Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE Request: static IV used in Percona XtraBackup
From: Florian Weimer <fweimer () redhat com>
Date: Tue, 26 Nov 2013 19:17:40 +0100

On 11/26/2013 11:52 AM, Marcus Meissner wrote:
Hi,

This came to our desk:
https://bugzilla.novell.com/show_bug.cgi?id=852224
https://bugs.launchpad.net/percona-xtrabackup/+bug/1185343

constant IV used in CTR Mode, allowing plaintext retrieval
attacks.

Is suppose this is part of the fix.

+void
+xb_crypt_init_iv()
+{
+       uint seed = time(NULL);
+       srandom(seed);
+}
+
+void
+xb_crypt_create_iv(void* ivbuf, size_t ivlen)
+{
+       size_t i;
+       ulong rndval;
+
+       for (i = 0; i < ivlen; i++) {
+               if (i % 4 == 0) {
+                       rndval = (ulong) random();
+               }
+               ((uchar*)ivbuf)[i] = ((uchar*)&rndval)[i % 4];
+       }
+}

This still risks keystream reuse because time() is fairly coarse.

What's worse, on 64-bit big-endian architectures, it results in a constant zero IV because RAND_MAX is not large enough to reach the upper 32 bits in the first four bytes of the rndval variable.

--
Florian Weimer / Red Hat Product Security Team


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]