798 bytes, text/x-csrc
mp_exptmod() will sometimes calculate wrong values. Example: (80^fc) mod 0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0EED0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F7C000000000000000000000000000000000000000000000000000000000000000000000000000000000000 I have attached a sample code showing that. Using first mp_expt and then mp_mod gives a different result than mp_exptmod. Should give the same result. As this is basically the "RSA-function" this may have security implications (but not sure, needs some skilled cryptographer to investigate whether this is exploitable in any way). (Found with afl by comparing openssl/nss results)
Flags: needinfo?(martin.thomson) → needinfo?(rlb)
I can't reproduce this, maybe it got somehow fixed already?
I just bisected which commit fixed this and it was this one: https://hg.mozilla.org/projects/nss/diff/a555bf0fc23a/lib/freebl/mpi/mpi.c This is the fix for bug #1190248 which was also reported by me. However in #1190248 we concluded that this likely is not a severe issue, which might be wrong. I'll comment there further.
can we close this one then? (I can't see bug 1190248)
Yes, I think we'll handle the issue in #1190248 (although I'd appreciate a bit more activity there).
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: CVE-2016-1938
You need to log in before you can comment on or make changes to this bug.