From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Richard Copley <rcopley@gmail.com>
Newsgroups: gmane.emacs.bugs
Subject: bug#22202: 24.5;
	SECURITY ISSUE -- Emacs Server vulnerable to random number generator
	attack on Windows systems
Date: Wed, 30 Dec 2015 20:47:40 +0000
Message-ID: <CAPM58og228ywWcOcTzHwzo9-cceossV2FtDciup6sAWhDiZjMg@mail.gmail.com>
References: <CAPM58ojkc5zNp3TOwsTGtXV+FSkmFRZ+PdhW2w=mLdrgsNuZsQ@mail.gmail.com>
	<83lh8ddy45.fsf@gnu.org>
	<CAPM58ohO-FoM8+niHd43bq7GX2dvBkBiLNMthnBXsTyBhRQWxg@mail.gmail.com>
	<8760zh81oo.fsf@isaac.fritz.box>
	<CAPM58ogeYY3aggKi=7tPDfxoFdmh58fN_tAcPDjHsQW0WdY9ow@mail.gmail.com>
	<83mvssc4ix.fsf@gnu.org>
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
X-Trace: ger.gmane.org 1451508509 23159 80.91.229.3 (30 Dec 2015 20:48:29 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Wed, 30 Dec 2015 20:48:29 +0000 (UTC)
Cc: 22202@debbugs.gnu.org, Demetri Obenour <demetriobenour@gmail.com>,
	David Engster <deng@randomsample.de>
To: Eli Zaretskii <eliz@gnu.org>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Wed Dec 30 21:48:16 2015
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1aENfL-0004re-CT
	for geb-bug-gnu-emacs@m.gmane.org; Wed, 30 Dec 2015 21:48:15 +0100
Original-Received: from localhost ([::1]:53730 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1aENfH-0005jZ-8z
	for geb-bug-gnu-emacs@m.gmane.org; Wed, 30 Dec 2015 15:48:11 -0500
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:52142)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1aENfD-0005jG-FI
	for bug-gnu-emacs@gnu.org; Wed, 30 Dec 2015 15:48:08 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1aENf8-00024O-FI
	for bug-gnu-emacs@gnu.org; Wed, 30 Dec 2015 15:48:07 -0500
Original-Received: from debbugs.gnu.org ([208.118.235.43]:43076)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1aENf8-00024I-C7
	for bug-gnu-emacs@gnu.org; Wed, 30 Dec 2015 15:48:02 -0500
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1aENf7-0008Cu-M2
	for bug-gnu-emacs@gnu.org; Wed, 30 Dec 2015 15:48:01 -0500
X-Loop: help-debbugs@gnu.org
Resent-From: Richard Copley <rcopley@gmail.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Wed, 30 Dec 2015 20:48:01 +0000
Resent-Message-ID: <handler.22202.B22202.145150846831526@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 22202
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: security
Original-Received: via spool by 22202-submit@debbugs.gnu.org id=B22202.145150846831526
	(code B ref 22202); Wed, 30 Dec 2015 20:48:01 +0000
Original-Received: (at 22202) by debbugs.gnu.org; 30 Dec 2015 20:47:48 +0000
Original-Received: from localhost ([127.0.0.1]:50678 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1aENeu-0008CP-AI
	for submit@debbugs.gnu.org; Wed, 30 Dec 2015 15:47:48 -0500
Original-Received: from mail-yk0-f171.google.com ([209.85.160.171]:36407)
	by debbugs.gnu.org with esmtp (Exim 4.84)
	(envelope-from <rcopley@gmail.com>) id 1aENes-0008CC-P3
	for 22202@debbugs.gnu.org; Wed, 30 Dec 2015 15:47:47 -0500
Original-Received: by mail-yk0-f171.google.com with SMTP id v14so71868940ykd.3
	for <22202@debbugs.gnu.org>; Wed, 30 Dec 2015 12:47:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; 
	h=mime-version:in-reply-to:references:date:message-id:subject:from:to
	:cc:content-type;
	bh=UiFsXfYIL/+fdGNUGqNJcfGGwczwSi2dAp+bVaDjMck=;
	b=Y6O1CDn+XNa/PLFuqPT3EpLqQlAmcZWLSoTh7vhDfqwzv/IhC0pz3dHGv/4QETdKOn
	drDPqrNkHYLV0tSBImEy9iW2cXHaqLaz5YWLtkPYyrNcSVe4qqTHnsU+3H6JNBaePk5t
	v8gO5vhC6FA3WpLAqlnkuuv/VBwvpzICBTwLieShsuSC8iBhk62YJxjFsn9VBXNBT185
	V+KEN4nKt0D2ZJdfCQu+8sP2Pultc4Mr0eR33MRB5DLYCJ9EDDmU79SOmxmlQIPQtisL
	t2DL8IsyJA/QbTK2n3iA2TseFjnTv6BGCAmThJJQ8C6yFKZH0FwKjpi0vA3wcEEZPLPm
	9YoQ==
X-Received: by 10.13.218.198 with SMTP id c189mr54556040ywe.165.1451508461119; 
	Wed, 30 Dec 2015 12:47:41 -0800 (PST)
Original-Received: by 10.37.207.214 with HTTP; Wed, 30 Dec 2015 12:47:40 -0800 (PST)
In-Reply-To: <83mvssc4ix.fsf@gnu.org>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 208.118.235.43
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
	the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.bugs:111047
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/111047>

> Can you audit the patch below?  I know next to nothing about
> cryptography, and I'm not sure I understood all the flags involved in
> these APIs.

Sure! But please bear in mind I'm not experienced in crypto
either.

With regard to API usage: The call to CryptAcquireContext looks good
to me. (The comment about interoperability in the documentation for
the parameter "pszProvider" does not apply as we are not inter-
operating with anything. Setting "pszContainer" to NULL, as you have
done, is explicitly recommended. The docs for the individual flags
entail the very value of "dwFlags" that you use.) I can see nothing
else to comment on.

Re performance: using CryptGenRandom to provide a seed for srand
is enough to address Demetri's concern. For performance reasons,
as you said, implementing random() with CryptGenRandom is
potentially bad. I think random() itself should not be changed.

That said, rand() makes me uncomfortable (mostly because of bugs in
long-gone implementations, and superstition). Given the chance I would
replace it with an xorshift* generator. The generator at [1] seeded
with 64 bits from CryptGenRandom should give good performance for
random() and (I guess!) an effectively unassailable server secret.

But I have no good reason to claim that rand() is not good enough.

Thank you Eli.

[1]: https://en.wikipedia.org/w/index.php?title=Xorshift&oldid=697235156#xorshift.2A