{"id":62167,"date":"2022-12-29T00:13:20","date_gmt":"2022-12-29T08:13:20","guid":{"rendered":"https:\/\/www.rambus.com\/?page_id=62167"},"modified":"2023-07-07T15:27:31","modified_gmt":"2023-07-07T22:27:31","slug":"rmbs-2021-01","status":"publish","type":"page","link":"https:\/\/www.rambus.com\/security\/response-center\/advisories\/rmbs-2021-01\/","title":{"rendered":"SafeZone Basic Crypto Module, non-FIPS certified version"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-page\" data-elementor-id=\"62167\" class=\"elementor elementor-62167\" data-elementor-post-type=\"page\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-8d8116d elementor-section-stretched elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"8d8116d\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;stretch_section&quot;:&quot;section-stretched&quot;,&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-09cf00e\" data-id=\"09cf00e\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-2c3d135 elementor-widget elementor-widget-breadcrumbs\" data-id=\"2c3d135\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"breadcrumbs.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<p id=\"breadcrumbs\"><span><span><a href=\"https:\/\/www.rambus.com\/\">Home<\/a><\/span><\/span><\/p>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-6d168ab elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"6d168ab\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-5afecdf\" data-id=\"5afecdf\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-8cf175a elementor-widget elementor-widget-text-editor\" data-id=\"8cf175a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><strong>Rambus Security Vulnerability Disclosure: \u00a0SafeZone Bas<\/strong><strong>ic Crypto Module, non-FIPS certified version<\/strong><\/p><p><strong>Publish Date: March 1, 2022\u00a0<\/strong><\/p><p>Rambus Vulnerability ID: RMBS-2021-01<\/p><p><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-26320\">CVE ID: 2022-26320<\/a><\/p><p><strong>Background<\/strong><\/p><p>The SafeZone Crypto Libraries were developed by Inside Secure and were acquired by Rambus as part of an\u00a0<a href=\"https:\/\/www.rambus.com\/rambus-completes-acquisition-of-the-verimatrix-silicon-ip-secure-protocols-and-provisioning-business\/\">acquisition from Verimatrix<\/a>. There were both FIPS-certified and non-FIPS-certified versions of the SafeZone crypto libraries. The standalone non-FIPS-certified offering had been discontinued for new licenses, but Rambus continues to support existing customers of this product.<\/p><p>A security vulnerability has been identified in the non-FIPS-certified version of the crypto library in SafeZone as described below. A patch which remediates the vulnerability is available and has been distributed to existing customers that are affected by the vulnerability.<\/p><p><strong>\u201cSafeZone\u201d Product Status\u00a0<\/strong><\/p><table width=\"100%\"><tbody><tr><td width=\"25%\">Product Name<br \/>(Crypto Module)<\/td><td width=\"13%\">Affected by Vulnerability<\/td><td width=\"13%\">Affected Versions<\/td><td width=\"12%\">Available for Licensing<\/td><td width=\"13%\">Patch Available<\/td><\/tr><tr><td>SafeZone Crypto Libraries (Basic Crypto Module, non-FIPS certified)<\/td><td>Yes<\/td><td>9.3.x, 10.0.x, 10.1.x, 10.2.x, 10.3.x<\/td><td>No<\/td><td>Yes, all versions;<br \/>Also as part of SafeZone 10.4.0<\/td><\/tr><tr><td><a href=\"https:\/\/www.rambus.com\/security\/software-protocols\/iot-security-framework\/fips-security-tk\/\">FIPS Security Toolkit*<br \/>(FIPS 140-2 SW Crypto Module v1.2)<\/a><\/td><td>No<\/td><td>None<\/td><td>Yes<\/td><td>N\/A<\/td><\/tr><tr><td><a href=\"https:\/\/www.rambus.com\/security\/software-protocols\/iot-security-framework\/fips-security-tk\/\">FIPS Security Toolkit*<br \/>(FIPS 140-3 SW Crypto Module v2.0)<\/a><\/td><td>No<\/td><td>None<\/td><td>Yes<\/td><td>N\/A<\/td><\/tr><\/tbody><\/table><p><em>*SafeZone FIPS-certified versions\u00a0<\/em><em>are\u00a0<\/em><em>now offered as \u201cFIPS Security Toolkit\u201d by Rambus<\/em><\/p><p><img decoding=\"async\" src=\"https:\/\/www.rambus.com\/wp-content\/uploads\/2022\/12\/safezone.png\" alt=\"Figure 1. Only the SafeZone Basic Crypto Module is affected by the security vulnerability\" \/><\/p><p>Figure 1. Only the SafeZone Basic Crypto Module is affected by the security vulnerability<\/p><p><strong>Vulnerability<\/strong>\u00a0<strong>Description<\/strong><br \/>The speed-optimized, multi-threaded version of the RSA key generation function CLS_PK_KeyGenMT( ) used in the non-FIPS Basic Crypto Module may create weak RSA keys.<\/p><p>The vulnerability does not exist in the single-threaded version of the RSA key generation function CLS_PK_KeyGen_RSA( ).<\/p><p><strong>Impact<br \/><\/strong>The distance between the p and q values of the generated RSA key may not be sufficient which makes the key vulnerable to factorization attacks.<\/p><p><strong>Affected Versions<\/strong><\/p><p>SafeZone Crypto Libraries (Basic Crypto Module) versions: 9.3.x, 10.0.x, 10.1.x, 10.2.x, 10.3.x. the last update of version 10.3.x was June 2020.<\/p><p><strong>Unaffected Versions<\/strong><\/p><p>FIPS 140-2 and FIPS 140-3 SW Crypto Modules are unaffected.<\/p><p>SafeZone Crypto Libraries (Basic Crypto Module) versions: 10.4.0 is unaffected.<\/p><p><strong>Remediation<br \/><\/strong>Rambus provided a patch for all affected versions that modifies the CLS_PK_KeyGenMT( ) implementation in a way that ensures the distance between the p and q values is sufficient.<\/p><p><strong>Action Taken<\/strong><br \/>A customer notified Rambus of this issue on November 2, 2021. Rambus developed a patch and provided it to the affected customer within two weeks.<\/p><p>All other Rambus customers that may use the affected crypto library were provided with a patch on or before December 15, 2021.<\/p><p>More recently an \u2018advisory message\u2019 was provided to SafeZone customers with access to the Crypto Libraries to confirm that they are not affected by this vulnerability.<\/p><p><strong>Acknowledgement<\/strong><br \/>The vulnerability was found in a Rambus customer product. The vulnerability was reported to the customer by independent security researcher, Hanno B\u00f6ck, who was referred to the Rambus Security IP team.<\/p><p>For any inquiries, please\u00a0<a href=\"https:\/\/www.rambus.com\/contact\/\">contact<\/a>\u00a0Rambus.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Rambus Security Vulnerability Disclosure: \u00a0SafeZone Basic Crypto Module, non-FIPS certified version Publish Date: March 1, 2022\u00a0 Rambus Vulnerability ID: RMBS-2021-01 CVE ID: 2022-26320 Background The SafeZone Crypto Libraries were developed by Inside Secure and were acquired by Rambus as part of an\u00a0acquisition from Verimatrix. There were both FIPS-certified and non-FIPS-certified versions of the SafeZone crypto [&hellip;]<\/p>\n","protected":false},"author":6,"featured_media":0,"parent":62164,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"template-full.php","meta":{"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":"","_links_to":"","_links_to_target":""},"tags":[],"class_list":{"0":"post-62167","1":"page","2":"type-page","3":"status-publish","5":"entry"},"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.9 (Yoast SEO v26.9) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>SafeZone Basic Crypto Module, non-FIPS certified version - Rambus<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.rambus.com\/security\/response-center\/advisories\/rmbs-2021-01\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SafeZone Basic Crypto Module, non-FIPS certified version\" \/>\n<meta property=\"og:description\" content=\"Rambus Security Vulnerability Disclosure: \u00a0SafeZone Basic Crypto Module, non-FIPS certified versionPublish Date: March 1, 2022\u00a0Rambus Vulnerability ID:\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.rambus.com\/security\/response-center\/advisories\/rmbs-2021-01\/\" \/>\n<meta property=\"og:site_name\" content=\"Rambus\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/RambusInc\" \/>\n<meta property=\"article:modified_time\" content=\"2023-07-07T22:27:31+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.rambus.com\/wp-content\/uploads\/2022\/12\/safezone.png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@rambusinc\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.rambus.com\/security\/response-center\/advisories\/rmbs-2021-01\/\",\"url\":\"https:\/\/www.rambus.com\/security\/response-center\/advisories\/rmbs-2021-01\/\",\"name\":\"SafeZone Basic Crypto Module, non-FIPS certified version - Rambus\",\"isPartOf\":{\"@id\":\"https:\/\/www.rambus.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.rambus.com\/security\/response-center\/advisories\/rmbs-2021-01\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.rambus.com\/security\/response-center\/advisories\/rmbs-2021-01\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.rambus.com\/wp-content\/uploads\/2022\/12\/safezone.png\",\"datePublished\":\"2022-12-29T08:13:20+00:00\",\"dateModified\":\"2023-07-07T22:27:31+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.rambus.com\/security\/response-center\/advisories\/rmbs-2021-01\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.rambus.com\/security\/response-center\/advisories\/rmbs-2021-01\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.rambus.com\/security\/response-center\/advisories\/rmbs-2021-01\/#primaryimage\",\"url\":\"https:\/\/www.rambus.com\/wp-content\/uploads\/2022\/12\/safezone.png\",\"contentUrl\":\"https:\/\/www.rambus.com\/wp-content\/uploads\/2022\/12\/safezone.png\",\"width\":613,\"height\":258,\"caption\":\"Figure 1. Only the SafeZone Basic Crypto Module is affected by the security vulnerability\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.rambus.com\/security\/response-center\/advisories\/rmbs-2021-01\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.rambus.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security IP\",\"item\":\"https:\/\/www.rambus.com\/security\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Security Response Center\",\"item\":\"https:\/\/www.rambus.com\/security\/response-center\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Security Advisories\",\"item\":\"https:\/\/www.rambus.com\/security\/response-center\/advisories\/\"},{\"@type\":\"ListItem\",\"position\":5,\"name\":\"SafeZone Basic Crypto Module, non-FIPS certified version\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.rambus.com\/#website\",\"url\":\"https:\/\/www.rambus.com\/\",\"name\":\"Rambus\",\"description\":\"At Rambus, we create cutting-edge semiconductor and IP products, providing industry-leading chips and silicon IP to make data faster and safer.\",\"publisher\":{\"@id\":\"https:\/\/www.rambus.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.rambus.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.rambus.com\/#organization\",\"name\":\"Rambus\",\"url\":\"https:\/\/www.rambus.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.rambus.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.rambus.com\/wp-content\/uploads\/2025\/09\/Rambus_Logo.png\",\"contentUrl\":\"https:\/\/www.rambus.com\/wp-content\/uploads\/2025\/09\/Rambus_Logo.png\",\"width\":200,\"height\":62,\"caption\":\"Rambus\"},\"image\":{\"@id\":\"https:\/\/www.rambus.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/RambusInc\",\"https:\/\/x.com\/rambusinc\",\"https:\/\/www.linkedin.com\/company\/rambus\",\"https:\/\/www.youtube.com\/user\/RambusWeb\"],\"description\":\"Rambus is a provider of industry-leading chips and silicon IP.\",\"email\":\"ebiz@rambus.com\",\"telephone\":\"+1-408-462-8000\",\"legalName\":\"Rambus Inc.\",\"numberOfEmployees\":{\"@type\":\"QuantitativeValue\",\"minValue\":\"501\",\"maxValue\":\"1000\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"SafeZone Basic Crypto Module, non-FIPS certified version - Rambus","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.rambus.com\/security\/response-center\/advisories\/rmbs-2021-01\/","og_locale":"en_US","og_type":"article","og_title":"SafeZone Basic Crypto Module, non-FIPS certified version","og_description":"Rambus Security Vulnerability Disclosure: \u00a0SafeZone Basic Crypto Module, non-FIPS certified versionPublish Date: March 1, 2022\u00a0Rambus Vulnerability ID:","og_url":"https:\/\/www.rambus.com\/security\/response-center\/advisories\/rmbs-2021-01\/","og_site_name":"Rambus","article_publisher":"https:\/\/www.facebook.com\/RambusInc","article_modified_time":"2023-07-07T22:27:31+00:00","og_image":[{"url":"https:\/\/www.rambus.com\/wp-content\/uploads\/2022\/12\/safezone.png","type":"","width":"","height":""}],"twitter_card":"summary_large_image","twitter_site":"@rambusinc","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.rambus.com\/security\/response-center\/advisories\/rmbs-2021-01\/","url":"https:\/\/www.rambus.com\/security\/response-center\/advisories\/rmbs-2021-01\/","name":"SafeZone Basic Crypto Module, non-FIPS certified version - Rambus","isPartOf":{"@id":"https:\/\/www.rambus.