Closed Bug 52192 Opened 25 years ago Closed 25 years ago

arcfour is busted

Categories

(NSS :: Libraries, defect, P1)

Product:
NSS
Component:
Libraries
Platform:
x86
Linux
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: jgmyers, Assigned: bugz)

Details

Attachments

(1 file)

Proposed fix
1.82 KB, patch
Details | Diff | Splinter Review
The NSS tip compiled against the public arcfour cipher implementation does not ineteroperate with RC4. Running selfserv with either "-c c" or "-c f" and attempting to connect with Netscape 4.75 results in a bad MAC check on the first SSL record after the handshake completes. The logged "cleartext" form of that SSL record appears to be random data, not what the client would send.
Mcgreer wants this bug.
Assignee: wtc → mcgreer
Attached patch Proposed fixSplinter Review
Fix checked in.
Status: NEW → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Fix checked in
Priority: P3 → P1
Target Milestone: --- → 3.1
Now I understand why arcfour worked OK on NT, but not on Solaris, HPUX, Linux, or IRIX. The broken code was only used when CONVERT_TO_WORDS is defined, and it is not defined on NT. the symbol "i386" is defined for Linux/intel, but not for NT/intel/MSVC. For the latter, the symbol is "_X86_".
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: