oss-sec mailing list archives
Re: CVE Request: static IV used in Percona XtraBackup
From: Florian Weimer <fweimer () redhat com>
Date: Tue, 26 Nov 2013 19:17:40 +0100
On 11/26/2013 11:52 AM, Marcus Meissner wrote:
Hi, This came to our desk: https://bugzilla.novell.com/show_bug.cgi?id=852224 https://bugs.launchpad.net/percona-xtrabackup/+bug/1185343 constant IV used in CTR Mode, allowing plaintext retrieval attacks.
Is suppose this is part of the fix. +void +xb_crypt_init_iv() +{ + uint seed = time(NULL); + srandom(seed); +} + +void +xb_crypt_create_iv(void* ivbuf, size_t ivlen) +{ + size_t i; + ulong rndval; + + for (i = 0; i < ivlen; i++) { + if (i % 4 == 0) { + rndval = (ulong) random(); + } + ((uchar*)ivbuf)[i] = ((uchar*)&rndval)[i % 4]; + } +} This still risks keystream reuse because time() is fairly coarse.What's worse, on 64-bit big-endian architectures, it results in a constant zero IV because RAND_MAX is not large enough to reach the upper 32 bits in the first four bytes of the rndval variable.
-- Florian Weimer / Red Hat Product Security Team
Current thread:
- CVE Request: static IV used in Percona XtraBackup Marcus Meissner (Nov 26)
- Re: CVE Request: static IV used in Percona XtraBackup Kurt Seifried (Nov 26)
- Re: CVE Request: static IV used in Percona XtraBackup P J P (Nov 27)
- Re: CVE Request: static IV used in Percona XtraBackup Florian Weimer (Nov 26)
- Re: CVE Request: static IV used in Percona XtraBackup Michael Samuel (Nov 26)
- Re: CVE Request: static IV used in Percona XtraBackup Kurt Seifried (Nov 26)