Security Fixes (BIND 9.3.2-P2): Change the default RSA exponent from 3 to 65537 which is not vulnerable to the attacks described in CVE-2006-4339. Index: lib/dns/opensslrsa_link.c --- lib/dns/opensslrsa_link.c.orig 2004-12-09 05:07:18 +0100 +++ lib/dns/opensslrsa_link.c 2006-11-04 09:58:32 +0100 @@ -39,6 +39,9 @@ #include <openssl/err.h> #include <openssl/objects.h> #include <openssl/rsa.h> +#if OPENSSL_VERSION_NUMBER > 0x00908000L +#include <openssl/bn.h> +#endif /* * XXXMPA Temporarially disable RSA_BLINDING as it requires @@ -260,13 +263,47 @@ static isc_result_t opensslrsa_generate(dst_key_t *key, int exp) { +#if OPENSSL_VERSION_NUMBER > 0x00908000L + BN_GENCB cb; + RSA *rsa = RSA_new(); + BIGNUM *e = BN_new(); + + if (rsa == NULL || e == NULL) + goto err; + + if (exp == 0) { + /* RSA_F4 0x10001 */ + BN_set_bit(e, 0); + BN_set_bit(e, 16); + } else { + /* F5 0x100000001 */ + BN_set_bit(e, 0); + BN_set_bit(e, 32); + } + + BN_GENCB_set_old(&cb, NULL, NULL); + + if (RSA_generate_key_ex(rsa, key->key_size, e, &cb)) { + BN_free(e); + SET_FLAGS(rsa); + key->opaque = rsa; + return (ISC_R_SUCCESS); + } + + err: + if (e != NULL) + BN_free(e); + if (rsa != NULL) + RSA_free(rsa); + return (dst__openssl_toresult(DST_R_OPENSSLFAILURE)); +#else RSA *rsa; unsigned long e; if (exp == 0) - e = RSA_3; - else e = RSA_F4; + else + e = 0x40000003; rsa = RSA_generate_key(key->key_size, e, NULL, NULL); if (rsa == NULL) return (dst__openssl_toresult(DST_R_OPENSSLFAILURE)); @@ -274,6 +311,7 @@ key->opaque = rsa; return (ISC_R_SUCCESS); +#endif } static isc_boolean_t