Bugzilla – Bug 921572
VUL-1: CVE-2015-0285: openssl: Prevent handshake with unseeded PRNG
Last modified: 2015-03-16 11:03:20 UTC
via openssl git commit e1b568dd2462f7cacf98f3d117936c34e2849a6b Author: Matt Caswell <matt@openssl.org> Date: Thu Feb 26 11:56:00 2015 +0000 Prevent handshake with unseeded PRNG Fix security issue where under certain conditions a client can complete a handshake with an unseeded PRNG. The conditions are: - Client is on a platform where the PRNG has not been seeded, and the user has not seeded manually - A protocol specific client method version has been used (i.e. not SSL_client_methodv23) - A ciphersuite is used that does not require additional random data from the PRNG beyond the initial ClientHello client random (e.g. PSK-RC4-SHA) If the handshake succeeds then the client random that has been used will have been generated from a PRNG with insufficient entropy and therefore the output may be predictable. For example using the following command with an unseeded openssl will succeed on an unpatched platform: openssl s_client -psk 1a2b3c4d -tls1_2 -cipher PSK-RC4-SHA CVE-2015-0285 Reviewed-by: Richard Levitte <levitte@openssl.org>
We should be good , this should not happen in our setups.
bugbot adjusting priority
0.9.8j does not have the piece of code, it has if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0) goto err; at this place, which should be good.
1.0.1g (openssl1 in SLES 11 SP3) has: if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0) goto err; So I think it is also unaffected.
This issue seems to have been introduced in openssl 1.0.2 branch. -> none of our current products are affected.