![[LWN Logo]](/images/lwn.banner.gif)
Date: Thu, 2 Dec 1999 17:42:11 -0700 From: Theo de Raadt <deraadt@CVS.OPENBSD.ORG> Subject: OpenBSD sslUSA26 advisory (Re: CORE-SDI: Buffer overflow in To: BUGTRAQ@SECURITYFOCUS.COM PROBLEM DESCRIPTION ---------------------------------------- USA intellectual property laws require users within the USA to license RSA public key cryptography software. For non-commercial use, RSA requires the use of their reference implementation RSAREF2. Other implementations are a patent violation, and you could end up in court (and they've got a lot of lawyers). A CORE-SDI Bugtraq posting revealed a serious buffer overflow in RSAREF's encryption and decryption functions due to missing checks on the length of the input key. OpenBSD ships with applications using public key cryptography. Because we are trying to make release CDROMs for the entire world, we cannot put RSA onto the CD (yeah, major bummer). Instead, we've made it so that the RSA patented code stays in a package containing some shared libraries, and our installation software installs this package from over the 'net. Each package contains two shared libraries: libcrypto and libssl; just like regular OpenSSL. People outside the USA can use these two libraries, found in the "ssl26" package. Non-commercial entities in the USA cannot -- because of the patent issue -- and for them we provide the "sslUSA26" package. Commercial entities in the USA must contact RSA for a licence, or wait till next September. The "sslUSA26" package is OpenSSL, like the other package, but we have removed the OpenSSL RSA code and replaced it with RSAREF2. This permits the non-commercial use of "sslUSA26" inside the USA. Commercial users who think they can use the RSA without a licence in the USA should see a lawyer and a therapist. Well, all this just really means that "sslUSA26" contains the problem found by CORE-SDI. AFFECTED PROGRAMS ---------------------------------------- The following built-in OpenBSD applications might be affected when they are used with the USA version of libssl. - openssh: Even though the OpenSSH code checks all input parameters carefully, internal RSAREF functions can still overflow. Users within the USA should update their shared ssl library. - isakmpd: When used with x509 certificates and rsa signature mode, the signature functions in RSAREF might overflow. - httpd: When SSL support is enabled in /etc/rc.conf using -DSSL, and when using RSA keys, the signature functions in RSAREF might overflow. It isn't known yet if this problem is exploitable in any of these programs. PATCHES ---------------------------------------- You can find out which ssl libraries you are using by doing: # pkg_info | grep ssl WE REPEAT: If you are using ssl26.tar.gz, you are are NOT AFFECTED. (This crypto problem only burns Americans!) If you are using sslUSA26.tar.gz, you want the replacement libraries: 1) Get the correct file for your architecture: ftp://ftp.usa.openbsd.org/pub/OpenBSD/2.6/i386/sslUSA26.tar.gz ftp://ftp.usa.openbsd.org/pub/OpenBSD/2.6/sparc/sslUSA26.tar.gz ftp://ftp.usa.openbsd.org/pub/OpenBSD/2.6/hp300/sslUSA26.tar.gz ftp://ftp.usa.openbsd.org/pub/OpenBSD/2.6/mvme68k/sslUSA26.tar.gz ftp://ftp.usa.openbsd.org/pub/OpenBSD/2.6/mac68k/sslUSA26.tar.gz ftp://ftp.usa.openbsd.org/pub/OpenBSD/2.6/amiga/sslUSA26.tar.gz MD5 (amiga/sslUSA26.tar.gz) = 8e49697fb7ee60ef0d3cdbbaeb1ae2ef MD5 (hp300/sslUSA26.tar.gz) = 8e49697fb7ee60ef0d3cdbbaeb1ae2ef MD5 (i386/sslUSA26.tar.gz) = 77348327c5cc0f880991230fd0ccab50 MD5 (mac68k/sslUSA26.tar.gz) = 8e49697fb7ee60ef0d3cdbbaeb1ae2ef MD5 (mvme68k/sslUSA26.tar.gz) = 8e49697fb7ee60ef0d3cdbbaeb1ae2ef MD5 (sparc/sslUSA26.tar.gz) = e37f67c16b203ae47cdcb0a4bb451644 SHA1 (amiga/sslUSA26.tar.gz) = a9de4d792dfed893d9dcab2514013af3901e71f1 SHA1 (hp300/sslUSA26.tar.gz) = a9de4d792dfed893d9dcab2514013af3901e71f1 SHA1 (i386/sslUSA26.tar.gz) = b9adef041db6cfc91ad399668be9d03882f7e195 SHA1 (mac68k/sslUSA26.tar.gz) = a9de4d792dfed893d9dcab2514013af3901e71f1 SHA1 (mvme68k/sslUSA26.tar.gz) = a9de4d792dfed893d9dcab2514013af3901e71f1 SHA1 (sparc/sslUSA26.tar.gz) = c7f889ae74e22c82bb234a955c84aa38a18c7315 2) Install it by doing: # pkg_delete sslUSA26 # pkg_add -v sslUSA26.tar.gz Then restart any affected daemons. If you have the new version, you will see the following: # pkg_info sslUSA26 Information for sslUSA26: Comment: ssl26.1 USA-only non-commercial crypto libs incl. SSL & RSA Description: sslUSA26 libcrypto and libssl libraries that includes the RSA algorithm from the RSAREF implementation. *This version is for noncommercial use IN THE USA ONLY.* This package contains patch#1, with the RSA bugfix. The shared libraries are libcrypto.so.2.2 and libssl.so.2.2. These two OpenBSD libraries (libssl and libcrypto, based on OpenSSL) implement many cryptographic functions which are used by OpenBSD programs like ssh, httpd, and isakmpd. Due to patent licensing reasons, those libraries may not be included on the CD -- instead the base distribution contains libraries which have had the troublesome code removed -- the programs listed above will not be fully functional as a result. Libraries which _include_ the troublesome routines are in this package, and may be used as long as you meet the follow (legal) criteria: (1) Outside the USA, no restrictions apply. Use ssl26 (NOT this package) (2) Inside the USA, non-commercial entities may the install the sslUSA26 package which includes RSAREF (This package). (3) Commercial entities in the USA are left in the cold, due to how the licences work. (This is how the USA crypto export policy feels to the rest of the world.) # ---------------------------------------- Information on OpenBSD http://www.OpenBSD.org/ Information on OpenSSH http://www.OpenSSH.com/ Information on OpenSSL http://www.OpenSSL.org/ Information on cryptography export http://www.OpenBSD.org/images/tshirt-7b.jpg