Copyright 2022 - CSIM - Asian Institute of Technology

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Subject: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-14:01.random
From: FreeBSD Errata Notices <This email address is being protected from spambots. You need JavaScript enabled to view it.>
Date: Tue, 14 Jan 2014 20:11:50 GMT

Hash: SHA512

FreeBSD-EN-14:01.random                                         Errata Notice
                                                          The FreeBSD Project

Topic:          /dev/random should not make direct usage of hardware RNG

Category:       core
Module:         random
Announced:      2014-01-14
Affects:        All versions of FreeBSD prior to 10.0-BETA1
Corrected:      2014-01-14 19:27:42 UTC (stable/9, 9.2-STABLE)
                2014-01-14 19:42:28 UTC (releng/9.2, 9.2-RELEASE-p3)
                2014-01-14 19:42:28 UTC (releng/9.1, 9.1-RELEASE-p10)
                2014-01-14 19:27:42 UTC (stable/8, 8.4-STABLE)
                2014-01-14 19:42:28 UTC (releng/8.4, 8.4-RELEASE-p7)
                2014-01-14 19:42:28 UTC (releng/8.3, 8.3-RELEASE-p14)

For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit

I.   Background

The random(4) and urandom(4) devices return an endless supply of pseudo-random
bytes when read.  Cryptographic algorithms often depend on the secrecy of these
pseudo-random values for security.

Yarrow is a secure pseudo-random number generator that combines entropy from
several entropy sources, mitigating a possible attack when someone could
predict the output when they are able to intercept one or more of the
entropy sources

II.  Problem Description

When a hardware RNG exists, the FreeBSD random(4) and urandom(4) devices
would use their output directly.

III. Impact

Someone who has control over these hardware RNGs would be able to
predicate the output from random(4) and urandom(4) devices and may be able
to reveal unique keys that are used to encrypt data.

IV.  Workaround

Disable the hardware RNGs by adding the following settings to /boot/loader.conf
and reboot the system:


V.   Solution

Hardware RNGs would be disabled by default with this errata notice.  They
can be re-enabled by setting the corresponding loader tunables to non-zero

Perform one of the following:

1) Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date.

2) To update your present system via a source code patch:

The following patches have been verified to apply to the applicable
FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

[FreeBSD 9.2 and 8.4]
# fetch
# fetch
# gpg --verify random-9.2-8.4.patch.asc

[FreeBSD 9.1]
# fetch
# fetch
# gpg --verify random-9.1.patch.asc

[FreeBSD 8.3]
# fetch
# fetch
# gpg --verify random-8.3.patch.asc

b) Apply the patch.

# cd /usr/src
# patch < /path/to/patch

c) Recompile your kernel as described in
<URL:> and reboot the

3) To update your system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:

# freebsd-update fetch
# freebsd-update install

VI.  Correction details

The following list contains the revision numbers of each file that was
corrected in FreeBSD.

Branch/path                                                      Revision
- -------------------------------------------------------------------------
stable/8/                                                         r260644
releng/8.3/                                                       r260647
releng/8.4/                                                       r260647
stable/9/                                                         r260644
releng/9.1/                                                       r260647
releng/9.2/                                                       r260647
- -------------------------------------------------------------------------

VII. References

The latest revision of this Errata Notice is available at


This email address is being protected from spambots. You need JavaScript enabled to view it. mailing list
To unsubscribe, send any mail to "This email address is being protected from spambots. You need JavaScript enabled to view it."

Powered by: MHonArc

Login Form


School of Engineering and technologies     Asian Institute of Technology