- Fix implicit rejection with RSA keys with empty CKA_PRIVATE_EXPONENT

Related: RHEL-22791
This commit is contained in:
Than Ngo 2024-02-16 12:24:04 +01:00
parent 39b1da5188
commit 5dccb92199
6 changed files with 44 additions and 46 deletions

View File

@ -1,4 +1,4 @@
commit 2ea019ee2b09f15724d808382d53baca03403288 commit f931d6e47bf2fb26aa9cf52e231d13edc1c837a1
Author: Ingo Franzki <ifranzki@linux.ibm.com> Author: Ingo Franzki <ifranzki@linux.ibm.com>
Date: Tue Dec 12 17:16:56 2023 +0100 Date: Tue Dec 12 17:16:56 2023 +0100

View File

@ -1,4 +1,4 @@
commit c26e049bf40d656bc51429bad190b82fbf63f0c7 commit 5f1a4f8641306ee192b70c8a32c9ee8a0fe9be5f
Author: Ingo Franzki <ifranzki@linux.ibm.com> Author: Ingo Franzki <ifranzki@linux.ibm.com>
Date: Mon Jan 15 12:53:37 2024 +0100 Date: Mon Jan 15 12:53:37 2024 +0100
@ -51,7 +51,7 @@ index 2bb3dffe..21b6b702 100644
* The OpenSSL code is licensed under the Apache License 2.0 (the "License"). * The OpenSSL code is licensed under the Apache License 2.0 (the "License").
* You can obtain a copy in the file LICENSE in the OpenSSL source distribution * You can obtain a copy in the file LICENSE in the OpenSSL source distribution
diff --git a/usr/lib/common/h_extern.h b/usr/lib/common/h_extern.h diff --git a/usr/lib/common/h_extern.h b/usr/lib/common/h_extern.h
index 7400c6db..1d79a4f7 100644 index a88b57d0..29496d99 100644
--- a/usr/lib/common/h_extern.h --- a/usr/lib/common/h_extern.h
+++ b/usr/lib/common/h_extern.h +++ b/usr/lib/common/h_extern.h
@@ -731,7 +731,8 @@ CK_RV rsa_format_block(STDLL_TokData_t *tokdata, @@ -731,7 +731,8 @@ CK_RV rsa_format_block(STDLL_TokData_t *tokdata,
@ -64,7 +64,7 @@ index 7400c6db..1d79a4f7 100644
CK_RV get_mgf_mech(CK_RSA_PKCS_MGF_TYPE mgf, CK_MECHANISM_TYPE *mech); CK_RV get_mgf_mech(CK_RSA_PKCS_MGF_TYPE mgf, CK_MECHANISM_TYPE *mech);
@@ -3182,6 +3183,14 @@ CK_RV openssl_specific_hmac_update(SIGN_VERIFY_CONTEXT *ctx, CK_BYTE *in_data, @@ -3179,6 +3180,14 @@ CK_RV openssl_specific_hmac_update(SIGN_VERIFY_CONTEXT *ctx, CK_BYTE *in_data,
CK_RV openssl_specific_hmac_final(SIGN_VERIFY_CONTEXT *ctx, CK_BYTE *signature, CK_RV openssl_specific_hmac_final(SIGN_VERIFY_CONTEXT *ctx, CK_BYTE *signature,
CK_ULONG *sig_len, CK_BBOOL sign); CK_ULONG *sig_len, CK_BBOOL sign);

View File

@ -1,4 +1,4 @@
commit 7ffc0e135b4d923d686be536aa7bf69405a360a1 commit e2b496f58a84c2f537667655fe08a0d4923f0c70
Author: Ingo Franzki <ifranzki@linux.ibm.com> Author: Ingo Franzki <ifranzki@linux.ibm.com>
Date: Fri Jan 12 09:36:27 2024 +0100 Date: Fri Jan 12 09:36:27 2024 +0100
@ -119,10 +119,10 @@ index 8a1e8723..bbb0f601 100644
decr_mgr_cleanup(tokdata, sess, &sess->decr_ctx); decr_mgr_cleanup(tokdata, sess, &sess->decr_ctx);
} }
diff --git a/usr/lib/ep11_stdll/ep11_specific.c b/usr/lib/ep11_stdll/ep11_specific.c diff --git a/usr/lib/ep11_stdll/ep11_specific.c b/usr/lib/ep11_stdll/ep11_specific.c
index 723eb3f6..e8543300 100644 index 073b349f..6d08b95e 100644
--- a/usr/lib/ep11_stdll/ep11_specific.c --- a/usr/lib/ep11_stdll/ep11_specific.c
+++ b/usr/lib/ep11_stdll/ep11_specific.c +++ b/usr/lib/ep11_stdll/ep11_specific.c
@@ -9596,10 +9596,12 @@ CK_RV ep11tok_decrypt_final(STDLL_TokData_t * tokdata, SESSION * session, @@ -9552,10 +9552,12 @@ CK_RV ep11tok_decrypt_final(STDLL_TokData_t * tokdata, SESSION * session,
rc = constant_time_select(constant_time_eq(rc, CKR_OK), rc = constant_time_select(constant_time_eq(rc, CKR_OK),
ep11_error_to_pkcs11_error(rc, session), ep11_error_to_pkcs11_error(rc, session),
rc); rc);
@ -139,7 +139,7 @@ index 723eb3f6..e8543300 100644
} }
done: done:
@@ -9655,10 +9657,12 @@ CK_RV ep11tok_decrypt(STDLL_TokData_t * tokdata, SESSION * session, @@ -9611,10 +9613,12 @@ CK_RV ep11tok_decrypt(STDLL_TokData_t * tokdata, SESSION * session,
rc = constant_time_select(constant_time_eq(rc, CKR_OK), rc = constant_time_select(constant_time_eq(rc, CKR_OK),
ep11_error_to_pkcs11_error(rc, session), ep11_error_to_pkcs11_error(rc, session),
rc); rc);
@ -156,7 +156,7 @@ index 723eb3f6..e8543300 100644
} }
done: done:
@@ -9720,10 +9724,12 @@ CK_RV ep11tok_decrypt_update(STDLL_TokData_t * tokdata, SESSION * session, @@ -9676,10 +9680,12 @@ CK_RV ep11tok_decrypt_update(STDLL_TokData_t * tokdata, SESSION * session,
rc = constant_time_select(constant_time_eq(rc, CKR_OK), rc = constant_time_select(constant_time_eq(rc, CKR_OK),
ep11_error_to_pkcs11_error(rc, session), ep11_error_to_pkcs11_error(rc, session),
rc); rc);

View File

@ -1,4 +1,4 @@
commit b833f2f90fd9f2e99e0da3278f82516324cd070a commit 7d064610937cdfb3cf8976adbb7eec6be3ea9d9f
Author: Ingo Franzki <ifranzki@linux.ibm.com> Author: Ingo Franzki <ifranzki@linux.ibm.com>
Date: Tue Jan 16 10:01:20 2024 +0100 Date: Tue Jan 16 10:01:20 2024 +0100

View File

@ -1,37 +1,31 @@
diff -up opencryptoki-3.22.0/usr/lib/ep11_stdll/ep11_specific.c.me opencryptoki-3.22.0/usr/lib/ep11_stdll/ep11_specific.c commit d756ba1ec270a289950e66398c7e8be59c4a594d
--- opencryptoki-3.22.0/usr/lib/ep11_stdll/ep11_specific.c.me 2024-02-07 16:49:05.669151975 +0100 Author: Ingo Franzki <ifranzki@linux.ibm.com>
+++ opencryptoki-3.22.0/usr/lib/ep11_stdll/ep11_specific.c 2024-02-07 16:53:00.721310320 +0100 Date: Fri Feb 9 14:07:34 2024 +0100
@@ -9552,10 +9552,12 @@ CK_RV ep11tok_decrypt_final(STDLL_TokDat
rc = constant_time_select(constant_time_eq(rc, CKR_OK),
ep11_error_to_pkcs11_error(rc, session),
rc);
- if (rc != CKR_OK) {
- TRACE_ERROR("%s rc=0x%lx\n", __func__, rc);
- } else {
- TRACE_INFO("%s rc=0x%lx\n", __func__, rc);
+ if (!is_rsa_mechanism(ctx->mech.mechanism)) {
+ if (rc != CKR_OK) {
+ TRACE_ERROR("%s rc=0x%lx\n", __func__, rc);
+ } else {
+ TRACE_INFO("%s rc=0x%lx\n", __func__, rc);
+ }
}
done: COMMON: Fix implicit rejection with RSA keys with empty CKA_PRIVATE_EXPONENT
@@ -9747,12 +9749,10 @@ CK_RV ep11tok_decrypt_single(STDLL_TokDa
rc = constant_time_select(constant_time_eq(rc, CKR_OK),
ep11_error_to_pkcs11_error(rc, session),
rc);
- if (!is_rsa_mechanism(ctx->mech.mechanism)) {
- if (rc != CKR_OK) {
- TRACE_ERROR("%s rc=0x%lx\n", __func__, rc);
- } else {
- TRACE_INFO("%s rc=0x%lx\n", __func__, rc);
- }
+ if (rc != CKR_OK) {
+ TRACE_ERROR("%s rc=0x%lx\n", __func__, rc);
+ } else {
+ TRACE_INFO("%s rc=0x%lx\n", __func__, rc);
}
done: An RSA key object that has no CKA_PRIVATE_EXPONENT may either don't have that
attribute at all, or may have an empty CKA_PRIVATE_EXPONENT attribute.
Both situations should be handed the same, and the private exponent of the
key needs to be calculated from the other key components.
Note that RSA key objects generated with a current soft or ICA token will
always have a valid CKA_PRIVATE_EXPONENT attribute, since this is provided
during key generation.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
diff --git a/usr/lib/common/mech_openssl.c b/usr/lib/common/mech_openssl.c
index da515289..14c82e2d 100644
--- a/usr/lib/common/mech_openssl.c
+++ b/usr/lib/common/mech_openssl.c
@@ -5160,7 +5160,8 @@ CK_RV openssl_specific_rsa_derive_kdk(STDLL_TokData_t *tokdata, OBJECT *key_obj,
rc = template_attribute_get_non_empty(key_obj->template,
CKA_PRIVATE_EXPONENT, &priv_exp_attr);
- if (rc != CKR_OK && rc != CKR_TEMPLATE_INCOMPLETE) {
+ if (rc != CKR_OK && rc != CKR_TEMPLATE_INCOMPLETE &&
+ rc != CKR_ATTRIBUTE_VALUE_INVALID) {
TRACE_ERROR("Failed to get CKA_PRIVATE_EXPONENT\n");
goto out;
}

View File

@ -1,7 +1,7 @@
Name: opencryptoki Name: opencryptoki
Summary: Implementation of the PKCS#11 (Cryptoki) specification v3.0 Summary: Implementation of the PKCS#11 (Cryptoki) specification v3.0
Version: 3.22.0 Version: 3.22.0
Release: 2%{?dist} Release: 3%{?dist}
License: CPL License: CPL
Group: System Environment/Base Group: System Environment/Base
URL: https://github.com/opencryptoki/opencryptoki URL: https://github.com/opencryptoki/opencryptoki
@ -381,6 +381,10 @@ fi
%changelog %changelog
* Fri Feb 16 2024 Than Ngo <than@redhat.com> - 3.22.0-3
- Fix implicit rejection with RSA keys with empty CKA_PRIVATE_EXPONENT
Related: RHEL-22791
* Thu Feb 08 2024 Than Ngo <than@redhat.com> - 3.22.0-2 * Thu Feb 08 2024 Than Ngo <than@redhat.com> - 3.22.0-2
- timing side-channel in handling of RSA PKCS#1 v1.5 padded ciphertexts (Marvin) - timing side-channel in handling of RSA PKCS#1 v1.5 padded ciphertexts (Marvin)
Resolves: RHEL-22791 Resolves: RHEL-22791