Home page logo

bugtraq logo Bugtraq mailing list archives

OpenBSD sslUSA26 advisory (Re: CORE-SDI: Buffer overflow in RSAREF2)
From: deraadt () CVS OPENBSD ORG (Theo de Raadt)
Date: Thu, 2 Dec 1999 17:42:11 -0700


USA intellectual property laws require users within the USA to license
RSA public key cryptography software.  For non-commercial use, RSA
requires the use of their reference implementation RSAREF2.  Other
implementations are a patent violation, and you could end up in court
(and they've got a lot of lawyers).

A CORE-SDI Bugtraq posting revealed a serious buffer overflow in
RSAREF's encryption and decryption functions due to missing checks on
the length of the input key.

OpenBSD ships with applications using public key cryptography.
Because we are trying to make release CDROMs for the entire world, we
cannot put RSA onto the CD (yeah, major bummer).  Instead, we've made
it so that the RSA patented code stays in a package containing some
shared libraries, and our installation software installs this package
from over the 'net.

Each package contains two shared libraries: libcrypto and libssl; just
like regular OpenSSL.  People outside the USA can use these two
libraries, found in the "ssl26" package.  Non-commercial entities in
the USA cannot -- because of the patent issue -- and for them we
provide the "sslUSA26" package.  Commercial entities in the USA must
contact RSA for a licence, or wait till next September.

The "sslUSA26" package is OpenSSL, like the other package, but we have
removed the OpenSSL RSA code and replaced it with RSAREF2.  This
permits the non-commercial use of "sslUSA26" inside the USA.
Commercial users who think they can use the RSA without a licence in
the USA should see a lawyer and a therapist.

Well, all this just really means that "sslUSA26" contains the problem
found by CORE-SDI.


The following built-in OpenBSD applications might be affected when they
are used with the USA version of libssl.

- openssh:
        Even though the OpenSSH code checks all input parameters carefully,
        internal RSAREF functions can still overflow.  Users within the
        USA should update their shared ssl library.

- isakmpd:
        When used with x509 certificates and rsa signature mode,
        the signature functions in RSAREF might overflow.

- httpd:
        When SSL support is enabled in /etc/rc.conf using -DSSL, and
        when using RSA keys, the signature functions in RSAREF might

It isn't known yet if this problem is exploitable in any of these

You can find out which ssl libraries you are using by doing:

        # pkg_info | grep ssl

        If you are using ssl26.tar.gz, you are are NOT AFFECTED.
        (This crypto problem only burns Americans!)

If you are using sslUSA26.tar.gz, you want the replacement libraries:

        1) Get the correct file for your architecture:


        MD5 (amiga/sslUSA26.tar.gz) = 8e49697fb7ee60ef0d3cdbbaeb1ae2ef
        MD5 (hp300/sslUSA26.tar.gz) = 8e49697fb7ee60ef0d3cdbbaeb1ae2ef
        MD5 (i386/sslUSA26.tar.gz) = 77348327c5cc0f880991230fd0ccab50
        MD5 (mac68k/sslUSA26.tar.gz) = 8e49697fb7ee60ef0d3cdbbaeb1ae2ef
        MD5 (mvme68k/sslUSA26.tar.gz) = 8e49697fb7ee60ef0d3cdbbaeb1ae2ef
        MD5 (sparc/sslUSA26.tar.gz) = e37f67c16b203ae47cdcb0a4bb451644
        SHA1 (amiga/sslUSA26.tar.gz) = a9de4d792dfed893d9dcab2514013af3901e71f1
        SHA1 (hp300/sslUSA26.tar.gz) = a9de4d792dfed893d9dcab2514013af3901e71f1
        SHA1 (i386/sslUSA26.tar.gz) = b9adef041db6cfc91ad399668be9d03882f7e195
        SHA1 (mac68k/sslUSA26.tar.gz) = a9de4d792dfed893d9dcab2514013af3901e71f1
        SHA1 (mvme68k/sslUSA26.tar.gz) = a9de4d792dfed893d9dcab2514013af3901e71f1
        SHA1 (sparc/sslUSA26.tar.gz) = c7f889ae74e22c82bb234a955c84aa38a18c7315

        2) Install it by doing:

        # pkg_delete sslUSA26
        # pkg_add -v sslUSA26.tar.gz

        Then restart any affected daemons.

If you have the new version, you will see the following:

        # pkg_info sslUSA26
        Information for sslUSA26:
        ssl26.1 USA-only non-commercial crypto libs incl. SSL & RSA
        sslUSA26 libcrypto and libssl libraries that includes the
        RSA algorithm from the RSAREF implementation.
        *This version is for noncommercial use IN THE USA ONLY.*
        This package contains patch#1, with the RSA bugfix.  The
        shared libraries are libcrypto.so.2.2 and libssl.so.2.2.
        These two OpenBSD libraries (libssl and libcrypto, based on OpenSSL)
        implement many cryptographic functions which are used by OpenBSD
        programs like ssh, httpd, and isakmpd.  Due to patent licensing
        reasons, those libraries may not be included on the CD -- instead the
        base distribution contains libraries which have had the troublesome
        code removed -- the programs listed above will not be fully functional
        as a result.  Libraries which _include_ the troublesome routines are
        in this package, and may be used as long as you meet the follow
        (legal) criteria:
                  (1) Outside the USA, no restrictions apply. Use ssl26
                      (NOT this package)
                  (2) Inside the USA, non-commercial entities may the install
                      the sslUSA26 package which includes RSAREF (This package).
                  (3) Commercial entities in the USA are left in the cold, due to how
                      the licences work.  (This is how the USA crypto export policy
                      feels to the rest of the world.)

Information on OpenBSD                  http://www.OpenBSD.org/
Information on OpenSSH                  http://www.OpenSSH.com/
Information on OpenSSL                  http://www.OpenSSL.org/
Information on cryptography export      http://www.OpenBSD.org/images/tshirt-7b.jpg

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]