Closed Bug 1826652 Opened 1 year ago Closed 1 year ago

infinite loop in RSA_PopulatePrivateKey

Categories

(NSS :: Libraries, defect, P3)

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: iaroslav.gridin, Assigned: iaroslav.gridin)

References

Details

Attachments

(2 files)

Attached file populate.c

Steps to reproduce:

Run RSA_PopulatePrivateKey with specific input (see attached file)

Actual results:

Code entered infinite loop

Expected results:

Populated private key or MP_BADARG returned.

Issue seemingly cannot be covered by blapi key population tests in their current form, as they don't read primes, but ACVP format test can reproduce it.

Attachment #9327222 - Attachment mime type: text/x-csrc → text/plain

An infinite loop isn't great, but I'm not sure how this is a security bug. Neither a client nor server application using NSS should be sending values like that (if they accept those they have bigger security problems).

Group: crypto-core-security
Assignee: nobody → iaroslav.gridin
Severity: -- → S3
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Priority: -- → P3
Blocks: 1750697

There is an r+ patch which didn't land and no activity in this bug for 2 weeks.
:iaroslav.gridin, could you have a look please?
If you still have some work to do, you can add an action "Plan Changes" in Phabricator.
For more information, please visit BugBot documentation.

Flags: needinfo?(nkulatova)
Flags: needinfo?(iaroslav.gridin)
Status: ASSIGNED → RESOLVED
Closed: 1 year ago
Flags: needinfo?(nkulatova)
Resolution: --- → FIXED
Flags: needinfo?(iaroslav.gridin)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: