Your message dated Mon, 11 May 2009 03:32:36 +0000 with message-id <e1m3mfo-0005pr...@ries.debian.org> and subject line Bug#527640: fixed in opensc 0.11.8-1 has caused the Debian Bug report #527640, regarding opensc: insecure due to wrong public exponent to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 527640: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=527640 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: opensc Severity: grave Tags: security Tags: patch Hi, There is a vulnerability in opensc. Details are: | The security problem in short: you need a combination of | 1.) a tool that startes a key generation with public exponent set to 1 | (an invalid value that causes an insecure rsa key) | 2.) a PKCS#11 module that accepts that this public exponent and forwards | it to the card | 3.) a card that accepts the public exponent and generates the rsa key. | | OpenSC is insecure because due to a code bug in pkcs11-tool it had | the wrong public exponent. But OpenSC PKCS#11 module is secure, it | ignores the public exponent. So only if you generate your keys with | pkcs11-tool from OpenSC 0.11.7 (which very few people do), and only if | you used it with sone other vendors PKCS#11 module, and only if the | card accepted the bogus value too, then your rsa key is unsecure. | | you can easily verify keys by looking at the rsa public key or a | certificate or certificate request, for example the openssl command | line tools can print the content in plain text. public Exponent = 1 | is bad (3 and higher are accepted values, 65537 or higher is suggested | by the NIST). | | Here is the full security advisory. No CVE included, as I was not able | to get one from distributions, vendor-sec or mitre. | | OpenSC Security Advisory [07-May-2009] | ====================================== | | pkcs11-tool generates RSA keys with publicExponent 1 instead of 65537 | | OpenSC includes a tool for testing its PKCS#11 module called | pkcs11-tool. This command line tool includes the ability to ask the | PKCS#11 module to generate an RSA key pair. The tool used to default to a key size | of 768 bits and a public exponent of 3. These values are considered | small but ok. In december 2008 a change (SVN commit 3602) changed | these values to more secure default values of 1024 bit key size | and a public exponent of 65537. A bug in that code however caused | the default public exponent to be 1. That value is invalid and | insecure, a message encrypted with it will be unencrypted. | | If pkcs11-tool is used with the PKCS#11 module included in OpenSC, | there is no security issue, as OpenSC PKCS#11 module ignores any | public exponent passed to it. Only when pkcs11-tool is used with | other third party PKCS#11 Modules the problem comes up. | | Thanks to Miquel Comas MartÃ, who found and fixed this bug and | contacted us on May 7th, 2009. | | This bug only affects users of OpenSC SVN trunk or OpenSC release | 0.11.7. Older releases do not contain this problem, and the new | OpenSC release 0.11.8 fixes this problem. Only users of the command | line tool "pkcs11-tool" are affected by this problem, and only the | generate rsa key pair function is affected ("--keypairgen" or "-k"). | There is no option to configure the public exponent using the | command line tool, so all such uses are affected. | | The command line tool "pkcs11-tool" can be used with the OpenSC | PKCS#11 Module "opensc-pkcs11.so" or "opensc-pkcs11.dll" or with any | other PKCS#11 module. Only when used with other PKCS#11 module the | problem arrises, as the OpenSC PKCS#11 Module ignores the public | exponent passed to it. | | If you use a third party PKCS#11 Module with pkcs11-tool you | can use openssl with engine_pkcs11 to create a certificate | signing request and then use openssl to analyze that csr, | for example | openssl req -in req.pem -noout -text | ... | Exponent: 1 (0x1) | ... | | Would show the problem. Please coordinate with the security team (t...@security.debian.org) to prepare updates for the stable releases. A patch that fixes the problem follows: --- src/tools/pkcs11-tool.c (Revision 3687) +++ src/tools/pkcs11-tool.c (Revision 3688) @@ -1035,7 +1035,7 @@ { CK_MECHANISM mechanism = {CKM_RSA_PKCS_KEY_PAIR_GEN, NULL_PTR, 0}; CK_ULONG modulusBits = 1024; - CK_BYTE publicExponent[] = { 65537 }; + CK_BYTE publicExponent[] = { 0x01, 0x00, 0x01 }; /* 65537 in bytes */ CK_BBOOL _true = TRUE; CK_OBJECT_CLASS pubkey_class = CKO_PUBLIC_KEY; CK_OBJECT_CLASS privkey_class = CKO_PRIVATE_KEY;
