--- openssl-blacklist-0.5.orig/openssl-vulnkey.1 +++ openssl-blacklist-0.5/openssl-vulnkey.1 @@ -0,0 +1,108 @@ +.\" Copyright (c) 2008 Canonical Ltd. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: May 12 2008 $ +.Dt OPENSSL-VULNKEY 1 +.Os +.Sh NAME +.Nm openssl-vulnkey +.Nd check blacklist of compromised certificates, requests and keys +.Sh SYNOPSIS +.Nm +.Op Fl q +.Ar file ... +.Nm +.Op Fl q +.Fl b +.Ar BITS +.Fl m +.Ar MODULUS +.Sh DESCRIPTION +.Nm +checks a certificate, request or key against a blacklist of compromised moduli. +.Pp +A substantial number of certificates, requests and keys are known to have been +generated using a broken version of OpenSSL distributed by Debian which failed +to seed its random number generator correctly. x509 certificates, certificate +requests and RSA keys generated using these OpenSSL versions should be assumed +to be compromised. This tool may be useful in checking for such OpenSSL x509 +certificates, certificate requests and RSA keys. +.Pp +Certificates, requests and keys that are compromised cannot be repaired; +replacements must be generated using +.Xr openssl 8 . +.Pp +If +.Dq - +is given as an argument, +.Nm +will read from standard input. +This can be used to process certificate output from +.Xr s_client 1ssl , +for example: +.Pp +.Dl $ echo | openssl s_client -connect remote.example.org:https | openssl-vulnkey - +.Pp +will test the certificate used by remote.example.org for HTTPS. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl q +Quiet mode. +Normally, +.Nm +outputs the fingerprint of each file scanned, with a description of its +status. +This option suppresses that output. +.It Fl b +Number of bits for the modulus specified. Requires -m. +.It Fl m +Check modulus. Requires -b. +.El +.Sh BLACKLIST SHA1SUM FORMAT +The blacklist file may start with comments, on lines starting with +.Dq # . +After these initial comments, it must follow a strict format: +.Pp +.Bl -bullet -offset indent -compact +.It +Each line must consist of the lower-case hexadecimal SHA1 fingerprint of the +certificate or key's modulus, and with the first 20 characters removed (that +is, the least significant 80 bits of the fingerprint). +.El +.Pp +The fingerprint of the modulus may be generated using +.Pp +.Dl $ openssl x509 -noout -modulus -in file | sha1sum | cut -d ' ' -f 1 +.Dl $ openssl rsa -noout -modulus -in file | sha1sum | cut -d ' ' -f 1 +.Dl $ openssl req -noout -modulus -in file | sha1sum | cut -d ' ' -f 1 +.Pp +This strict format is necessary to allow the blacklist file to be checked +quickly. +.Sh SEE ALSO +.Xr openssl 1 +.Sh AUTHORS +.An -nosplit +.An Jamie Strandboge Aq jamie@ubuntu.com +.Pp +Much of this manpage is based on Colin Watson's +.Xr ssh-vulnkey 1