Closed
Bug 1369353
Opened 7 years ago
Closed 7 years ago
Reject zero-length GCM IVs
Categories
(NSS :: Libraries, defect)
NSS
Libraries
Tracking
(Not tracked)
RESOLVED
FIXED
3.32
People
(Reporter: ttaubert, Assigned: ttaubert)
References
Details
(Keywords: sec-low)
This doesn't affect TLS, it only affects software linking against NSS using AES-GCM (like Firefox w/ WebCrypto). The standard says that IVs have to be at least 1 bit long, but also says that usually lengths should be in bytes, so 1 byte.
Assignee | ||
Comment 1•7 years ago
|
||
https://nss-review.dev.mozaws.net/D340
Assignee | ||
Comment 2•7 years ago
|
||
https://hg.mozilla.org/projects/nss/rev/52737ed48f72
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.32
Updated•7 years ago
|
Group: crypto-core-security → core-security-release
Updated•5 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•