OpenSSL Security Advisory [29-Nov-2007] OpenSSL FIPS Object Module Vulnerabilities ------------------------------------------ A significant flaw in the PRNG implementation for the OpenSSL FIPS Object Module v1.1.1 (https://www.openssl.org/source/openssl-fips-1.1.1.tar.gz, FIPS 140-2 validation certificate #733, http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#733) has been reported by Geoff Lowe of Secure Computing Corporation. Due to a coding error in the FIPS self-test the auto-seeding never takes place. That means that the PRNG key and seed used correspond to the last self-test. The FIPS PRNG gets additional seed data only from date-time information, so the generated random data is far more predictable than it should be, especially for the first few calls. This vulnerability is tracked as CVE-2007-5502. Versions Affected ----------------- OpenSSL FIPS Object Module v1.1.1 only. Only those applications using this specific version of the OpenSSL FIPS Object Module which enter FIPS mode are affected. Applications which do not enter FIPS mode or which use any other version of OpenSSL are not affected. The OpenSSL FIPS Object Module v1.2 now undergoing validation testing is not affected. Recommendations --------------- Wait for official approval of a patched distribution. For reference purposes the patches https://www.openssl.org/news/patch-CVE-2007-5502-1.txt (the simplest direct fix) and: https://www.openssl.org/news/patch-CVE-2007-5502-2.txt (a workaround which avoids touching the PRNG code directly) demonstrate two different fixes that independently address the vulnerability. However, for FIPS 140-2 validated software no changes are permitted without prior official approval so these patches cannot be applied to the v1.1.1 distribution for the purposes of producing a validated module. The vendor of record for the FIPS validation, the Open Source Software Institute (OSSI), has supplied the information needed for a "letter change" update request based on the latter of these two patches to the FIPS 140-2 test lab to be submitted for official approval. Once (and if) approved the new distribution containing this patch will be posted as https://www.openssl.org/source/openssl-fips-1.1.2.tar.gz. The timeline for this approval is presently unknown.