D17678.id49580.diff
No OneTemporary
Actions

Size

2 KB

Referenced Files

None

Subscribers

None

D17678.id49580.diff
View Options

	Index: sbin/dumpon/dumpon.8
	===================================================================
	--- sbin/dumpon/dumpon.8
	+++ sbin/dumpon/dumpon.8
	@@ -28,7 +28,7 @@
	.\" From: @(#)swapon.8 8.1 (Berkeley) 6/5/93
	.\" $FreeBSD$
	.\"
	-.Dd June 13, 2018
	+.Dd October 23, 2018
	.Dt DUMPON 8
	.Os
	.Sh NAME
	@@ -348,3 +348,15 @@
	It is currently not possible to configure both compression and encryption.
	The encrypted dump format assumes that the kernel dump size is a multiple
	of the cipher block size, which may not be true when the dump is compressed.
	+.Sh SECURITY CONSIDERATIONS
	+RSA keys smaller than 1024 bits are practical to factor and therefore weak.
	+Even 1024 bit keys may not be large enough to ensure privacy for many more
	+years.
	+As a seatbelt,
	+.Nm
	+prevents users from configuring encrypted kernel dumps with weak RSA keys.
	+If you do not care for cryptographic privacy guarantees, just use
	+.Nm
	+without specifying a
	+.Fl k Ar pubkey
	+option.
	Index: sbin/dumpon/dumpon.c
	===================================================================
	--- sbin/dumpon/dumpon.c
	+++ sbin/dumpon/dumpon.c
	@@ -217,6 +217,7 @@
	{
	FILE *fp;
	RSA *pubkey;
	+ int keysize;

	assert(pubkeyfile != NULL);
	assert(kdap != NULL);
	@@ -243,7 +244,23 @@
	if (pubkey == NULL)
	errx(1, "Unable to read data from %s.", pubkeyfile);

	- kdap->kda_encryptedkeysize = RSA_size(pubkey);
	+ keysize = RSA_size(pubkey);
	+ /*
	+ * RSA keys under 1024 bits are trivially factorable (2018). Avoid
	+ * suggesting to users that their privacy is protected by encryption
	+ * when the key size is insufficient to prevent compromise via
	+ * factoring.
	+ *
	+ * Future work: Sanity check for weak 'e', and sanity check for absence
	+ * of 'd' (i.e., the supplied
	+ */
	+ if (keysize * 8 < 1024)
	+ errx(1, "RSA keys smaller than 1024b (you provided: %db) are "
	+ "small enough to factor cheaply. "
	+ "Please generate a larger key.",
	+ keysize * 8);
	+
	+ kdap->kda_encryptedkeysize = keysize;
	if (kdap->kda_encryptedkeysize > KERNELDUMP_ENCKEY_MAX_SIZE) {
	errx(1, "Public key has to be at most %db long.",
	8 * KERNELDUMP_ENCKEY_MAX_SIZE);

File Metadata

Mime Type: text/plain
Expires: Sat, Jan 31, 6:39 PM (20 h, 19 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 28155656
Default Alt Text: D17678.id49580.diff (2 KB)

D17678.id49580.diffNo OneTemporaryActions

D17678.id49580.diffView Options

File Metadata

Event Timeline

D17678.id49580.diff
No OneTemporary
Actions

D17678.id49580.diff
View Options