Vulnerability in FIPS OpenSSL module
The developers of OpenSSL have published a security advisory pointing out a coding error in FIPS Object Module v1.1.1. Due to this error in the FIPS self-test there is no auto-seeding. This could, for example, result in the seed of the last self-test being used for creating subsequent pseudorandom numbers, making the generated random numbers more predictable than they should be.
What further complicates matters is that, although the developers have released two patches consisting of a few lines each, due to FIPS certification these patches cannot simply be installed by users. Installing the patches would invalidate the module's certification and would therefore prevent, for example, government bodies from using it.
In March 2006, OpenSSL was among the first open source components to be tested for compliance with the Federal Information Processing Standard (FIPS) by the National Institute of Standards and Technology (NIST) as part of the Computer Module Validation Program (CMVP). It was certified according to FIPS-140-2. This allowed OpenSSL to be used for unclassified but sensitive data in government departments and organisations. The new patch has been submitted for certification, but it is unclear when it will be approved. FIPS Object Module v1.2 does not appear to contain the flaw, but is currently still being validated. Applications which don't use FIPS mode are not affected by the problem.
The last few months have seen an increasing number of flaws found in the pseudorandom number generators (PRNGs) of various vendors. Only recently, Microsoft admitted to guessable random numbers in Windows XP and Windows 2000. Before that, a PRNG design flaw in the BIND8 and 9 name servers resulted in predictable transaction IDs.
- OpenSSL FIPS Object Module Vulnerabilities, OpenSSL security advisory