ZSK (RSA) generation should use PolarSSLs ctr_drbg algo #615

Closed
Habbie opened this Issue Apr 26, 2013 · 1 comment

Projects

None yet

1 participant

@Habbie
Member
Habbie commented Apr 26, 2013

Currently, the ZSK key generation (which defaults to RSA) uses the Havege algorithm from PolarSSL. As stated in [1], this can produce unsafe keys in certain environments.

Although the polarssl lib is upgraded to > v1.1.0, the code still needs to be adapted to use the new ctr_drbg algo instead of the havege algo. I think polarrsakeyinfra.cc is to be altered.

[1] http://polarssl.org/trac/wiki/SecurityAdvisory201102

@Habbie Habbie was assigned Apr 26, 2013
@Habbie Habbie closed this Apr 26, 2013
@Habbie Habbie added a commit that referenced this issue Apr 26, 2013
@Habbie Habbie change polar RSA key generation from havege to ctr_drbg; suggested by…
… Luuk Hendriks, additional checking by Paul Bakker of PolarSSL. Closes #615

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2876 d19b8d6e-7fed-0310-83ef-9ca221ded41b
802da34
@Habbie
Member
Habbie commented Apr 26, 2013

Author: peter
fixed in r2876, thanks!

@mind04 mind04 pushed a commit to mind04/pdns that referenced this issue Apr 26, 2013
peter change polar RSA key generation from havege to ctr_drbg; suggested by…
… Luuk Hendriks, additional checking by Paul Bakker of PolarSSL. Closes #615

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2876 d19b8d6e-7fed-0310-83ef-9ca221ded41b
760c2d3
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment