Closed Bug 1369353 Opened 3 years ago Closed 3 years ago

Reject zero-length GCM IVs

Categories

(NSS :: Libraries, defect)

defect
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: ttaubert, Assigned: ttaubert)

References

Details

(Keywords: sec-low)

This doesn't affect TLS, it only affects software linking against NSS using AES-GCM (like Firefox w/ WebCrypto). The standard says that IVs have to be at least 1 bit long, but also says that usually lengths should be in bytes, so 1 byte.
https://hg.mozilla.org/projects/nss/rev/52737ed48f72
Status: ASSIGNED → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.32
Group: crypto-core-security → core-security-release
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.