gpg --verify random-9.1.patch.asc
[FreeBSD 8.3]
# fetch http://security.FreeBSD.org/patches/EN-14:01/random-8.3.patch
# fetch http://security.FreeBSD.org/patches/EN-14:01/random-8.3.patch.asc
# gpg --verify random-8.3.patch.asc
b) Apply the patch.
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
and reboot the
system.
3) To update your system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
Branch/path Revision
- -------------------------------------------------------------------------
stable/8/ r260644
releng/8.3/ r260647
releng/8.4/ r260647
stable/9/ r260644
releng/9.1/ r260647
releng/9.2/ r260647
- -------------------------------------------------------------------------
VII. References
The latest revision of this Errata Notice is available at
http://security.FreeBSD.org/advisories/FreeBSD-EN-14:01.random.asc
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJS1ZSoAAoJEO1n7NZdz2rnZcgP/3ITOg59t4PmOg2vUrlMsf35
jVDZojqeu+XgDepYi37HJVB6pHSWusYoI59YP6O2N1n15W34Bp91Vcthofyr+jgx
7Guz+DXOqZy1yxGMSGkAl0hIrksszqp5kAADy4f1NMkFmvc2+8dXW1xmxYpDHrkG
d/alEeK0LuFgWXYnnrea3x/aWqEVVR+/YhCbk8FTD01Q4zqtfacIDfNL+gLf4Mhx
gNO1HSHmvS4GEF1gawtHzY4i6rGX9e4LgxKSEKSMUXfl1WUfnD5f62z9FB1UN1Js
EfVniP2ZN2ojAzoVWfiX5WDhpMA/KZpdTSLF+zOM1/Tr+7+N7WTYftL6nHy/HSj8
LmsIZnSE4F7F2hFlZu7PPwGzaIj/rYk5tRzw3nTIoIwVoLbvbevzCrl0rIocq2CK
Sm5WV2qvMuWB+ZK2ZuzCIxAj6/fuLbUIBHmHd2VFfxWXcSwoK/cW3pFPMDyHKtJJ
ccocT7kXeHHtnSqzvSN1j1XFZsWdojbYU7HSU8QmiilG3ESvgrzZAKh7V+hC/aF/
TE0Xhaip8X/sOt1NnjHGs8XzA3w7wUukssz2V7gRdarSS7c/+mU23pajLknQ4eiB
l3g8z/iX4jPuL8e0sn9GUCXVtTZIXWGl9hSilWeYk6tEihhlf/gVhY6ldCwSoZjr
U6gPf7bQn/NzE7wSUaQD
=viar
-----END PGP SIGNATURE-----