ECH client - On HRR overwrites CHInner.random with CHOuter.random before sending CH2
Categories
(NSS :: Libraries, defect, P1)
Tracking
(firefox-esr91 disabled, firefox-esr102 disabled, firefox104 wontfix, firefox105 wontfix, firefox106 fixed)
People
(Reporter: lschwarz, Assigned: lschwarz)
References
(Blocks 1 open bug)
Details
(Keywords: sec-low, Whiteboard: [post-critsmash-triage][adv-main106-])
Attachments
(1 file)
(deleted),
text/x-phabricator-request
|
Details |
nightly-only
When NSS ECH client handles HRR it overwrites CHInner.random with CHOuter.random in tls13_MaybeHandleEchSignal() before sending CH2. CH2 therefore contains CHOuter and CHInner with equal random values.
The behavior was detected in BoringSSL test runner (bogo) handshake_server.go/decryptClientHello(). The function is called for all client ECH tests.
Updated•2 years ago
|
Assignee | ||
Comment 1•2 years ago
|
||
Depends on D151607
Updated•2 years ago
|
Comment 2•2 years ago
|
||
The severity field is not set for this bug.
:beurdouche, could you have a look please?
For more information, please visit auto_nag documentation.
Updated•2 years ago
|
Comment 3•2 years ago
|
||
There's a r+ patch which didn't land and no activity in this bug for 2 weeks.
:lschwarz, could you have a look please?
If you still have some work to do, you can add an action "Plan Changes" in Phabricator.
For more information, please visit auto_nag documentation.
Comment 4•2 years ago
|
||
Updated•2 years ago
|
Updated•2 years ago
|
Updated•2 years ago
|
Updated•2 years ago
|
Updated•2 years ago
|
Description
•