--- End Message ---
--- Begin Message ---Source: opensc Source-Version: 0.11.8-1 We believe that the bug you reported is fixed in the latest version of opensc, which is due to be installed in the Debian FTP archive: libopensc2-dbg_0.11.8-1_amd64.deb to pool/main/o/opensc/libopensc2-dbg_0.11.8-1_amd64.deb libopensc2-dev_0.11.8-1_amd64.deb to pool/main/o/opensc/libopensc2-dev_0.11.8-1_amd64.deb libopensc2_0.11.8-1_amd64.deb to pool/main/o/opensc/libopensc2_0.11.8-1_amd64.deb mozilla-opensc_0.11.8-1_amd64.deb to pool/main/o/opensc/mozilla-opensc_0.11.8-1_amd64.deb opensc_0.11.8-1.diff.gz to pool/main/o/opensc/opensc_0.11.8-1.diff.gz opensc_0.11.8-1.dsc to pool/main/o/opensc/opensc_0.11.8-1.dsc opensc_0.11.8-1_amd64.deb to pool/main/o/opensc/opensc_0.11.8-1_amd64.deb opensc_0.11.8.orig.tar.gz to pool/main/o/opensc/opensc_0.11.8.orig.tar.gz A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 527...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Eric Dorland <e...@debian.org> (supplier of updated opensc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 10 May 2009 22:03:06 -0400 Source: opensc Binary: opensc libopensc2-dev libopensc2 libopensc2-dbg mozilla-opensc Architecture: source amd64 Version: 0.11.8-1 Distribution: unstable Urgency: low Maintainer: Eric Dorland <e...@debian.org> Changed-By: Eric Dorland <e...@debian.org> Description: libopensc2 - SmartCard library with support for PKCS#15 compatible smart cards libopensc2-dbg - debugging symbols for libopensc2 libopensc2-dev - OpenSC development files mozilla-opensc - Mozilla plugin for authentication using OpenSC opensc - SmartCard utilities with support for PKCS#15 compatible cards Closes: 527640 Changes: opensc (0.11.8-1) unstable; urgency=low . * New upstream release. Fixes a security problem with pkcs11-tool generating insecure public keypairs. This problem was only with the 0.11.7 release, which was only part of unstable. (Closes: #527640) Checksums-Sha1: 9737c638a664cc4f0bc12b6cea73e8a8ade76d57 1305 opensc_0.11.8-1.dsc 4a320b0cc3bc3de5843ab6af677093d98d4cf318 1434051 opensc_0.11.8.orig.tar.gz 358fe8a6c07f4d5868f062b8726ac99ccfca1dce 55746 opensc_0.11.8-1.diff.gz c210b0d45a70c327c8a503b3d38222c9aa76f968 328724 opensc_0.11.8-1_amd64.deb e6782ef613a82a3167ff5fa5b49b2595c1597afc 800996 libopensc2-dev_0.11.8-1_amd64.deb 7806898ada48467574f1ba3ee91db1d0b249868e 655042 libopensc2_0.11.8-1_amd64.deb d4073372ae9a486e7de11570d4ae74664b7c55cc 1364634 libopensc2-dbg_0.11.8-1_amd64.deb 224d6c90ab838f694909d81eef6fc75b510128df 186676 mozilla-opensc_0.11.8-1_amd64.deb Checksums-Sha256: 51814fd6a0a632857d86f6a15a470383f314cef8504e0f83b2c02dfc1f861204 1305 opensc_0.11.8-1.dsc 3713eff46d231e0b37c1fdba3d3d640716fe0edd875df57578643f0d9f221361 1434051 opensc_0.11.8.orig.tar.gz c1c2ea27cf6b2a657348d79a15275b316c1c25681933a6880d578e5a56d3cc72 55746 opensc_0.11.8-1.diff.gz 582998796e5e0e9026b0a30ab5c40eeaa5081e013070ba94308d871f69f46084 328724 opensc_0.11.8-1_amd64.deb e889aa77eda3c9599328426b550c5694104f341f4d13895254f50f72be900439 800996 libopensc2-dev_0.11.8-1_amd64.deb c743989966dfbcb4cad34a69ea3376ed3d0ab659c8a6215f87d719da6ae5fa45 655042 libopensc2_0.11.8-1_amd64.deb 10388fda1ca21cccf558767988ec09831db0772bb7d3e2aee44d09ab19147f9c 1364634 libopensc2-dbg_0.11.8-1_amd64.deb 32ab07711b7930d472ca6d9ee37551f49ea81a31312ebbb35411d81e5bc1a645 186676 mozilla-opensc_0.11.8-1_amd64.deb Files: 01ef4a1a672c8eb4af42e8b74167fddd 1305 utils extra opensc_0.11.8-1.dsc a269b478b18dddb648b9bd930206b5a8 1434051 utils extra opensc_0.11.8.orig.tar.gz 73fe697bf4d262d89f645e5c140753be 55746 utils extra opensc_0.11.8-1.diff.gz 07e1cdfd14ff74169c646fa49267bc7b 328724 utils extra opensc_0.11.8-1_amd64.deb 24eba9985b6922be4d4c3482d85f1af5 800996 libdevel optional libopensc2-dev_0.11.8-1_amd64.deb 03d89ef84a48eca590741e6a2682abad 655042 libs optional libopensc2_0.11.8-1_amd64.deb 461a59068fba89c5ff35176629083b4c 1364634 debug extra libopensc2-dbg_0.11.8-1_amd64.deb 2d250c3e629ff689e289c970ea9c8e6a 186676 web extra mozilla-opensc_0.11.8-1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKB4rUYemOzxbZcMYRAkD+AJ41WSfX8g8NuU3aHdfUBuVQeAFPfACgriJH ef0Y6VA8b+TemdupnwHiXSc= =786K -----END PGP SIGNATURE-----
--- End Message ---
