“Catastrophic” Flaw In LibreSSL Found And Fixed

Open source programmer Andrew Ayer discovered a flaw in the recently released LibreSSL portable encryption library that could lead to what he called a “catastrophic failure”. LibreSSL is a fork of OpenSSL designed to be more secure than its predecessor.

The vulnerability affected the Pseudo Random Number Generator (PRNG) on Linux systems. In a very specific scenario, PRNG could generate identical numbers – something that would not happen with OpenSSL in the same scenario.

Ayer warned that “attackers often find extremely creative ways to manufacture scenarios favorable for attacks, even when those scenarios are unlikely to occur under normal circumstances.”

LibreSSL is produced by developers within the OpenBSD project, and OpenBSD founder Theo de Raadt dismissed the threat in an email to Ars Technica. “It is way overblown. This will never happen in real code,” said the notable computer scientist.

Nevertheless, OpenBSD has issued a patch.

Part of the process

LibreSSL portable 2.0.0, a preview version which can now run on several operating systems including some Linux distributions, was released by OpenBSD Foundation just two days before the vulnerability was discovered.

It was envisioned as an alternative to OpenSSL, the world’s most popular encryption library which received a lot of negative press after security researchers discovered ‘Heartbleed’, a serious vulnerability that was hiding in its code for over two years. OpenSSL was criticised at the time as an underfinanced project with “bloated” code.

LibreSSL is much lighter and “cleaner” than its long-suffering parent – for example it doesn’t contain compatibility code for obsolete operating systems like OS/2. However, it has emerged that it did contain a vulnerability that could allow the PRNG to produce several identical numbers in a short period of time.

“The problem is that LibreSSL provides no way to safely use the PRNG after a fork,” wrote Ayer.

Despite some initial scepticism, OpenBSD has committed a fix to the LibreSSL code, and indeed, the library is at a stage where it welcomes feedback and suggestions.

Ayer called it a step in the right direction, but said the solution could be improved.

“I still wish that LibreSSL would, in addition to implementing this solution, just expose an explicit way for the programmer to reseed the PRNG when unusual circumstances require it. This is particularly important since OpenSSL provides this facility and LibreSSL is meant to be a drop-in OpenSSL replacement.”

“I really appreciate the work the LibreSSL devs are doing, especially their willingness to solicit feedback from the community and act on it,” he added.

What do you know about open source? Take our quiz!

Max Smolaks

Max 'Beast from the East' Smolaks covers open source, public sector, startups and technology of the future at TechWeekEurope. If you find him looking lost on the streets of London, feed him coffee and sugar.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago