rpms/nss
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Related: rhbz#2174613

Browse Source 
Fix regression issue in FIPS mode. We need to return a non-locking return
code if the user supplied DH parameters are invalid, rather than a blocking
code we return if the underlying NSS math engine blows up.
This commit is contained in:
Bob Relyea 2023-03-16 12:53:52 -07:00
parent fe16df6b41
commit 2ed3d453e9
2 changed files with 22 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
nss-3.79-fips-review.patches
View File

@ -1,6 +1,6 @@
diff -up ./lib/freebl/dh.c.fips-review ./lib/freebl/dh.c diff -up ./lib/freebl/dh.c.fips-review ./lib/freebl/dh.c
--- ./lib/freebl/dh.c.fips-review 2022-05-26 02:54:33.000000000 -0700 --- ./lib/freebl/dh.c.fips-review 2022-05-26 02:54:33.000000000 -0700
+++ ./lib/freebl/dh.c 2023-03-07 16:54:47.920359716 -0800 +++ ./lib/freebl/dh.c 2023-03-16 11:54:37.839935303 -0700
@@ -445,7 +445,7 @@ cleanup: @@ -445,7 +445,7 @@ cleanup:
PRBool PRBool
KEA_Verify(SECItem *Y, SECItem *prime, SECItem *subPrime) KEA_Verify(SECItem *Y, SECItem *prime, SECItem *subPrime)
@ -50,8 +50,8 @@ diff -up ./lib/freebl/dh.c.fips-review ./lib/freebl/dh.c
MP_TO_SEC_ERROR(err); MP_TO_SEC_ERROR(err);
return PR_FALSE; return PR_FALSE;
diff -up ./lib/softoken/pkcs11c.c.fips-review ./lib/softoken/pkcs11c.c diff -up ./lib/softoken/pkcs11c.c.fips-review ./lib/softoken/pkcs11c.c
--- ./lib/softoken/pkcs11c.c.fips-review 2023-03-07 16:54:36.251359761 -0800 --- ./lib/softoken/pkcs11c.c.fips-review 2023-03-16 11:53:04.703068972 -0700
+++ ./lib/softoken/pkcs11c.c 2023-03-07 16:55:25.367359573 -0800 +++ ./lib/softoken/pkcs11c.c 2023-03-16 11:55:23.498360007 -0700
@@ -4780,6 +4780,10 @@ NSC_GenerateKey(CK_SESSION_HANDLE hSessi @@ -4780,6 +4780,10 @@ NSC_GenerateKey(CK_SESSION_HANDLE hSessi
* handle the base object stuff * handle the base object stuff
*/ */
@ -189,7 +189,7 @@ diff -up ./lib/softoken/pkcs11c.c.fips-review ./lib/softoken/pkcs11c.c
/* FIPS requires full validation, but in fipx mode NSC_Derive /* FIPS requires full validation, but in fipx mode NSC_Derive
* only does partial validation with approved primes, now handle * only does partial validation with approved primes, now handle
* full validation */ * full validation */
@@ -5166,15 +5174,38 @@ sftk_PairwiseConsistencyCheck(CK_SESSION @@ -5166,18 +5174,41 @@ sftk_PairwiseConsistencyCheck(CK_SESSION
} }
crv = sftk_Attribute2SecItem(NULL, &prime, privateKey, CKA_PRIME); crv = sftk_Attribute2SecItem(NULL, &prime, privateKey, CKA_PRIME);
/* we ignore the return code an only look at the length */ /* we ignore the return code an only look at the length */
@ -199,22 +199,23 @@ diff -up ./lib/softoken/pkcs11c.c.fips-review ./lib/softoken/pkcs11c.c
- * that's the only kine of prime that will get here */ - * that's the only kine of prime that will get here */
- subPrimePtr = sftk_VerifyDH_Prime(&prime, isFIPS); - subPrimePtr = sftk_VerifyDH_Prime(&prime, isFIPS);
- if (subPrimePtr == NULL) { - if (subPrimePtr == NULL) {
- crv = CKR_GENERAL_ERROR;
+ /* do we have a known prime ? */ + /* do we have a known prime ? */
+ subPrimePtr = sftk_VerifyDH_Prime(&prime, isFIPS); + subPrimePtr = sftk_VerifyDH_Prime(&prime, isFIPS);
+ if (subPrimePtr == NULL) { + if (subPrimePtr == NULL) {
+ if (subPrime.len == 0) { + if (subPrime.len == 0) {
+ /* if not a known prime, subprime must be supplied */ + /* if not a known prime, subprime must be supplied */
crv = CKR_GENERAL_ERROR; + crv = CKR_ATTRIBUTE_VALUE_INVALID;
goto done; goto done;
+ } else { + } else {
+ /* not a known prime, check for primality of prime + /* not a known prime, check for primality of prime
+ * and subPrime */ + * and subPrime */
+ if (!KEA_PrimeCheck(&prime)) { + if (!KEA_PrimeCheck(&prime)) {
+ crv = CKR_GENERAL_ERROR; + crv = CKR_ATTRIBUTE_VALUE_INVALID;
+ goto done; + goto done;
+ } + }
+ if (!KEA_PrimeCheck(&subPrime)) { + if (!KEA_PrimeCheck(&subPrime)) {
+ crv = CKR_GENERAL_ERROR; + crv = CKR_ATTRIBUTE_VALUE_INVALID;
+ goto done; + goto done;
+ } + }
} }
@ -227,13 +228,17 @@ diff -up ./lib/softoken/pkcs11c.c.fips-review ./lib/softoken/pkcs11c.c
+ if ((subPrimePtr->len != subPrimeLen) || + if ((subPrimePtr->len != subPrimeLen) ||
+ (PORT_Memcmp(subPrimePtr->data, subPrime.data, + (PORT_Memcmp(subPrimePtr->data, subPrime.data,
+ subPrime.len) != 0)) { + subPrime.len) != 0)) {
+ crv = CKR_GENERAL_ERROR; + crv = CKR_ATTRIBUTE_VALUE_INVALID;
+ goto done; + goto done;
+ } + }
+ } + }
} }
if (!KEA_Verify(&pubKey, &prime, (SECItem *)subPrimePtr)) { if (!KEA_Verify(&pubKey, &prime, (SECItem *)subPrimePtr)) {
crv = CKR_GENERAL_ERROR; - crv = CKR_GENERAL_ERROR;
+ crv = CKR_ATTRIBUTE_VALUE_INVALID;
}
done:
SECITEM_ZfreeItem(&subPrime, PR_FALSE);
@@ -5185,13 +5216,9 @@ sftk_PairwiseConsistencyCheck(CK_SESSION @@ -5185,13 +5216,9 @@ sftk_PairwiseConsistencyCheck(CK_SESSION
} }
/* clean up before we return */ /* clean up before we return */
@ -285,7 +290,7 @@ diff -up ./lib/softoken/pkcs11c.c.fips-review ./lib/softoken/pkcs11c.c
mechParams->ulSharedDataLen, mechParams->kdf); mechParams->ulSharedDataLen, mechParams->kdf);
diff -up ./lib/softoken/pkcs11.c.fips-review ./lib/softoken/pkcs11.c diff -up ./lib/softoken/pkcs11.c.fips-review ./lib/softoken/pkcs11.c
--- ./lib/softoken/pkcs11.c.fips-review 2022-05-26 02:54:33.000000000 -0700 --- ./lib/softoken/pkcs11.c.fips-review 2022-05-26 02:54:33.000000000 -0700
+++ ./lib/softoken/pkcs11.c 2023-03-07 16:54:47.921359716 -0800 +++ ./lib/softoken/pkcs11.c 2023-03-16 11:54:37.840935312 -0700
@@ -4599,7 +4599,10 @@ NSC_CreateObject(CK_SESSION_HANDLE hSess @@ -4599,7 +4599,10 @@ NSC_CreateObject(CK_SESSION_HANDLE hSess
if (object == NULL) { if (object == NULL) {
return CKR_HOST_MEMORY; return CKR_HOST_MEMORY;
@ -300,7 +305,7 @@ diff -up ./lib/softoken/pkcs11.c.fips-review ./lib/softoken/pkcs11.c
/* /*
diff -up ./lib/softoken/sftkike.c.fips-review ./lib/softoken/sftkike.c diff -up ./lib/softoken/sftkike.c.fips-review ./lib/softoken/sftkike.c
--- ./lib/softoken/sftkike.c.fips-review 2022-05-26 02:54:33.000000000 -0700 --- ./lib/softoken/sftkike.c.fips-review 2022-05-26 02:54:33.000000000 -0700
+++ ./lib/softoken/sftkike.c 2023-03-07 16:54:47.921359716 -0800 +++ ./lib/softoken/sftkike.c 2023-03-16 11:54:37.840935312 -0700
@@ -516,6 +516,11 @@ sftk_ike_prf(CK_SESSION_HANDLE hSession, @@ -516,6 +516,11 @@ sftk_ike_prf(CK_SESSION_HANDLE hSession,
goto fail; goto fail;
} }

7
nss.spec
View File

@ -1,6 +1,6 @@
%global nss_version 3.79.0 %global nss_version 3.79.0
%global nspr_version 4.34.0 %global nspr_version 4.34.0
%global baserelease 16 %global baserelease 17
%global nss_release %baserelease %global nss_release %baserelease
# NOTE: To avoid NVR clashes of nspr* packages: # NOTE: To avoid NVR clashes of nspr* packages:
# use "%%global nspr_release %%[%%baserelease+n]" to handle offsets when # use "%%global nspr_release %%[%%baserelease+n]" to handle offsets when
@ -1171,6 +1171,11 @@ update-crypto-policies &> /dev/null || :
%changelog %changelog
* Thu Mar 16 2023 Bob Relyea <rrelyea@redhat.com> - 3.79.0-17
- fix consistency return errors. We shouldn't lock the FIPS
token if the application asked for invalid DH parameters on
on keygen.
* Mon Mar 13 2023 Bob Relyea <rrelyea@redhat.com> - 3.79.0-16 * Mon Mar 13 2023 Bob Relyea <rrelyea@redhat.com> - 3.79.0-16
- Add check for RSA PSS Salt required by FIPS - Add check for RSA PSS Salt required by FIPS
- Update fips_algorithms.sh according to the review. - Update fips_algorithms.sh according to the review.