Flaws found in OpenSSL encryption module
- By William Jackson
- Nov 29, 2007
The Open Source Software Institute has released a patch
and a workaround
for problems found in the OpenSSL library of encryption algorithms.
The module gave federal users an open-source option for Secure Sockets Layer virtual private networks when it was certified to Federal Information Processing Standard (FIPS) 140-2 under the federal Cryptographic Module Validation Programs (CMVP). Agencies are required to use FIPS-certified cryptographic products to protect sensitive but unclassified data on non-national-security networks. The patches present a dilemma for federal users of the software.
'For FIPS 140-2 validated software no changes are permitted without prior CMVP approval so neither of these patches can be applied to the v1.1.1 distribution for the purposes of producing a validated module,' Steve Marquess of OSSI said in the announcement of the patches.
That means that for the time being federal users must continue using the flawed software or patch it and go out of compliance.
The institute has asked for a 'letter change' from the evaluating test lab that can be submitted to CMVP, which then could authorize the fixes to be included in the FIPS validated version.
'Once (and if) approved, the new distribution containing this patch will be posted as http://openssl.org/source/openssl-fips-1.1.2.tar.gz to replace the current distribution at http://openssl.org/source/openssl-fips-1.1.1.tar.gz,' Marquess wrote.
The institute oversees the development of OpenSSL and the module and source code are available under an open-source license permitting free noncommercial use. The cryptographic module is an open-source implementation of SSL encryption which was originally created by Netscape Communications. It includes a Transport Layer Security module. Client software, often Web browsers, can use SSL and TLS to encrypt and decrypt Web pages and sensitive data and to let clients and servers authenticate themselves to each other. The FIPS-approved version of OpenSSL is limited to the TLS mode.
The flaw was reported by Geoff Lowe of Secure Computing and is in the module's pseudo random number generator (PRNG).
'Due to a coding error in the FIPS self-test the auto-seeding never takes place,' Marquess wrote. 'That means that the PRNG key and seed used correspond to the last self-test. The FIPS PRNG gets additional seed data only from date-time information, so the generated random data is far more predictable than it should be.'
A subsequent OpenSSL version now undergoing FIPS testing does not contain this bug, Marquess said.
Despite the dilemma for federal users, Marquess said the decision to release the patches and announce the flaw is in the spirit of transparency that the open-source movement is expected to represent.
'We're doing what we think is right and would rather discuss it in public than try to hush it up,' he said.
William Jackson is a Maryland-based freelance writer.