Bug 1345089 (CVE-2017-5462)

DRBG addition is broken

RESOLVED FIXED in Firefox -esr45

Status

defect
RESOLVED FIXED
2 years ago
2 years ago

People

(Reporter: franziskus, Assigned: franziskus)

Tracking

({sec-moderate})

trunk
3.30
Dependency tree / graph

Firefox Tracking Flags

(firefox-esr4553+ fixed, firefox52 wontfix, firefox-esr5253+ fixed, firefox53+ fixed, firefox54 fixed, firefox55 fixed)

Details

(Whiteboard: [adv-main53+][adv-esr45.9+][adv-esr52.1+])

Attachments

(1 attachment)

Addition in drbg.c for the internal state V doesn't correctly carry bits over.

This was independently discovered by Vladimir Klebanov (Karlsruher Institute of Technology) and myself.
Adding NIST KAT tests and fixing the carry error.

https://hg.mozilla.org/projects/nss/rev/6fafb8fd9ff4ea82725e5ade4453e205ecc48651
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → FIXED
Talked to Franziskus on IRC about this. It's likely to get backported to 3.30 as well before that goes final (which will then find its way into Fx54). It's less clear whether it'll get backported to 3.29 (Fx53) or 3.28 (ESR52) at this point.
I see this was checked in for 3.30:
https://hg.mozilla.org/projects/nss/rev/a08fb7c8542c

Changing NSS target milestone.
Target Milestone: 3.31 → 3.30
Group: crypto-core-security → core-security-release
This should be fixed in beta by the NSS upgrade in bug 1353740 (for the beta 10 build tomorrow)
Alias: CVE-2017-5462
Whiteboard: [adv-main53+][adv-esr45.9+][adv-esr52.1+]
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.