From 2ed3d453e9f761203e2c29d9f9f35e43cb160dd2 Mon Sep 17 00:00:00 2001 From: Bob Relyea Date: Thu, 16 Mar 2023 12:53:52 -0700 Subject: [PATCH] Related: rhbz#2174613 Fix regression issue in FIPS mode. We need to return a non-locking return code if the user supplied DH parameters are invalid, rather than a blocking code we return if the underlying NSS math engine blows up. --- nss-3.79-fips-review.patches | 27 ++++++++++++++++----------- nss.spec | 7 ++++++- 2 files changed, 22 insertions(+), 12 deletions(-) diff --git a/nss-3.79-fips-review.patches b/nss-3.79-fips-review.patches index 0ce4f88..9b8e875 100644 --- a/nss-3.79-fips-review.patches +++ b/nss-3.79-fips-review.patches @@ -1,6 +1,6 @@ diff -up ./lib/freebl/dh.c.fips-review ./lib/freebl/dh.c --- ./lib/freebl/dh.c.fips-review 2022-05-26 02:54:33.000000000 -0700 -+++ ./lib/freebl/dh.c 2023-03-07 16:54:47.920359716 -0800 ++++ ./lib/freebl/dh.c 2023-03-16 11:54:37.839935303 -0700 @@ -445,7 +445,7 @@ cleanup: PRBool KEA_Verify(SECItem *Y, SECItem *prime, SECItem *subPrime) @@ -50,8 +50,8 @@ diff -up ./lib/freebl/dh.c.fips-review ./lib/freebl/dh.c MP_TO_SEC_ERROR(err); return PR_FALSE; diff -up ./lib/softoken/pkcs11c.c.fips-review ./lib/softoken/pkcs11c.c ---- ./lib/softoken/pkcs11c.c.fips-review 2023-03-07 16:54:36.251359761 -0800 -+++ ./lib/softoken/pkcs11c.c 2023-03-07 16:55:25.367359573 -0800 +--- ./lib/softoken/pkcs11c.c.fips-review 2023-03-16 11:53:04.703068972 -0700 ++++ ./lib/softoken/pkcs11c.c 2023-03-16 11:55:23.498360007 -0700 @@ -4780,6 +4780,10 @@ NSC_GenerateKey(CK_SESSION_HANDLE hSessi * handle the base object stuff */ @@ -189,7 +189,7 @@ diff -up ./lib/softoken/pkcs11c.c.fips-review ./lib/softoken/pkcs11c.c /* FIPS requires full validation, but in fipx mode NSC_Derive * only does partial validation with approved primes, now handle * full validation */ -@@ -5166,15 +5174,38 @@ sftk_PairwiseConsistencyCheck(CK_SESSION +@@ -5166,18 +5174,41 @@ sftk_PairwiseConsistencyCheck(CK_SESSION } crv = sftk_Attribute2SecItem(NULL, &prime, privateKey, CKA_PRIME); /* we ignore the return code an only look at the length */ @@ -199,22 +199,23 @@ diff -up ./lib/softoken/pkcs11c.c.fips-review ./lib/softoken/pkcs11c.c - * that's the only kine of prime that will get here */ - subPrimePtr = sftk_VerifyDH_Prime(&prime, isFIPS); - if (subPrimePtr == NULL) { +- crv = CKR_GENERAL_ERROR; + /* do we have a known prime ? */ + subPrimePtr = sftk_VerifyDH_Prime(&prime, isFIPS); + if (subPrimePtr == NULL) { + if (subPrime.len == 0) { + /* if not a known prime, subprime must be supplied */ - crv = CKR_GENERAL_ERROR; ++ crv = CKR_ATTRIBUTE_VALUE_INVALID; goto done; + } else { + /* not a known prime, check for primality of prime + * and subPrime */ + if (!KEA_PrimeCheck(&prime)) { -+ crv = CKR_GENERAL_ERROR; ++ crv = CKR_ATTRIBUTE_VALUE_INVALID; + goto done; + } + if (!KEA_PrimeCheck(&subPrime)) { -+ crv = CKR_GENERAL_ERROR; ++ crv = CKR_ATTRIBUTE_VALUE_INVALID; + goto done; + } } @@ -227,13 +228,17 @@ diff -up ./lib/softoken/pkcs11c.c.fips-review ./lib/softoken/pkcs11c.c + if ((subPrimePtr->len != subPrimeLen) || + (PORT_Memcmp(subPrimePtr->data, subPrime.data, + subPrime.len) != 0)) { -+ crv = CKR_GENERAL_ERROR; ++ crv = CKR_ATTRIBUTE_VALUE_INVALID; + goto done; + } + } } if (!KEA_Verify(&pubKey, &prime, (SECItem *)subPrimePtr)) { - crv = CKR_GENERAL_ERROR; +- crv = CKR_GENERAL_ERROR; ++ crv = CKR_ATTRIBUTE_VALUE_INVALID; + } + done: + SECITEM_ZfreeItem(&subPrime, PR_FALSE); @@ -5185,13 +5216,9 @@ sftk_PairwiseConsistencyCheck(CK_SESSION } /* clean up before we return */ @@ -285,7 +290,7 @@ diff -up ./lib/softoken/pkcs11c.c.fips-review ./lib/softoken/pkcs11c.c mechParams->ulSharedDataLen, mechParams->kdf); diff -up ./lib/softoken/pkcs11.c.fips-review ./lib/softoken/pkcs11.c --- ./lib/softoken/pkcs11.c.fips-review 2022-05-26 02:54:33.000000000 -0700 -+++ ./lib/softoken/pkcs11.c 2023-03-07 16:54:47.921359716 -0800 ++++ ./lib/softoken/pkcs11.c 2023-03-16 11:54:37.840935312 -0700 @@ -4599,7 +4599,10 @@ NSC_CreateObject(CK_SESSION_HANDLE hSess if (object == NULL) { return CKR_HOST_MEMORY; @@ -300,7 +305,7 @@ diff -up ./lib/softoken/pkcs11.c.fips-review ./lib/softoken/pkcs11.c /* diff -up ./lib/softoken/sftkike.c.fips-review ./lib/softoken/sftkike.c --- ./lib/softoken/sftkike.c.fips-review 2022-05-26 02:54:33.000000000 -0700 -+++ ./lib/softoken/sftkike.c 2023-03-07 16:54:47.921359716 -0800 ++++ ./lib/softoken/sftkike.c 2023-03-16 11:54:37.840935312 -0700 @@ -516,6 +516,11 @@ sftk_ike_prf(CK_SESSION_HANDLE hSession, goto fail; } diff --git a/nss.spec b/nss.spec index 1d2fa5d..8dd0c18 100644 --- a/nss.spec +++ b/nss.spec @@ -1,6 +1,6 @@ %global nss_version 3.79.0 %global nspr_version 4.34.0 -%global baserelease 16 +%global baserelease 17 %global nss_release %baserelease # NOTE: To avoid NVR clashes of nspr* packages: # use "%%global nspr_release %%[%%baserelease+n]" to handle offsets when @@ -1171,6 +1171,11 @@ update-crypto-policies &> /dev/null || : %changelog +* Thu Mar 16 2023 Bob Relyea - 3.79.0-17 +- fix consistency return errors. We shouldn't lock the FIPS + token if the application asked for invalid DH parameters on + on keygen. + * Mon Mar 13 2023 Bob Relyea - 3.79.0-16 - Add check for RSA PSS Salt required by FIPS - Update fips_algorithms.sh according to the review.