- Fix implicit rejection with RSA keys with empty CKA_PRIVATE_EXPONENT
Related: RHEL-22792
This commit is contained in:
		
							parent
							
								
									3e961f4d0a
								
							
						
					
					
						commit
						d8e7a71882
					
				| @ -1,4 +1,4 @@ | |||||||
| commit 2ea019ee2b09f15724d808382d53baca03403288 | commit f931d6e47bf2fb26aa9cf52e231d13edc1c837a1 | ||||||
| Author: Ingo Franzki <ifranzki@linux.ibm.com> | Author: Ingo Franzki <ifranzki@linux.ibm.com> | ||||||
| Date:   Tue Dec 12 17:16:56 2023 +0100 | Date:   Tue Dec 12 17:16:56 2023 +0100 | ||||||
| 
 | 
 | ||||||
|  | |||||||
| @ -1,4 +1,4 @@ | |||||||
| commit c26e049bf40d656bc51429bad190b82fbf63f0c7 | commit 5f1a4f8641306ee192b70c8a32c9ee8a0fe9be5f | ||||||
| Author: Ingo Franzki <ifranzki@linux.ibm.com> | Author: Ingo Franzki <ifranzki@linux.ibm.com> | ||||||
| Date:   Mon Jan 15 12:53:37 2024 +0100 | Date:   Mon Jan 15 12:53:37 2024 +0100 | ||||||
| 
 | 
 | ||||||
| @ -51,7 +51,7 @@ index 2bb3dffe..21b6b702 100644 | |||||||
|   * The OpenSSL code is licensed under the Apache License 2.0 (the "License").  |   * The OpenSSL code is licensed under the Apache License 2.0 (the "License").  | ||||||
|   * You can obtain a copy in the file LICENSE in the OpenSSL source distribution |   * You can obtain a copy in the file LICENSE in the OpenSSL source distribution | ||||||
| diff --git a/usr/lib/common/h_extern.h b/usr/lib/common/h_extern.h
 | diff --git a/usr/lib/common/h_extern.h b/usr/lib/common/h_extern.h
 | ||||||
| index 7400c6db..1d79a4f7 100644
 | index a88b57d0..29496d99 100644
 | ||||||
| --- a/usr/lib/common/h_extern.h
 | --- a/usr/lib/common/h_extern.h
 | ||||||
| +++ b/usr/lib/common/h_extern.h
 | +++ b/usr/lib/common/h_extern.h
 | ||||||
| @@ -731,7 +731,8 @@ CK_RV rsa_format_block(STDLL_TokData_t *tokdata,
 | @@ -731,7 +731,8 @@ CK_RV rsa_format_block(STDLL_TokData_t *tokdata,
 | ||||||
| @ -64,7 +64,7 @@ index 7400c6db..1d79a4f7 100644 | |||||||
|   |   | ||||||
|  CK_RV get_mgf_mech(CK_RSA_PKCS_MGF_TYPE mgf, CK_MECHANISM_TYPE *mech); |  CK_RV get_mgf_mech(CK_RSA_PKCS_MGF_TYPE mgf, CK_MECHANISM_TYPE *mech); | ||||||
|   |   | ||||||
| @@ -3182,6 +3183,14 @@ CK_RV openssl_specific_hmac_update(SIGN_VERIFY_CONTEXT *ctx, CK_BYTE *in_data,
 | @@ -3179,6 +3180,14 @@ CK_RV openssl_specific_hmac_update(SIGN_VERIFY_CONTEXT *ctx, CK_BYTE *in_data,
 | ||||||
|  CK_RV openssl_specific_hmac_final(SIGN_VERIFY_CONTEXT *ctx, CK_BYTE *signature, |  CK_RV openssl_specific_hmac_final(SIGN_VERIFY_CONTEXT *ctx, CK_BYTE *signature, | ||||||
|                                    CK_ULONG *sig_len, CK_BBOOL sign); |                                    CK_ULONG *sig_len, CK_BBOOL sign); | ||||||
|   |   | ||||||
|  | |||||||
| @ -1,4 +1,4 @@ | |||||||
| commit 7ffc0e135b4d923d686be536aa7bf69405a360a1 | commit e2b496f58a84c2f537667655fe08a0d4923f0c70 | ||||||
| Author: Ingo Franzki <ifranzki@linux.ibm.com> | Author: Ingo Franzki <ifranzki@linux.ibm.com> | ||||||
| Date:   Fri Jan 12 09:36:27 2024 +0100 | Date:   Fri Jan 12 09:36:27 2024 +0100 | ||||||
| 
 | 
 | ||||||
| @ -119,10 +119,10 @@ index 8a1e8723..bbb0f601 100644 | |||||||
|              decr_mgr_cleanup(tokdata, sess, &sess->decr_ctx); |              decr_mgr_cleanup(tokdata, sess, &sess->decr_ctx); | ||||||
|      } |      } | ||||||
| diff --git a/usr/lib/ep11_stdll/ep11_specific.c b/usr/lib/ep11_stdll/ep11_specific.c
 | diff --git a/usr/lib/ep11_stdll/ep11_specific.c b/usr/lib/ep11_stdll/ep11_specific.c
 | ||||||
| index 723eb3f6..e8543300 100644
 | index 073b349f..6d08b95e 100644
 | ||||||
| --- a/usr/lib/ep11_stdll/ep11_specific.c
 | --- a/usr/lib/ep11_stdll/ep11_specific.c
 | ||||||
| +++ b/usr/lib/ep11_stdll/ep11_specific.c
 | +++ b/usr/lib/ep11_stdll/ep11_specific.c
 | ||||||
| @@ -9596,10 +9596,12 @@ CK_RV ep11tok_decrypt_final(STDLL_TokData_t * tokdata, SESSION * session,
 | @@ -9552,10 +9552,12 @@ CK_RV ep11tok_decrypt_final(STDLL_TokData_t * tokdata, SESSION * session,
 | ||||||
|      rc = constant_time_select(constant_time_eq(rc, CKR_OK), |      rc = constant_time_select(constant_time_eq(rc, CKR_OK), | ||||||
|                                ep11_error_to_pkcs11_error(rc, session), |                                ep11_error_to_pkcs11_error(rc, session), | ||||||
|                                rc); |                                rc); | ||||||
| @ -139,7 +139,7 @@ index 723eb3f6..e8543300 100644 | |||||||
|      } |      } | ||||||
|   |   | ||||||
|  done: |  done: | ||||||
| @@ -9655,10 +9657,12 @@ CK_RV ep11tok_decrypt(STDLL_TokData_t * tokdata, SESSION * session,
 | @@ -9611,10 +9613,12 @@ CK_RV ep11tok_decrypt(STDLL_TokData_t * tokdata, SESSION * session,
 | ||||||
|      rc = constant_time_select(constant_time_eq(rc, CKR_OK), |      rc = constant_time_select(constant_time_eq(rc, CKR_OK), | ||||||
|                                ep11_error_to_pkcs11_error(rc, session), |                                ep11_error_to_pkcs11_error(rc, session), | ||||||
|                                rc); |                                rc); | ||||||
| @ -156,7 +156,7 @@ index 723eb3f6..e8543300 100644 | |||||||
|      } |      } | ||||||
|   |   | ||||||
|  done: |  done: | ||||||
| @@ -9720,10 +9724,12 @@ CK_RV ep11tok_decrypt_update(STDLL_TokData_t * tokdata, SESSION * session,
 | @@ -9676,10 +9680,12 @@ CK_RV ep11tok_decrypt_update(STDLL_TokData_t * tokdata, SESSION * session,
 | ||||||
|      rc = constant_time_select(constant_time_eq(rc, CKR_OK), |      rc = constant_time_select(constant_time_eq(rc, CKR_OK), | ||||||
|                                ep11_error_to_pkcs11_error(rc, session), |                                ep11_error_to_pkcs11_error(rc, session), | ||||||
|                                rc); |                                rc); | ||||||
|  | |||||||
| @ -1,4 +1,4 @@ | |||||||
| commit b833f2f90fd9f2e99e0da3278f82516324cd070a | commit 7d064610937cdfb3cf8976adbb7eec6be3ea9d9f | ||||||
| Author: Ingo Franzki <ifranzki@linux.ibm.com> | Author: Ingo Franzki <ifranzki@linux.ibm.com> | ||||||
| Date:   Tue Jan 16 10:01:20 2024 +0100 | Date:   Tue Jan 16 10:01:20 2024 +0100 | ||||||
| 
 | 
 | ||||||
|  | |||||||
| @ -1,37 +1,31 @@ | |||||||
