New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 769742 link

Starred by 2 users
Status: WontFix
Owner: ----
Closed: Jan 2018
Cc:
kjellander@chromium.org
emadomara@chromium.org
webrtc-network-bugs@google.com
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug-Security



Sign in to add a comment

libsrtp random source

Reported by iker.ech...@enigmedia.es, Sep 28 2017 
UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36

Steps to reproduce the problem:
1. look at the code in old libsrtp under chrome tree.
2. look at the code in the new libsrtp under chrome tree
3. see that there is no check for enough entropy

What is the expected behavior?
before using random number generators a seed has to be initialized to make sure there is enough entropy. libsrtp didn't use to do this while using openssl and now is even worse.

What went wrong?
VULNERABILITY DETAILS

I looked at various libsrtp sources under your tree.

At old libsrtp versions the file rand_source_ossl.c was used to generate ramdom numbers but it was not used well. In newer versions crypto/cipher/cipher.c uses rand() that is not cryptographically secure.

**Old:

"chromium / chromium / deps / libsrtp / srtp / crypto / rng /rand_source_ossl.c"

The function RAND_bytes from openssl is called but it can not be sure about the entropy pool of the system. Under some intel CPUs that is enough according to this: https://software.intel.com/en-us/articles/how-to-use-the-rdrand-engine-in-openssl-for-random-number-generation

but under other platforms I think RAND_seed() or RAND_add() should be called.

**new:

At:
libsrtp/crypto/cipher/cipher.c 

static srtp_err_status_t srtp_cipher_rand (void *dest, uint32_t len)

It uses rand_s() where available (windows) but it defaults to rand() under linux so in my opinion the new version is worse than the previous version using openssl.

Best regards,

Iker.

Did this work before? No 

Chrome version: 58.0.3029.110  Channel: n/a
OS Version: any
Flash Version:

Comment 1 by elawrence@chromium.org, Sep 28 2017

Cc: kjellander@chromium.org
Components: Blink>WebRTC

Comment 2 by infe...@chromium.org, Sep 29 2017

Labels: -Pri-2 Security_Impact-Stable Security_Severity-Low Pri-1
Owner: mattdr@chromium.org
Status: Assigned (was: Unconfirmed)
mattdr@, can you please take a look or find an owner for this.

Comment 3 by kjellander@chromium.org, Sep 29 2017

Components: -Blink>WebRTC Blink>WebRTC>Network
Owner: ----
Status: Untriaged (was: Assigned)
mattdr@ has left the team (and Google).

Comment 4 by kochi@chromium.org, Dec 12 2017

Owner: infe...@chromium.org
Status: Assigned (was: Untriaged)
inferno@ do you have any idea who else should own this?

Comment 5 by infe...@chromium.org, Jan 25 2018

Owner: ----
Status: Available (was: Assigned)
I have no clue.

Comment 6 by deadbeef@chromium.org, Jan 25 2018

Status: WontFix (was: Available)
It looks like this change was made here: https://github.com/cisco/libsrtp/commit/fb838419fa133be8140ed0c0a50fa305dfa0a671

With the explanation:

"Remove RNG since there is no longer a public API exposed to use the RNG

The RNG in libsrtp wasn't using a particularly good random source anyway. Downstream applications should use OpenSSL or some other random source that's compliant with SP-800-90."

This seems correct, as srtp_cipher_rand is only called by srtp_cipher_type_test. So, tentatively closing.
Project Member

Comment 7 by sheriffbot@chromium.org, May 4 2018

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment