Skip to content ↓ | Skip to navigation ↓

LibreSSL, which was forked from the OpenSSL project in the wake of Heartbleed, has recently been receiving attention due to a critical flaw of its own. Although the problem is not as severe on the scale of Heartbleed, it creates the potential that random number generation in LibreSSL could be undermined.

Security researcher and open source programmer Andrew Ayer detected the flaw, claiming the error could lead to a “catastrophic failure.” The LibreSSL portable 2.0.0 version was released as a preview for solicited testing and feedback only two days before the critical vulnerability was identified.

“After testing and examing the codebase, my feedback is that the LibreSSL PRNG is not robust on Linux and is less safe than the OpenSSL PRNG that it replaced,” said Ayer in a blog post.

Tripwire Security Researcher Craig Young said, “This flaw in LibreSSL highlights the difficulty of forking and refactoring a large complex codebase, such as OpenSSL. In this situation, the LibreSSL developers probably did not have complete awareness regarding why a particular function (RAND_poll) would need to explicitly re-seed the pseudo random number generator (PRNG).”

Young added that while this code may have been seen by the LibreSSL developers as extraneous, Ayer’s research shows that it did in fact have a security benefit. “Random number generation is crucial for an SSL implementation because it prevents adversaries from predicting keys needed to decrypt communication,” said Young.

Yet the flaw in LibreSSL is found to produce identical output two or more times when using the Linux system if an application is forked. In response to the vulnerability, OpenBSD has issued a patch for CVE-2014-2970 and also claimed the issue would “never happen in real code.”

In this case, the consequences are seen to be mild, since LibreSSL usage is currently not widespread and OpenSSL continues to be seen as the standard for many developers.

“It’s a lot like the Coke vs Pepsi battle,” said researcher Tyler Reguly. “The die-hards love their cola and won’t change. LibreSSL was already playing catch-up and now with these highly publicized flaw, they’ve increased the ground they need to make up.”

Critics believe that while this isn’t a death blow for LibreSSL, it’s certainly not a good start.

Read More Here…