Closed Bug 1779370 Opened 2 years ago Closed 2 years ago

ECH client - On HRR overwrites CHInner.random with CHOuter.random before sending CH2

Categories

(NSS :: Libraries, defect, P1)

Product:
NSS
Component:
Libraries
Version:
3.80
Type:
defect

Tracking

(firefox-esr91 disabled, firefox-esr102 disabled, firefox104 wontfix, firefox105 wontfix, firefox106 fixed)

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
firefox-esr91 --- disabled
firefox-esr102 --- disabled
firefox104 --- wontfix
firefox105 --- wontfix
firefox106 --- fixed

People

(Reporter: lschwarz, Assigned: lschwarz)

References

(Blocks 1 open bug)

Details

(Keywords: sec-low, Whiteboard: [post-critsmash-triage][adv-main106-])

Attachments

(1 file)

Bug 1779370 - Added Bogo shim client HRR test support. Fixed overwriting of CHInner.random on HRR. r?djackson
48 bytes, text/x-phabricator-request
Details | Review

nightly-only

When NSS ECH client handles HRR it overwrites CHInner.random with CHOuter.random in tls13_MaybeHandleEchSignal() before sending CH2. CH2 therefore contains CHOuter and CHInner with equal random values.

The behavior was detected in BoringSSL test runner (bogo) handshake_server.go/decryptClientHello(). The function is called for all client ECH tests.

Group: crypto-core-security
Attachment #9285259 - Attachment description: Bug 1779370 - Added Bogo shim client HRR test suppoort. Fixed overwriting of CHInner.random on HRR. r?djackson → Bug 1779370 - Added Bogo shim client HRR test support. Fixed overwriting of CHInner.random on HRR. r?djackson
Blocks: ech

The severity field is not set for this bug.
:beurdouche, could you have a look please?

For more information, please visit auto_nag documentation.

Flags: needinfo?(bbeurdouche)
Severity: -- → S4
Flags: needinfo?(bbeurdouche)
Priority: -- → P1

There's a r+ patch which didn't land and no activity in this bug for 2 weeks.
:lschwarz, could you have a look please?
If you still have some work to do, you can add an action "Plan Changes" in Phabricator.
For more information, please visit auto_nag documentation.

Flags: needinfo?(lschwarz)
Flags: needinfo?(djackson)

https://hg.mozilla.org/projects/nss/rev/6723bd6cabcdcbe8d9494ccdfcd01e6b7a61e90c

Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Flags: needinfo?(lschwarz)
Flags: needinfo?(djackson)
Resolution: --- → FIXED
Group: crypto-core-security → core-security-release
status-firefox104: --- → wontfix
status-firefox105: --- → wontfix
status-firefox106: --- → fixed
status-firefox-esr102: --- → wontfix
status-firefox-esr91: --- → wontfix
Target Milestone: --- → 3.83
Flags: qe-verify-
Whiteboard: [post-critsmash-triage]
Whiteboard: [post-critsmash-triage] → [post-critsmash-triage][adv-main106-]
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: