Open Bug 1445511 Opened 7 years ago Updated 3 years ago

AES isn't clearing the key information in it's context when finished.

Tracking

(Not tracked)

Status:

NEW

People

(Reporter: rrelyea, Assigned: rrelyea)

Details

Robert Relyea

Assignee

Description

•

7 years ago

AES doesn't clear out the context data before it frees it in two places: AES_ContextDestroy in rijndael.c intel_AES_GCM_DestroyContext in intel-gcm-wrap.c

Franziskus Kiefer [:franziskus]

Updated

•

7 years ago

Priority: -- → P3

Daiki Ueno [:ueno]

Comment 1

•

7 years ago

The downstream bug has a patch which we include in RHEL-7: https://bugzilla.redhat.com/show_bug.cgi?id=1555108 Bob, do you agree to upstream it?

Flags: needinfo?(rrelyea)

Robert Relyea

Assignee

Comment 2

•

7 years ago

Yes, I'll take the bug.

Assignee: nobody → rrelyea

Flags: needinfo?(rrelyea)

QA Contact: franziskuskiefer

BMO Automation

Updated

•

3 years ago

Severity: normal → S3

You need to log in before you can comment on or make changes to this bug.

Bugzilla

AES isn't clearing the key information in it's context when finished.

Categories

(NSS :: Libraries, enhancement, P3)

Tracking

(Not tracked)

People

(Reporter: rrelyea, Assigned: rrelyea)

References

Details

Crash Data

Security

(public)

User Story

Description

Updated

Comment 1

Comment 2

Updated