Bug 1324116 - Duplicate entries in a cipher suite table
Summary: Duplicate entries in a cipher suite table
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: nss
Version: 7.2
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: nss-nspr-maint
QA Contact: Hubert Kario
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-04-05 14:44 UTC by Elio Maldonado Batiz
Modified: 2016-12-01 13:05 UTC (History)
3 users (show)

Fixed In Version: nss-3.21.0-17.el7
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-11-04 03:57:11 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:2335 0 normal SHIPPED_LIVE nss bug fix update 2016-11-03 13:45:11 UTC

Description Elio Maldonado Batiz 2016-04-05 14:44:26 UTC 
Description of problem: 

In ssl3con.c there are two duplicates entries in this table
/* must use ssl_LookupCipherSuiteDef to access */
static const ssl3CipherSuiteDef cipher_suite_defs[] = ...
....
    {TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_rsa},
    {TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_ecdsa},
    {TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_rsa, prf_256},
    {TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_ecdsa, prf_256},
....

Notice that first and second entries match third and fourth, respectively, but are missing the last field. 

Version-Release number of selected component (if applicable): nss-3.21.1-6 and was already present on nss-3.19.1-19.el7_2

How reproducible: Always

Steps to Reproduce: 
I'll copy from https://bugzilla.redhat.com/show_bug.cgi?id=1310581#c12
where it was originally reported


I have found spurious, duplacate, entries in the cipher_suite_defs[] array.

$ cd nss-3.21.0/nss/lib/ssl/

$ grep -c "{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, cipher_" ssl3con.c
2 

$ grep "{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, cipher_" ssl3con.c
    {TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_rsa},
    {TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_rsa, prf_256},

The second is correct.

$ grep -c "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, cipher_" ssl3con.c
2

[emaldona@dhcp-16-216 ssl]$ grep "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, cipher_" ssl3con.c
    {TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_ecdsa},
    {TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_ecdsa, prf_256},

The second is correct.

In each case the first is missing the last field. 

Additional info: 

Though the flaw hasn't caused  problems yet, having entries with an uninitialized prf has the potential for random failures. 

The fix https://bugzilla.redhat.com/attachment.cgi?id=1143400
has been reviewed, approved, committed, and build as nss-3.21.0-7.el7_2
https://brewweb.engineering.redhat.com/brew/buildinfo?buildID=488608
Comment 13 errata-xmlrpc 2016-11-04 03:57:11 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2335.html
Note You need to log in before you can comment on or make changes to this bug.