2238677 – (CVE-2023-4421) CVE-2023-4421 nss: new tlsfuzzer code can still detect timing issues in RSA operations

Bug 2238677 (CVE-2023-4421) - CVE-2023-4421 nss: new tlsfuzzer code can still detect timing issues in RSA operations

Summary: CVE-2023-4421 nss: new tlsfuzzer code can still detect timing issues in RSA o...

Keywords:
Status:	NEW
Alias:	CVE-2023-4421
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2238706
Blocks:	2238675
TreeView+	depends on / blocked

Reported:	2023-09-13 06:31 UTC by Dhananjay Arunesh
Modified:	2023-10-25 12:53 UTC (History)
CC List:	11 users (show)
Fixed In Version:	nss 3.61
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Mozilla Foundation	1651411	0	P3	ASSIGNED	New tlsfuzzer code can still detect timing issues in RSA operations.	2023-10-10 11:25:47 UTC

Description Dhananjay Arunesh 2023-09-13 06:31:55 UTC

This patch defeats Bleichenbacher by not trying to hide the size of the
decrypted text, but to hide if the text succeeded for failed. This is done
by generating a fake returned text that's based on the key and the cipher text,
so the fake data is always the same for the same key and cipher text. Both the
length and the plain text are generated with a prf.

References:
https://hg.mozilla.org/projects/nss/rev/fc05574c739947d615ab0b2b2b564f01c922eccd

Comment 1 Dhananjay Arunesh 2023-09-13 09:41:03 UTC

Created nss tracking bugs for this issue:

Affects: fedora-all [bug 2238706]

Note You need to log in before you can comment on or make changes to this bug.