Security: Merge CVE-2017-3738 fix to M64. |
|||||||||
Issue descriptionThis template is ONLY for reporting security bugs. If you are reporting a Download Protection Bypass bug, please use the "Security - Download Protection" template. For all other reports, please use a different template. Please READ THIS FAQ before filing a bug: https://chromium.googlesource.com /chromium/src/+/master/docs/security/faq.md Please see the following link for instructions on filing security bugs: https://www.chromium.org/Home/chromium-security/reporting-security-bugs NOTE: Security bugs are normally made public once a fix has been widely deployed. VULNERABILITY DETAILS Please provide a brief explanation of the security issue. OpenSSL released an advisory here with a bug in their RSA code, CVE-2017-3738: https://www.openssl.org/news/secadv/20171207.txt This affects our code on all processors which support AVX2. Of the affected algorithms (RSA, FFDH, DSA), only RSA is used by Chrome. Specifically, RSA-2048 keys are affected. It's true that, as upstream wrote in their advisory, the obvious attacks are mitigated by the RSA anti-glitching countermeasures, but we are less sanguine than OpenSSL about the possibility of obtaining a Bleichenbacher-like oracle using this bug. Chrome, being a client, does not handle private keys very much, so this is pretty minor for Chrome: WebCrypto allows web applications to generate and use origin-specific RSA private keys. Depending on how the application uses the RSA key, it could be affected. (Signing is unlikely to be able to expose the oracle, if one exists, but decryption would if repeated attacker-controlled inputs are allowed.) WebRTC can be configured to generate RSA-2048 keys (the bug does not affect RSA keys of other sizes), but they default to ECDSA now and previously defaulted to RSA-1024, which is unaffected. A web application that explicitly generated RSA-2048 keys and reused them would be affected by any oracles exposed by this bug because WebRTC in Chrome has not turned off static RSA yet (it really really should...). https://developers.google.com/web/updates/2016/06/webrtc-ecdsa Client certificates are not affected as those call out to the OS crypto implementations. Thus we don't think it warrants an M63 post-stable merge. We would like to request an M64 merge however, as that has only just branched. I've added the Merge-Request-64 tag here. The fix rolled into Chromium in https://chromium-review.googlesource.com/c/chromium/src/+/814237, which just landed. I will defer merging until next Monday, so the change will have had some time to bake on canary first. VERSION Chrome Version: all recent Operating System: all
,
Dec 8 2017
Please mark security bugs as fixed as soon as the fix lands, and before requesting merges. This update is based on the merge- labels applied to this issue. Please reopen if this update was incorrect. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Dec 8 2017
Please add affected OSs.
,
Dec 8 2017
,
Dec 8 2017
Your change meets the bar and is auto-approved for M64. Please go ahead and merge the CL to branch 3282 manually. Please contact milestone owner if you have questions. Owners: cmasso@(Android), cmasso@(iOS), kbleicher@(ChromeOS), abdulsyed@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Dec 9 2017
,
Dec 11 2017
The NextAction date has arrived: 2017-12-11
,
Dec 11 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/f01cb1d361f161f214e9e5b4bb1e94685bdee41c commit f01cb1d361f161f214e9e5b4bb1e94685bdee41c Author: David Benjamin <davidben@chromium.org> Date: Mon Dec 11 20:11:06 2017 Chromium-side changes for BoringSSL cherry-pick. BoringSSL cherry-picks a little complex due to generated files spanning two repositories. (We'll need to come up with a better story here...) This is the result of running generate_build_files.py at this revision: https://boringssl.googlesource.com/boringssl/+/a20bb7ff8bb5057065a2e7941249773f9676cf45 Conveniently, all affected files in this commit are Chromium-side, but I'll do a DEPS update too, just to keep it all in sync. Bug: 793030 Change-Id: I600a2295235e3c4d5dcaef502f8c3cad3d3d2219 Reviewed-on: https://chromium-review.googlesource.com/820333 Reviewed-by: Steven Valdez <svaldez@chromium.org> Cr-Commit-Position: refs/branch-heads/3282@{#145} Cr-Branched-From: 5fdc0fab22ce7efd32532ee989b223fa12f8171e-refs/heads/master@{#520840} [modify] https://crrev.com/f01cb1d361f161f214e9e5b4bb1e94685bdee41c/third_party/boringssl/crypto_test_data.cc [modify] https://crrev.com/f01cb1d361f161f214e9e5b4bb1e94685bdee41c/third_party/boringssl/linux-x86_64/crypto/fipsmodule/rsaz-avx2.S [modify] https://crrev.com/f01cb1d361f161f214e9e5b4bb1e94685bdee41c/third_party/boringssl/mac-x86_64/crypto/fipsmodule/rsaz-avx2.S [modify] https://crrev.com/f01cb1d361f161f214e9e5b4bb1e94685bdee41c/third_party/boringssl/win-x86_64/crypto/fipsmodule/rsaz-avx2.asm
,
Dec 12 2017
The following revision refers to this bug: https://chrome-internal.googlesource.com/chrome/tools/buildspec/+/87c3a458e0b8cb3c734bc51c4d53cbabcefb7eac commit 87c3a458e0b8cb3c734bc51c4d53cbabcefb7eac Author: David Benjamin <davidben@google.com> Date: Tue Dec 12 22:11:59 2017
,
Dec 12 2017
(The merge is done now.)
,
Jan 22 2018
,
Mar 16 2018
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Mar 27 2018
|
|||||||||
►
Sign in to add a comment |
|||||||||
Comment 1 by elawrence@chromium.org
, Dec 7 2017