From d8e7a718822e260fa1d80b74bda90d28a7db92dd Mon Sep 17 00:00:00 2001 From: Than Ngo Date: Fri, 16 Feb 2024 13:35:05 +0100 Subject: [PATCH] - Fix implicit rejection with RSA keys with empty CKA_PRIVATE_EXPONENT Related: RHEL-22792 --- opencryptoki-CVE-2024-0914-part1.patch | 2 +- opencryptoki-CVE-2024-0914-part2.patch | 6 +-- opencryptoki-CVE-2024-0914-part3.patch | 10 ++-- opencryptoki-CVE-2024-0914-part4.patch | 2 +- opencryptoki-CVE-2024-0914-part5.patch | 64 ++++++++++++-------------- opencryptoki.spec | 6 ++- 6 files changed, 44 insertions(+), 46 deletions(-) diff --git a/opencryptoki-CVE-2024-0914-part1.patch b/opencryptoki-CVE-2024-0914-part1.patch index 541177e..b4a68c4 100644 --- a/opencryptoki-CVE-2024-0914-part1.patch +++ b/opencryptoki-CVE-2024-0914-part1.patch @@ -1,4 +1,4 @@ -commit 2ea019ee2b09f15724d808382d53baca03403288 +commit f931d6e47bf2fb26aa9cf52e231d13edc1c837a1 Author: Ingo Franzki Date: Tue Dec 12 17:16:56 2023 +0100 diff --git a/opencryptoki-CVE-2024-0914-part2.patch b/opencryptoki-CVE-2024-0914-part2.patch index 6e6a968..69f3b55 100644 --- a/opencryptoki-CVE-2024-0914-part2.patch +++ b/opencryptoki-CVE-2024-0914-part2.patch @@ -1,4 +1,4 @@ -commit c26e049bf40d656bc51429bad190b82fbf63f0c7 +commit 5f1a4f8641306ee192b70c8a32c9ee8a0fe9be5f Author: Ingo Franzki Date: Mon Jan 15 12:53:37 2024 +0100 @@ -51,7 +51,7 @@ index 2bb3dffe..21b6b702 100644 * The OpenSSL code is licensed under the Apache License 2.0 (the "License"). * You can obtain a copy in the file LICENSE in the OpenSSL source distribution diff --git a/usr/lib/common/h_extern.h b/usr/lib/common/h_extern.h -index 7400c6db..1d79a4f7 100644 +index a88b57d0..29496d99 100644 --- a/usr/lib/common/h_extern.h +++ b/usr/lib/common/h_extern.h @@ -731,7 +731,8 @@ CK_RV rsa_format_block(STDLL_TokData_t *tokdata, @@ -64,7 +64,7 @@ index 7400c6db..1d79a4f7 100644 CK_RV get_mgf_mech(CK_RSA_PKCS_MGF_TYPE mgf, CK_MECHANISM_TYPE *mech); -@@ -3182,6 +3183,14 @@ CK_RV openssl_specific_hmac_update(SIGN_VERIFY_CONTEXT *ctx, CK_BYTE *in_data, +@@ -3179,6 +3180,14 @@ CK_RV openssl_specific_hmac_update(SIGN_VERIFY_CONTEXT *ctx, CK_BYTE *in_data, CK_RV openssl_specific_hmac_final(SIGN_VERIFY_CONTEXT *ctx, CK_BYTE *signature, CK_ULONG *sig_len, CK_BBOOL sign); diff --git a/opencryptoki-CVE-2024-0914-part3.patch b/opencryptoki-CVE-2024-0914-part3.patch index 19c3a86..4994b73 100644 --- a/opencryptoki-CVE-2024-0914-part3.patch +++ b/opencryptoki-CVE-2024-0914-part3.patch @@ -1,4 +1,4 @@ -commit 7ffc0e135b4d923d686be536aa7bf69405a360a1 +commit e2b496f58a84c2f537667655fe08a0d4923f0c70 Author: Ingo Franzki Date: Fri Jan 12 09:36:27 2024 +0100 @@ -119,10 +119,10 @@ index 8a1e8723..bbb0f601 100644 decr_mgr_cleanup(tokdata, sess, &sess->decr_ctx); } diff --git a/usr/lib/ep11_stdll/ep11_specific.c b/usr/lib/ep11_stdll/ep11_specific.c -index 723eb3f6..e8543300 100644 +index 073b349f..6d08b95e 100644 --- a/usr/lib/ep11_stdll/ep11_specific.c +++ b/usr/lib/ep11_stdll/ep11_specific.c -@@ -9596,10 +9596,12 @@ CK_RV ep11tok_decrypt_final(STDLL_TokData_t * tokdata, SESSION * session, +@@ -9552,10 +9552,12 @@ CK_RV ep11tok_decrypt_final(STDLL_TokData_t * tokdata, SESSION * session, rc = constant_time_select(constant_time_eq(rc, CKR_OK), ep11_error_to_pkcs11_error(rc, session), rc); @@ -139,7 +139,7 @@ index 723eb3f6..e8543300 100644 } done: -@@ -9655,10 +9657,12 @@ CK_RV ep11tok_decrypt(STDLL_TokData_t * tokdata, SESSION * session, +@@ -9611,10 +9613,12 @@ CK_RV ep11tok_decrypt(STDLL_TokData_t * tokdata, SESSION * session, rc = constant_time_select(constant_time_eq(rc, CKR_OK), ep11_error_to_pkcs11_error(rc, session), rc); @@ -156,7 +156,7 @@ index 723eb3f6..e8543300 100644 } done: -@@ -9720,10 +9724,12 @@ CK_RV ep11tok_decrypt_update(STDLL_TokData_t * tokdata, SESSION * session, +@@ -9676,10 +9680,12 @@ CK_RV ep11tok_decrypt_update(STDLL_TokData_t * tokdata, SESSION * session, rc = constant_time_select(constant_time_eq(rc, CKR_OK), ep11_error_to_pkcs11_error(rc, session), rc); diff --git a/opencryptoki-CVE-2024-0914-part4.patch b/opencryptoki-CVE-2024-0914-part4.patch index 7853d29..915b54f 100644 --- a/opencryptoki-CVE-2024-0914-part4.patch +++ b/opencryptoki-CVE-2024-0914-part4.patch @@ -1,4 +1,4 @@ -commit b833f2f90fd9f2e99e0da3278f82516324cd070a +commit 7d064610937cdfb3cf8976adbb7eec6be3ea9d9f Author: Ingo Franzki Date: Tue Jan 16 10:01:20 2024 +0100 diff --git a/opencryptoki-CVE-2024-0914-part5.patch b/opencryptoki-CVE-2024-0914-part5.patch index 2c0a955..390eb8a 100644 --- a/opencryptoki-CVE-2024-0914-part5.patch +++ b/opencryptoki-CVE-2024-0914-part5.patch @@ -1,37 +1,31 @@ -diff -up opencryptoki-3.22.0/usr/lib/ep11_stdll/ep11_specific.c.me opencryptoki-3.22.0/usr/lib/ep11_stdll/ep11_specific.c ---- opencryptoki-3.22.0/usr/lib/ep11_stdll/ep11_specific.c.me 2024-02-07 16:49:05.669151975 +0100 -+++ opencryptoki-3.22.0/usr/lib/ep11_stdll/ep11_specific.c 2024-02-07 16:53:00.721310320 +0100 -@@ -9552,10 +9552,12 @@ CK_RV ep11tok_decrypt_final(STDLL_TokDat - rc = constant_time_select(constant_time_eq(rc, CKR_OK), - ep11_error_to_pkcs11_error(rc, session), - rc); -- if (rc != CKR_OK) { -- TRACE_ERROR("%s rc=0x%lx\n", __func__, rc); -- } else { -- TRACE_INFO("%s rc=0x%lx\n", __func__, rc); -+ if (!is_rsa_mechanism(ctx->mech.mechanism)) { -+ if (rc != CKR_OK) { -+ TRACE_ERROR("%s rc=0x%lx\n", __func__, rc); -+ } else { -+ TRACE_INFO("%s rc=0x%lx\n", __func__, rc); -+ } - } +commit d756ba1ec270a289950e66398c7e8be59c4a594d +Author: Ingo Franzki +Date: Fri Feb 9 14:07:34 2024 +0100 + + COMMON: Fix implicit rejection with RSA keys with empty CKA_PRIVATE_EXPONENT + + An RSA key object that has no CKA_PRIVATE_EXPONENT may either don't have that + attribute at all, or may have an empty CKA_PRIVATE_EXPONENT attribute. + Both situations should be handed the same, and the private exponent of the + key needs to be calculated from the other key components. + + Note that RSA key objects generated with a current soft or ICA token will + always have a valid CKA_PRIVATE_EXPONENT attribute, since this is provided + during key generation. + + Signed-off-by: Ingo Franzki + +diff --git a/usr/lib/common/mech_openssl.c b/usr/lib/common/mech_openssl.c +index da515289..14c82e2d 100644 +--- a/usr/lib/common/mech_openssl.c ++++ b/usr/lib/common/mech_openssl.c +@@ -5160,7 +5160,8 @@ CK_RV openssl_specific_rsa_derive_kdk(STDLL_TokData_t *tokdata, OBJECT *key_obj, - done: -@@ -9747,12 +9749,10 @@ CK_RV ep11tok_decrypt_single(STDLL_TokDa - rc = constant_time_select(constant_time_eq(rc, CKR_OK), - ep11_error_to_pkcs11_error(rc, session), - rc); -- if (!is_rsa_mechanism(ctx->mech.mechanism)) { -- if (rc != CKR_OK) { -- TRACE_ERROR("%s rc=0x%lx\n", __func__, rc); -- } else { -- TRACE_INFO("%s rc=0x%lx\n", __func__, rc); -- } -+ if (rc != CKR_OK) { -+ TRACE_ERROR("%s rc=0x%lx\n", __func__, rc); -+ } else { -+ TRACE_INFO("%s rc=0x%lx\n", __func__, rc); + rc = template_attribute_get_non_empty(key_obj->template, + CKA_PRIVATE_EXPONENT, &priv_exp_attr); +- if (rc != CKR_OK && rc != CKR_TEMPLATE_INCOMPLETE) { ++ if (rc != CKR_OK && rc != CKR_TEMPLATE_INCOMPLETE && ++ rc != CKR_ATTRIBUTE_VALUE_INVALID) { + TRACE_ERROR("Failed to get CKA_PRIVATE_EXPONENT\n"); + goto out; } - - done: diff --git a/opencryptoki.spec b/opencryptoki.spec index 5dd4c37..55b86c4 100644 --- a/opencryptoki.spec +++ b/opencryptoki.spec @@ -1,7 +1,7 @@ Name: opencryptoki Summary: Implementation of the PKCS#11 (Cryptoki) specification v3.0 Version: 3.22.0 -Release: 2%{?dist} +Release: 3%{?dist} License: CPL URL: https://github.com/opencryptoki/opencryptoki Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz @@ -351,6 +351,10 @@ fi %changelog +* Fri Feb 16 2024 Than Ngo - 3.22.0-3 +- Fix implicit rejection with RSA keys with empty CKA_PRIVATE_EXPONENT +Related: RHEL-22792 + * Thu Feb 08 2024 Than Ngo - 3.22.0-2 - timing side-channel in handling of RSA PKCS#1 v1.5 padded ciphertexts (Marvin) Resolves: RHEL-22792