oss-sec mailing list archives
Re: CVE for crypto_get_random() from libsrtp
From: Adam Maris <amaris () redhat com>
Date: Tue, 11 Aug 2015 09:51:50 +0200
Hello,The weakest method it provides uses no encryption at all, just HMAC-SHA1 with 80 bit authentication tag:
http://srtp.sourcearchive.com/documentation/1.4.2.dfsg/group__SRTP_g94d0056e812802ac2920aa474bc5b59b.html Unless CVE is assigned, we don't plan to ship any patch at the moment. Regards, On 01/08/15 11:31, Michael Samuel wrote:
Hi, I can't see any reference to it using 80 bits of random data - it looks like it's AES-CTR mode. Do you have further information on that? That being said, I can see quite a few ways it can go wrong - it's doesn't appear thread-safe for a start. Is it worth taking a closer look or are you planning on shipping the patch anyway? Regards, Michael On 31 July 2015 at 22:47, Adam Maris <amaris () redhat com> wrote:Hello, I've got question whether this bug ( https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793971) is CVE-worthy? Could it be classified as CWE-330: Use of Insufficiently Random Values? According to the SRTP documentation ( http://srtp.sourcearchive.com/documentation/1.4.2.dfsg/group__SRTP_g1d4c228c6a58096dfab3cefbabd66f17.html), it provides 80 bits of random data, which is quite a borderline. Thanks. -- Adam Maris / Red Hat Product Security
-- Adam Maris / Red Hat Product Security
Current thread:
- CVE for crypto_get_random() from libsrtp Adam Maris (Jul 31)
- Re: CVE for crypto_get_random() from libsrtp Scott Arciszewski (Jul 31)
- Re: CVE for crypto_get_random() from libsrtp Michael Samuel (Aug 01)
- Re: CVE for crypto_get_random() from libsrtp Adam Maris (Aug 11)
- Re: CVE for crypto_get_random() from libsrtp Jeremy Stanley (Aug 11)
- Re: CVE for crypto_get_random() from libsrtp Adam Maris (Aug 11)
- Re: CVE for crypto_get_random() from libsrtp Jeremy Stanley (Aug 11)
- Re: CVE for crypto_get_random() from libsrtp Adam Maris (Aug 11)
- Re: CVE for crypto_get_random() from libsrtp Michael Samuel (Aug 20)