Date: Thu, 2 Dec 1999 17:42:11 -0700
From: Theo de Raadt <deraadt@CVS.OPENBSD.ORG.>
To: [email protected]Subject: OpenBSD sslUSA26 advisory (Re: CORE-SDI: Buffer overflow in RSAREF2)
PROBLEM DESCRIPTION
----------------------------------------
USA intellectual property laws require users within the USA to license
RSA public key cryptography software. For non-commercial use, RSA
requires the use of their reference implementation RSAREF2. Other
implementations are a patent violation, and you could end up in court
(and they've got a lot of lawyers).
A CORE-SDI Bugtraq posting revealed a serious buffer overflow in
RSAREF's encryption and decryption functions due to missing checks on
the length of the input key.
OpenBSD ships with applications using public key cryptography.
Because we are trying to make release CDROMs for the entire world, we
cannot put RSA onto the CD (yeah, major bummer). Instead, we've made
it so that the RSA patented code stays in a package containing some
shared libraries, and our installation software installs this package
from over the 'net.
Each package contains two shared libraries: libcrypto and libssl; just
like regular OpenSSL. People outside the USA can use these two
libraries, found in the "ssl26" package. Non-commercial entities in
the USA cannot -- because of the patent issue -- and for them we
provide the "sslUSA26" package. Commercial entities in the USA must
contact RSA for a licence, or wait till next September.
The "sslUSA26" package is OpenSSL, like the other package, but we have
removed the OpenSSL RSA code and replaced it with RSAREF2. This
permits the non-commercial use of "sslUSA26" inside the USA.
Commercial users who think they can use the RSA without a licence in
the USA should see a lawyer and a therapist.
Well, all this just really means that "sslUSA26" contains the problem
found by CORE-SDI.
AFFECTED PROGRAMS
----------------------------------------
The following built-in OpenBSD applications might be affected when they
are used with the USA version of libssl.
- openssh:
Even though the OpenSSH code checks all input parameters carefully,
internal RSAREF functions can still overflow. Users within the
USA should update their shared ssl library.
- isakmpd:
When used with x509 certificates and rsa signature mode,
the signature functions in RSAREF might overflow.
- httpd:
When SSL support is enabled in /etc/rc.conf using -DSSL, and
when using RSA keys, the signature functions in RSAREF might
overflow.
It isn't known yet if this problem is exploitable in any of these
programs.
PATCHES
----------------------------------------
You can find out which ssl libraries you are using by doing:
# pkg_info | grep ssl
WE REPEAT:
If you are using ssl26.tar.gz, you are are NOT AFFECTED.
(This crypto problem only burns Americans!)
If you are using sslUSA26.tar.gz, you want the replacement libraries:
1) Get the correct file for your architecture:
ftp://ftp.usa.openbsd.org/pub/OpenBSD/2.6/i386/sslUSA26.tar.gzftp://ftp.usa.openbsd.org/pub/OpenBSD/2.6/sparc/sslUSA26.tar.gzftp://ftp.usa.openbsd.org/pub/OpenBSD/2.6/hp300/sslUSA26.tar.gzftp://ftp.usa.openbsd.org/pub/OpenBSD/2.6/mvme68k/sslUSA26.tar.gzftp://ftp.usa.openbsd.org/pub/OpenBSD/2.6/mac68k/sslUSA26.tar.gzftp://ftp.usa.openbsd.org/pub/OpenBSD/2.6/amiga/sslUSA26.tar.gz
MD5 (amiga/sslUSA26.tar.gz) = 8e49697fb7ee60ef0d3cdbbaeb1ae2ef
MD5 (hp300/sslUSA26.tar.gz) = 8e49697fb7ee60ef0d3cdbbaeb1ae2ef
MD5 (i386/sslUSA26.tar.gz) = 77348327c5cc0f880991230fd0ccab50
MD5 (mac68k/sslUSA26.tar.gz) = 8e49697fb7ee60ef0d3cdbbaeb1ae2ef
MD5 (mvme68k/sslUSA26.tar.gz) = 8e49697fb7ee60ef0d3cdbbaeb1ae2ef
MD5 (sparc/sslUSA26.tar.gz) = e37f67c16b203ae47cdcb0a4bb451644
SHA1 (amiga/sslUSA26.tar.gz) = a9de4d792dfed893d9dcab2514013af3901e71f1
SHA1 (hp300/sslUSA26.tar.gz) = a9de4d792dfed893d9dcab2514013af3901e71f1
SHA1 (i386/sslUSA26.tar.gz) = b9adef041db6cfc91ad399668be9d03882f7e195
SHA1 (mac68k/sslUSA26.tar.gz) = a9de4d792dfed893d9dcab2514013af3901e71f1
SHA1 (mvme68k/sslUSA26.tar.gz) = a9de4d792dfed893d9dcab2514013af3901e71f1
SHA1 (sparc/sslUSA26.tar.gz) = c7f889ae74e22c82bb234a955c84aa38a18c7315
2) Install it by doing:
# pkg_delete sslUSA26
# pkg_add -v sslUSA26.tar.gz
Then restart any affected daemons.
If you have the new version, you will see the following:
# pkg_info sslUSA26
Information for sslUSA26:
Comment:
ssl26.1 USA-only non-commercial crypto libs incl. SSL & RSA
Description:
sslUSA26 libcrypto and libssl libraries that includes the
RSA algorithm from the RSAREF implementation.
*This version is for noncommercial use IN THE USA ONLY.*
This package contains patch#1, with the RSA bugfix. The
shared libraries are libcrypto.so.2.2 and libssl.so.2.2.
These two OpenBSD libraries (libssl and libcrypto, based on OpenSSL)
implement many cryptographic functions which are used by OpenBSD
programs like ssh, httpd, and isakmpd. Due to patent licensing
reasons, those libraries may not be included on the CD -- instead the
base distribution contains libraries which have had the troublesome
code removed -- the programs listed above will not be fully functional
as a result. Libraries which _include_ the troublesome routines are
in this package, and may be used as long as you meet the follow
(legal) criteria:
(1) Outside the USA, no restrictions apply. Use ssl26
(NOT this package)
(2) Inside the USA, non-commercial entities may the install
the sslUSA26 package which includes RSAREF (This package).
(3) Commercial entities in the USA are left in the cold, due to how
the licences work. (This is how the USA crypto export policy
feels to the rest of the world.)
#
----------------------------------------
Information on OpenBSD http://www.OpenBSD.org/
Information on OpenSSH http://www.OpenSSH.com/
Information on OpenSSL http://www.OpenSSL.org/
Information on cryptography export http://www.OpenBSD.org/images/tshirt-7b.jpg