Closed
Bug 1345089
(CVE-2017-5462)
Opened 7 years ago
Closed 7 years ago
DRBG addition is broken
Categories
(NSS :: Libraries, defect)
NSS
Libraries
Tracking
(firefox-esr4553+ fixed, firefox52 wontfix, firefox-esr5253+ fixed, firefox53+ fixed, firefox54 fixed, firefox55 fixed)
People
(Reporter: franziskus, Assigned: franziskus)
References
Details
(Keywords: sec-moderate, Whiteboard: [adv-main53+][adv-esr45.9+][adv-esr52.1+])
Attachments
(1 file)
5.17 KB,
text/plain
|
Details |
Addition in drbg.c for the internal state V doesn't correctly carry bits over. This was independently discovered by Vladimir Klebanov (Karlsruher Institute of Technology) and myself.
Assignee | ||
Comment 1•7 years ago
|
||
Adding NIST KAT tests and fixing the carry error. https://hg.mozilla.org/projects/nss/rev/6fafb8fd9ff4ea82725e5ade4453e205ecc48651
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Comment 2•7 years ago
|
||
Talked to Franziskus on IRC about this. It's likely to get backported to 3.30 as well before that goes final (which will then find its way into Fx54). It's less clear whether it'll get backported to 3.29 (Fx53) or 3.28 (ESR52) at this point.
status-firefox52:
--- → wontfix
status-firefox53:
--- → affected
status-firefox54:
--- → affected
status-firefox55:
--- → affected
status-firefox-esr45:
--- → wontfix
status-firefox-esr52:
--- → affected
Comment 3•7 years ago
|
||
I see this was checked in for 3.30: https://hg.mozilla.org/projects/nss/rev/a08fb7c8542c Changing NSS target milestone.
Target Milestone: 3.31 → 3.30
Updated•7 years ago
|
Group: crypto-core-security → core-security-release
Comment 4•7 years ago
|
||
Landed on the NSS 3.28.4 branch: https://hg.mozilla.org/projects/nss/rev/7248d38b76e5
Comment 5•7 years ago
|
||
This should be fixed in beta by the NSS upgrade in bug 1353740 (for the beta 10 build tomorrow)
Updated•7 years ago
|
tracking-firefox53:
--- → +
Updated•7 years ago
|
Updated•7 years ago
|
Alias: CVE-2017-5462
tracking-firefox-esr45:
--- → 53+
tracking-firefox-esr52:
--- → 53+
Whiteboard: [adv-main53+][adv-esr45.9+][adv-esr52.1+]
Updated•7 years ago
|
Keywords: sec-moderate
Updated•7 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•