Closed Bug 1345089 (CVE-2017-5462) Opened 3 years ago Closed 3 years ago

DRBG addition is broken

Categories

(NSS :: Libraries, defect)

defect
Not set

Tracking

(firefox-esr4553+ fixed, firefox52 wontfix, firefox-esr5253+ fixed, firefox53+ fixed, firefox54 fixed, firefox55 fixed)

RESOLVED FIXED
Tracking Status
firefox-esr45 53+ fixed
firefox52 --- wontfix
firefox-esr52 53+ fixed
firefox53 + fixed
firefox54 --- fixed
firefox55 --- fixed

People

(Reporter: franziskus, Assigned: franziskus)

References

Details

(Keywords: sec-moderate, Whiteboard: [adv-main53+][adv-esr45.9+][adv-esr52.1+])

Attachments

(1 file)

Addition in drbg.c for the internal state V doesn't correctly carry bits over.

This was independently discovered by Vladimir Klebanov (Karlsruher Institute of Technology) and myself.
Adding NIST KAT tests and fixing the carry error.

https://hg.mozilla.org/projects/nss/rev/6fafb8fd9ff4ea82725e5ade4453e205ecc48651
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Blocks: 1334127
Talked to Franziskus on IRC about this. It's likely to get backported to 3.30 as well before that goes final (which will then find its way into Fx54). It's less clear whether it'll get backported to 3.29 (Fx53) or 3.28 (ESR52) at this point.
Blocks: 1344368
I see this was checked in for 3.30:
https://hg.mozilla.org/projects/nss/rev/a08fb7c8542c

Changing NSS target milestone.
Target Milestone: 3.31 → 3.30
Group: crypto-core-security → core-security-release
Blocks: 1353740
Blocks: 1353748
This should be fixed in beta by the NSS upgrade in bug 1353740 (for the beta 10 build tomorrow)
Alias: CVE-2017-5462
Whiteboard: [adv-main53+][adv-esr45.9+][adv-esr52.1+]
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.