MD2 produces wrong result
Categories
(NSS :: Libraries, defect, P2)
Tracking
(Not tracked)
People
(Reporter: guidovranken, Unassigned)
Details
(Whiteboard: [version: nss 3.49])
Attachments
(1 file)
|
1.84 KB,
text/x-c++src
|
Details |
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
Steps to reproduce:
#include <nss.h>
#include <nss/pk11pub.h>
#include <nss/nss.h>
#include <vector>
#include <optional>
#define CF_CHECK_EQ(expr, res) if ( (expr) != (res) ) { goto end; }
#define CF_CHECK_NE(expr, res) if ( (expr) == (res) ) { goto end; }
#define CF_CHECK_GT(expr, res) if ( (expr) <= (res) ) { goto end; }
#define CF_CHECK_GTE(expr, res) if ( (expr) < (res) ) { goto end; }
#define CF_CHECK_LT(expr, res) if ( (expr) >= (res) ) { goto end; }
#define CF_CHECK_LTE(expr, res) if ( (expr) > (res) ) { goto end; }
static std::vector<uint8_t> md2(std::vector<uint8_t> input) {
std::vector<uint8_t> ret;
unsigned char out[256];
PK11Context* ctx = nullptr;
/* Initialize */
{
CF_CHECK_NE(ctx = PK11_CreateDigestContext(SEC_OID_MD2), nullptr);
CF_CHECK_EQ(PK11_DigestBegin(ctx), SECSuccess);
}
/* Process */
#if !defined(CHUNKED)
CF_CHECK_EQ(PK11_DigestOp(ctx, input.data(), input.size()), SECSuccess);
#else
CF_CHECK_EQ(PK11_DigestOp(ctx, input.data(), 3), SECSuccess);
CF_CHECK_EQ(PK11_DigestOp(ctx, input.data() + 3, 5), SECSuccess);
CF_CHECK_EQ(PK11_DigestOp(ctx, input.data() + 3 + 5, 1), SECSuccess);
CF_CHECK_EQ(PK11_DigestOp(ctx, input.data() + 3 + 5 + 1, 1), SECSuccess);
#endif
/* Finalize */
{
unsigned int outlen;
CF_CHECK_EQ(PK11_DigestFinal(ctx, out, &outlen, sizeof(out)), SECSuccess);
ret = std::vector<uint8_t>(out, out + outlen);
}
end:
if ( ctx != nullptr ) {
PK11_DestroyContext(ctx, PR_TRUE);
}
return ret;
}
int main(void)
{
SECStatus rv = NSS_NoDB_Init(NULL);
if(rv != SECSuccess) {
abort();
}
std::vector<uint8_t> input = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
auto ret = md2(input);
for (size_t i = 0; i < ret.size(); i++) {
printf("%u\n", ret[i]);
}
return 0;
}
Actual results:
When compiled with -DCHUNKED:
67
41
18
248
18
24
185
51
223
76
245
147
31
16
34
20
Expected results:
112
60
218
149
146
155
21
253
181
198
84
230
33
154
164
159
|
Reporter | |
Comment 1•5 years ago
|
||
|
||
Comment 2•5 years ago
|
||
Confirmed, thank you for the report.
Does anyone know the status of MD2 deprecation efforts? Seems this started with bug 482882 (and more recent activity in bug 1526302 and bug 1529222).
|
|
Reporter | |
Comment 3•5 years ago
|
||
Kevin,
this was found with Cryptofuzz https://github.com/guidovranken/cryptofuzz which has found many bugs in cryptographic libraries in the past months.
Would you be interested in collaborating with me on finishing the NSS module (https://github.com/guidovranken/cryptofuzz/blob/master/modules/nss/module.cpp) for Cryptofuzz? I think NSS can greatly benefit from it. Once the module is finished, I can also add you as a recipient to the OSS-Fuzz Cryptofuzz project, so you'll receive notifications of new bugs.
Feel free to reach out to me privately.
|
|
||
Comment 4•5 years ago
|
||
Yes, definitely. I've recently performed similar fuzzing between OpenSSL/NSS, so I see the value in this methodology :).
I'll send you an email on this.
|
|
||
Comment 5•5 years ago
|
||
Bob, how long has MD2 been deprecated? Is this something that could be removed from NSS in the near future (either entirely, or via a build option)?
|
||
Comment 6•5 years ago
|
||
We'll need to turn it off for several releases first. We currently haven't accepted it for signatures for a very long time, unfortunately it wasn't completely disabled by bug 482882. That would be the first step.
|
||
Comment 7•5 years ago
|
||
Assigned bug 482882 for the next release. Marking this P2 to remind us to tackle it soon-ish, perhaps NSS 3.49 or NSS 3.50.
|
||
Updated•2 years ago
|
Description
•