OpenSSL fixes bug, gets dissed by German gov: That's so random ... not
Code review highlights problematic RNG
Days after fixing a rare but dangerous key recovery attack, the developers of OpenSSL have been dealt a fresh blow with a poor review of the technology from a German government agency.
An extensive security study and code review on OpenSSL by Sirrix AG (and sponsored by the BSI (Bundesamt für Sicherheit in der Informationstechnik, a German federal government agency)1 returned multiple problems in the software. The report (German language original and official English language summary) highlights multiple issues with the RNG (Random Number Generator, a core component of crypto systems) and compiler flags.
Publication of the BSI’s criticism comes days after OpenSSL maintainers released a pair of patches, resolving a dangerous but uncommon bug that might allow HTTPS-protected comms to be de-cloaked while also hardening servers against forced downgrade attacks.
Not good, but trivial compared to the infamous Heartbleed attack of April 2014.
The Heartbleed bug meant attackers could read the memory of the systems protected by the vulnerable versions of OpenSSL software. Anything in memory – SSL private keys, user keys, and more – was left vulnerable, so it’s little wonder that security experts such as Bruce Schneier described the bug as catastrophic.
According to some recent estimates two thirds of all web servers use OpenSSL, so the technology is hugely important to the smooth running of the internet. Despite this the project is chaperoned by just a small team of around a dozen developers, mostly volunteers. Heartbleed created a huge security flap but it did at least prompt (overdue) efforts to review and improve the security of OpenSSL.
For example, an audit of OpenSSL by the Linux Foundation’s Core Infrastructure Initiative began last year. Late last year politicians in the Netherlands agreed to allocate €500,000 towards a range of projects aimed at improving data encryption, part of which was earmarked for improving OpenSSL.
The weeks after Heartbleed saw OpenBSD founder Theo De Raadt creating a fork in the form of LibreSSL project. Weeks later in June 2014 the OpenSSL team admitted that its current source code tree was a mess and its associated documentation poor. There was also an absence of code reviews at the time, a shortcoming the BSI-sponsored exercise will go some way towards resolving.
1The BSI investigates security risks associated with the use of IT and develops preventive security measures.