Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 30 Sep 2016 23:32:17 -0400 (EDT)
From: cve-assign@...re.org
To: michael.santillana@...ork.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, infosec@...ork.com
Subject: Re: CVE Request - Ruby OpenSSL Library - IV Reuse in GCM Mode

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> https://github.com/ruby/openssl/issues/49
> https://github.com/ruby/openssl/commit/8108e0a6db133f3375608303fdd2083eb5115062
> http://stackoverflow.com/questions/35991551
> https://github.com/attr-encrypted/attr_encrypted/issues/203
> https://github.com/attr-encrypted/encryptor/pull/22

> A developer that uses the code above may incorrectly assume that their code
> is secure from the pitfalls associated with IV reuse in aes-*-gcm, since
> the 'cipher.random_iv' method is used. According to the documentation, this
> should generate a random IV each time the encryption method is called.

> even though the random_iv method is called, the code is defaulting to
> a static IV.

>> Cipher#iv= does not preserve the IV in gctx->iv because gctx->key_set
>> is already set by the pre-initialization in Cipher#initialize, and the
>> subsequent call of Cipher#key= resets the IV to uninitialized (zeroed
>> by OPENSSL_zalloc() in EVP_CipherInit_ex()) gctx->iv.

Use CVE-2016-7798 for this issue in the openssl gem for Ruby. (Note
that https://github.com/ruby/openssl/blob/master/History.md describes
this as "openssl gem, formerly a standard library of Ruby,
ext/openssl.") The same CVE ID applies to the effects of this
vulnerability on the encryptor gem and the attr_encrypted gem.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJX7y3BAAoJEHb/MwWLVhi2y+AP/2aiU7pR293xXNVq9qmU0Rzi
9DuMjQ4w9XA97ngKxzqt+ehdfcQDI/ZkDf/bH24d3VF5wQWjW6VmQ7xFIcnGADj1
tPrl8RiiPP2d9vzNjihalCUDoQ5GpTsAM3GFylZa81mAFAQ76ZmoxHPCzd9yzWbc
u+r71UfcawiU67LTggIZP4ods8elCHMWFUPriWOML8uXDjYYlaUwWdip0jIsgqNC
S74Txv4GwhBtA+Pj/3Tsv9eXZ1OzcwoOa0c9rJYwlNRWUEQB5IX9sZSLN2SlTxcO
yf8VSXBCKqx+4/zJHTeeIVZvSt/4p9uGhJiHpLHaNyZicD7sYbKYDJuY+zaMYc5e
6r3QE1X5JT9zxjIVKYny0BcXnrSPBhp3is7orTDr0Uc26Hnn6jxraHwLlEBkF19f
GofQxRj3cLPrS7tChacYp7qYTvmahNaQZWC6ei76+ulZDkL28xkto0QWf8CNo2eX
x1nS0B1hDXwH314APoxY1+pKoHGFbXqAFE6yqhWB77SLZWYVlT4ixqvv7w/fIM7N
Me8bbpeC9e3o31tE4qv2fqvytOZw9h/LdTwoGBToWhfOkK7jGwOti8SE24pb2hOC
hx+G4eswZOiwkqJiU4gmN+eljOQwdUD92BzklwCxLA0V1D8KxSyILkWgEHgJMuL/
LkjwXsTybnRdUMr+IAVC
=FWLM
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.