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.rambus.com\/security\/response-center\/advisories\/rmbs-2021-01\/#primaryimage"},"image":{"@id":"https:\/\/www.rambus.com\/security\/response-center\/advisories\/rmbs-2021-01\/#primaryimage"},"thumbnailUrl":"https:\/\/www.rambus.com\/wp-content\/uploads\/2022\/12\/safezone.png","datePublished":"2022-12-29T08:13:20+00:00","dateModified":"2023-07-07T22:27:31+00:00","breadcrumb":{"@id":"https:\/\/www.rambus.com\/security\/response-center\/advisories\/rmbs-2021-01\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.rambus.com\/security\/response-center\/advisories\/rmbs-2021-01\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.rambus.com\/security\/response-center\/advisories\/rmbs-2021-01\/#primaryimage","url":"https:\/\/www.rambus.com\/wp-content\/uploads\/2022\/12\/safezone.png","contentUrl":"https:\/\/www.rambus.com\/wp-content\/uploads\/2022\/12\/safezone.png","width":613,"height":258,"caption":"Figure 1. Only the SafeZone Basic Crypto Module is affected by the security vulnerability"},{"@type":"BreadcrumbList","@id":"https:\/\/www.rambus.com\/security\/response-center\/advisories\/rmbs-2021-01\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.rambus.com\/"},{"@type":"ListItem","position":2,"name":"Security IP","item":"https:\/\/www.rambus.com\/security\/"},{"@type":"ListItem","position":3,"name":"Security Response Center","item":"https:\/\/www.rambus.com\/security\/response-center\/"},{"@type":"ListItem","position":4,"name":"Security Advisories","item":"https:\/\/www.rambus.com\/security\/response-center\/advisories\/"},{"@type":"ListItem","position":5,"name":"SafeZone Basic Crypto Module, non-FIPS certified version"}]},{"@type":"WebSite","@id":"https:\/\/www.rambus.com\/#website","url":"https:\/\/www.rambus.com\/","name":"Rambus","description":"At Rambus, we create cutting-edge semiconductor and IP products, providing industry-leading chips and silicon IP to make data faster and safer.","publisher":{"@id":"https:\/\/www.rambus.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.rambus.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.rambus.com\/#organization","name":"Rambus","url":"https:\/\/www.rambus.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.rambus.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.rambus.com\/wp-content\/uploads\/2025\/09\/Rambus_Logo.png","contentUrl":"https:\/\/www.rambus.com\/wp-content\/uploads\/2025\/09\/Rambus_Logo.png","width":200,"height":62,"caption":"Rambus"},"image":{"@id":"https:\/\/www.rambus.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/RambusInc","https:\/\/x.com\/rambusinc","https:\/\/www.linkedin.com\/company\/rambus","https:\/\/www.youtube.com\/user\/RambusWeb"],"description":"Rambus is a provider of industry-leading chips and silicon IP.","email":"ebiz@rambus.com","telephone":"+1-408-462-8000","legalName":"Rambus Inc.","numberOfEmployees":{"@type":"QuantitativeValue","minValue":"501","maxValue":"1000"}}]}},"_links":{"self":[{"href":"https:\/\/www.rambus.com\/wp-json\/wp\/v2\/pages\/62167","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.rambus.com\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.rambus.com\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.rambus.com\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.rambus.com\/wp-json\/wp\/v2\/comments?post=62167"}],"version-history":[{"count":0,"href":"https:\/\/www.rambus.com\/wp-json\/wp\/v2\/pages\/62167\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/www.rambus.com\/wp-json\/wp\/v2\/pages\/62164"}],"wp:attachment":[{"href":"https:\/\/www.rambus.com\/wp-json\/wp\/v2\/media?parent=62167"}],"wp:term":[{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.rambus.com\/wp-json\/wp\/v2\/tags?post=62167"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}