Patch contains: + if (bne && BN_set_word(bne, e) != 1) + rsa = RSA_new(); However, BN_set_word() returns 1 on SUCCESS, and that is when you want to generate a new RSA key. Note in all of the other examples in this patch, the clause following != 1 is the error case. The result of this is the warning: Nov 3 12:15:04 204.52.227.130 sm-mta[11101]: STARTTLS=server, error: RSA_generate_key failed Hidden away in the system log for no-one to look at and the server to continue operating with. The result, no encrypted inbound email. This exposes your email to all and sundry, so I term it a vulnerability. However, you cannot break into systems using this vulnerability (unless you are passing passwords around in email under the assumption that is should be encrypted). Fix, change the != 1 to == 1. I also am *extremely* dubious about the default of 512 bits of RSA key being used by sendmail for this key generation. The "enhanced" default of 1024 bits for FIPS is pretty dubious as well (though possibly required). I'm not sure what this RSA key is being used for, but 512 bits could be broken for $75 in 2015 https://arstechnica.com/information-technology/2015/10/breaking-512-bit-rsa-with-amazon-ec2-is-a-cinch-so-why-all-the-weak-keys/ so I cannot imagine it is a good default. However, technically this is a different matter that the primary bug and nothing to do with gentoo patches being broken. See RSA_KEYLENGTH in sendmail.h if you want to fix it as an extremely good idea.
OpenSUSE uses the same code here https://build.opensuse.org/package/view_file/openSUSE:Leap:15.0/sendmail/sendmail-8.15.2-openssl-1.1.0-fix.patch?expand=0 bne = BN_new(); + if (bne && BN_set_word(bne, e) != 1) + rsa = RSA_new();
OpenSUSE uses the same code here https://build.opensuse.org/package/view_file/openSUSE:Leap:15.0/sendmail/sendmail-8.15.2-openssl-1.1.0-fix.patch + if (bne && BN_set_word(bne, e) != 1) + rsa = RSA_new();
From Seth Robertson here: https://bugs.gentoo.org/699414#c0 > I also am *extremely* dubious about the default of 512 bits of RSA key being > used by sendmail for this key generation. The "enhanced" default of 1024 > bits for FIPS is pretty dubious as well (though possibly required). I'm not > sure what this RSA key is being used for, but 512 bits could be broken for > $75 in 2015 > https://arstechnica.com/information-technology/2015/10/breaking-512-bit-rsa- > with-amazon-ec2-is-a-cinch-so-why-all-the-weak-keys/ so I cannot imagine it > is a good default. However, technically this is a different matter that the > primary bug and nothing to do with gentoo patches being broken. See > RSA_KEYLENGTH in sendmail.h if you want to fix it as an extremely good idea. I have filed this as bug 715470. Note that net-mail/sendmail is maintainer-needed, so a patch would be appreciated. Moving this bug away from security.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e2542b5fa54ad7471c5094910818f8c35cb284f9 commit e2542b5fa54ad7471c5094910818f8c35cb284f9 Author: Conrad Kostecki <conikost@gentoo.org> AuthorDate: 2021-08-27 21:29:34 +0000 Commit: Conrad Kostecki <conikost@gentoo.org> CommitDate: 2021-08-27 21:34:36 +0000 mail-mta/sendmail: drop old version Bug: https://bugs.gentoo.org/730890 Closes: https://bugs.gentoo.org/699414 Package-Manager: Portage-3.0.22, Repoman-3.0.3 Signed-off-by: Conrad Kostecki <conikost@gentoo.org> mail-mta/sendmail/Manifest | 1 - mail-mta/sendmail/files/libmilter-sharedlib.patch | 55 ------ .../files/sendmail-8.14.6-build-system.patch | 211 --------------------- .../files/sendmail-8.15.2-glibc-2.30.patch | 52 ----- .../files/sendmail-8.15.2-openssl-1.1.0-fix.patch | 182 ------------------ .../files/sendmail-starttls-multi-crl.patch | 20 -- mail-mta/sendmail/sendmail-8.15.2-r2.ebuild | 208 -------------------- 7 files changed, 729 deletions(-)
