The random number generator in the library that’s meant to replace OpenSSL was not really random
Open source programmer Andrew Ayer discovered a flaw in the recently released LibreSSL portable encryption library that could lead to what he called a “catastrophic failure”. LibreSSL is a fork of OpenSSL designed to be more secure than its predecessor.
The vulnerability affected the Pseudo Random Number Generator (PRNG) on Linux systems. In a very specific scenario, PRNG could generate identical numbers – something that would not happen with OpenSSL in the same scenario.
Ayer warned that “attackers often find extremely creative ways to manufacture scenarios favorable for attacks, even when those scenarios are unlikely to occur under normal circumstances.”
LibreSSL is produced by developers within the OpenBSD project, and OpenBSD founder Theo de Raadt dismissed the threat in an email to Ars Technica. “It is way overblown. This will never happen in real code,” said the notable computer scientist.
Nevertheless, OpenBSD has issued a patch.
Part of the process
LibreSSL portable 2.0.0, a preview version which can now run on several operating systems including some Linux distributions, was released by OpenBSD Foundation just two days before the vulnerability was discovered.
It was envisioned as an alternative to OpenSSL, the world’s most popular encryption library which received a lot of negative press after security researchers discovered ‘Heartbleed’, a serious vulnerability that was hiding in its code for over two years. OpenSSL was criticised at the time as an underfinanced project with “bloated” code.
LibreSSL is much lighter and “cleaner” than its long-suffering parent – for example it doesn’t contain compatibility code for obsolete operating systems like OS/2. However, it has emerged that it did contain a vulnerability that could allow the PRNG to produce several identical numbers in a short period of time.
“The problem is that LibreSSL provides no way to safely use the PRNG after a fork,” wrote Ayer.
Despite some initial scepticism, OpenBSD has committed a fix to the LibreSSL code, and indeed, the library is at a stage where it welcomes feedback and suggestions.
Ayer called it a step in the right direction, but said the solution could be improved.
“I still wish that LibreSSL would, in addition to implementing this solution, just expose an explicit way for the programmer to reseed the PRNG when unusual circumstances require it. This is particularly important since OpenSSL provides this facility and LibreSSL is meant to be a drop-in OpenSSL replacement.”
“I really appreciate the work the LibreSSL devs are doing, especially their willingness to solicit feedback from the community and act on it,” he added.
What do you know about open source? Take our quiz!