wolfSSL RAND_bytes Predictability Vulnerability After fork()

A vulnerability exists in wolfSSL's OpenSSL compatibility layer, where the function RAND_poll() did not perform as intended. This issue can lead to predictable values from RAND_bytes() following a fork() operation, potentially allowing applications to generate weak or predictable random numbers. The vulnerability affects applications that explicitly call RAND_bytes() after fork(), while internal TLS operations remain unaffected. Although the RAND_bytes() documentation in OpenSSL warns against using it with fork() without first calling RAND_poll(), wolfSSL has implemented a code change to address this issue. The updated version of wolfSSL now reseeds the Hash-DRBG used after detecting a new process, ensuring better randomness. Users of wolfSSL who utilize RAND_bytes() and call fork() should update to the latest version.

Impact

The vulnerability can lead to the generation of weak or predictable random numbers in applications that use RAND_bytes() and perform fork() operations.

Remediation

Users are advised to update to the latest version of wolfSSL.