oss-sec mailing list archives

Re: CVE for crypto_get_random() from libsrtp

From: Adam Maris <amaris () redhat com>
Date: Tue, 11 Aug 2015 09:51:50 +0200

Hello,

The weakest method it provides uses no encryption at all, just HMAC-SHA1with 80 bit authentication tag:

http://srtp.sourcearchive.com/documentation/1.4.2.dfsg/group__SRTP_g94d0056e812802ac2920aa474bc5b59b.html

Unless CVE is assigned, we don't plan to ship any patch at the moment.

Regards,

On 01/08/15 11:31, Michael Samuel wrote:

Hi,

I can't see any reference to it using 80 bits of random data - it looks
like it's AES-CTR mode.  Do you have further information on that?

That being said, I can see quite a few ways it can go wrong - it's doesn't
appear thread-safe for a start.  Is it worth taking a closer look or are
you planning on shipping the patch anyway?

Regards,
   Michael

On 31 July 2015 at 22:47, Adam Maris <amaris () redhat com> wrote:

Hello,

I've got question whether this bug (
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793971) is CVE-worthy?
Could it be classified as CWE-330: Use of Insufficiently Random Values?

According to the SRTP documentation (
http://srtp.sourcearchive.com/documentation/1.4.2.dfsg/group__SRTP_g1d4c228c6a58096dfab3cefbabd66f17.html),
it provides 80 bits of random data, which is quite a borderline.

Thanks.

--
Adam Maris / Red Hat Product Security


--
Adam Maris / Red Hat Product Security

Current thread:

CVE for crypto_get_random() from libsrtp Adam Maris (Jul 31)
- Re: CVE for crypto_get_random() from libsrtp Scott Arciszewski (Jul 31)
- Re: CVE for crypto_get_random() from libsrtp Michael Samuel (Aug 01)
  - Re: CVE for crypto_get_random() from libsrtp Adam Maris (Aug 11)
    - Re: CVE for crypto_get_random() from libsrtp Jeremy Stanley (Aug 11)
    - Re: CVE for crypto_get_random() from libsrtp Adam Maris (Aug 11)
    - Re: CVE for crypto_get_random() from libsrtp Jeremy Stanley (Aug 11)
    - Re: CVE for crypto_get_random() from libsrtp Michael Samuel (Aug 20)