oss-sec mailing list archives
Re: CVE Request - Ruby OpenSSL Library - IV Reuse in GCM Mode
From: cve-assign () mitre org
Date: Fri, 30 Sep 2016 23:32:17 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
https://github.com/ruby/openssl/issues/49 https://github.com/ruby/openssl/commit/8108e0a6db133f3375608303fdd2083eb5115062 http://stackoverflow.com/questions/35991551 https://github.com/attr-encrypted/attr_encrypted/issues/203 https://github.com/attr-encrypted/encryptor/pull/22
A developer that uses the code above may incorrectly assume that their code is secure from the pitfalls associated with IV reuse in aes-*-gcm, since the 'cipher.random_iv' method is used. According to the documentation, this should generate a random IV each time the encryption method is called.
even though the random_iv method is called, the code is defaulting to a static IV.
Cipher#iv= does not preserve the IV in gctx->iv because gctx->key_set is already set by the pre-initialization in Cipher#initialize, and the subsequent call of Cipher#key= resets the IV to uninitialized (zeroed by OPENSSL_zalloc() in EVP_CipherInit_ex()) gctx->iv.
Use CVE-2016-7798 for this issue in the openssl gem for Ruby. (Note that https://github.com/ruby/openssl/blob/master/History.md describes this as "openssl gem, formerly a standard library of Ruby, ext/openssl.") The same CVE ID applies to the effects of this vulnerability on the encryptor gem and the attr_encrypted gem. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJX7y3BAAoJEHb/MwWLVhi2y+AP/2aiU7pR293xXNVq9qmU0Rzi 9DuMjQ4w9XA97ngKxzqt+ehdfcQDI/ZkDf/bH24d3VF5wQWjW6VmQ7xFIcnGADj1 tPrl8RiiPP2d9vzNjihalCUDoQ5GpTsAM3GFylZa81mAFAQ76ZmoxHPCzd9yzWbc u+r71UfcawiU67LTggIZP4ods8elCHMWFUPriWOML8uXDjYYlaUwWdip0jIsgqNC S74Txv4GwhBtA+Pj/3Tsv9eXZ1OzcwoOa0c9rJYwlNRWUEQB5IX9sZSLN2SlTxcO yf8VSXBCKqx+4/zJHTeeIVZvSt/4p9uGhJiHpLHaNyZicD7sYbKYDJuY+zaMYc5e 6r3QE1X5JT9zxjIVKYny0BcXnrSPBhp3is7orTDr0Uc26Hnn6jxraHwLlEBkF19f GofQxRj3cLPrS7tChacYp7qYTvmahNaQZWC6ei76+ulZDkL28xkto0QWf8CNo2eX x1nS0B1hDXwH314APoxY1+pKoHGFbXqAFE6yqhWB77SLZWYVlT4ixqvv7w/fIM7N Me8bbpeC9e3o31tE4qv2fqvytOZw9h/LdTwoGBToWhfOkK7jGwOti8SE24pb2hOC hx+G4eswZOiwkqJiU4gmN+eljOQwdUD92BzklwCxLA0V1D8KxSyILkWgEHgJMuL/ LkjwXsTybnRdUMr+IAVC =FWLM -----END PGP SIGNATURE-----
Current thread:
- CVE Request - Ruby OpenSSL Library - IV Reuse in GCM Mode Mike Santillana (Sep 19)
- Re: CVE Request - Ruby OpenSSL Library - IV Reuse in GCM Mode Seth Arnold (Sep 19)
- Re: CVE Request - Ruby OpenSSL Library - IV Reuse in GCM Mode Mike Santillana (Sep 19)
- Re: CVE Request - Ruby OpenSSL Library - IV Reuse in GCM Mode Brandon Perry (Sep 19)
- Re: CVE Request - Ruby OpenSSL Library - IV Reuse in GCM Mode Reed Loden (Sep 19)
- Re: CVE Request - Ruby OpenSSL Library - IV Reuse in GCM Mode Mike Santillana (Sep 19)
- Re: CVE Request - Ruby OpenSSL Library - IV Reuse in GCM Mode Mike Santillana (Sep 30)
- Re: CVE Request - Ruby OpenSSL Library - IV Reuse in GCM Mode Mike Santillana (Sep 19)
- Re: CVE Request - Ruby OpenSSL Library - IV Reuse in GCM Mode cve-assign (Sep 30)
- Re: CVE Request - Ruby OpenSSL Library - IV Reuse in GCM Mode Seth Arnold (Sep 19)