| diff -up opencryptoki-3.22.0/usr/lib/ep11_stdll/ep11_specific.c.me opencryptoki-3.22.0/usr/lib/ep11_stdll/ep11_specific.c
 | commit d756ba1ec270a289950e66398c7e8be59c4a594d | ||||||
| --- opencryptoki-3.22.0/usr/lib/ep11_stdll/ep11_specific.c.me	2024-02-07 16:49:05.669151975 +0100
 | Author: Ingo Franzki <ifranzki@linux.ibm.com> | ||||||
| +++ opencryptoki-3.22.0/usr/lib/ep11_stdll/ep11_specific.c	2024-02-07 16:53:00.721310320 +0100
 | Date:   Fri Feb 9 14:07:34 2024 +0100 | ||||||
| @@ -9552,10 +9552,12 @@ CK_RV ep11tok_decrypt_final(STDLL_TokDat
 |  | ||||||
|      rc = constant_time_select(constant_time_eq(rc, CKR_OK), |  | ||||||
|                                ep11_error_to_pkcs11_error(rc, session), |  | ||||||
|                                rc); |  | ||||||
| -    if (rc != CKR_OK) {
 |  | ||||||
| -        TRACE_ERROR("%s rc=0x%lx\n", __func__, rc);
 |  | ||||||
| -    } else {
 |  | ||||||
| -        TRACE_INFO("%s rc=0x%lx\n", __func__, rc);
 |  | ||||||
| +    if (!is_rsa_mechanism(ctx->mech.mechanism)) {
 |  | ||||||
| +        if (rc != CKR_OK) {
 |  | ||||||
| +            TRACE_ERROR("%s rc=0x%lx\n", __func__, rc);
 |  | ||||||
| +        } else {
 |  | ||||||
| +            TRACE_INFO("%s rc=0x%lx\n", __func__, rc);
 |  | ||||||
| +        }
 |  | ||||||
|      } |  | ||||||
| 
 | 
 | ||||||
|  done: |     COMMON: Fix implicit rejection with RSA keys with empty CKA_PRIVATE_EXPONENT | ||||||
| @@ -9747,12 +9749,10 @@ CK_RV ep11tok_decrypt_single(STDLL_TokDa
 |  | ||||||
|      rc = constant_time_select(constant_time_eq(rc, CKR_OK), |  | ||||||
|                                ep11_error_to_pkcs11_error(rc, session), |  | ||||||
|                                rc); |  | ||||||
| -    if (!is_rsa_mechanism(ctx->mech.mechanism)) {
 |  | ||||||
| -        if (rc != CKR_OK) {
 |  | ||||||
| -            TRACE_ERROR("%s rc=0x%lx\n", __func__, rc);
 |  | ||||||
| -        } else {
 |  | ||||||
| -            TRACE_INFO("%s rc=0x%lx\n", __func__, rc);
 |  | ||||||
| -        }
 |  | ||||||
| +    if (rc != CKR_OK) {
 |  | ||||||
| +        TRACE_ERROR("%s rc=0x%lx\n", __func__, rc);
 |  | ||||||
| +    } else {
 |  | ||||||
| +        TRACE_INFO("%s rc=0x%lx\n", __func__, rc);
 |  | ||||||
|      } |  | ||||||
|      |      | ||||||
|  done: |     An RSA key object that has no CKA_PRIVATE_EXPONENT may either don't have that | ||||||
|  |     attribute at all, or may have an empty CKA_PRIVATE_EXPONENT attribute. | ||||||
|  |     Both situations should be handed the same, and the private exponent of the | ||||||
|  |     key needs to be calculated from the other key components. | ||||||
|  |      | ||||||
|  |     Note that RSA key objects generated with a current soft or ICA token will | ||||||
|  |     always have a valid CKA_PRIVATE_EXPONENT attribute, since this is provided | ||||||
|  |     during key generation. | ||||||
|  |      | ||||||
|  |     Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> | ||||||
|  | 
 | ||||||
|  | diff --git a/usr/lib/common/mech_openssl.c b/usr/lib/common/mech_openssl.c
 | ||||||
|  | index da515289..14c82e2d 100644
 | ||||||
|  | --- a/usr/lib/common/mech_openssl.c
 | ||||||
|  | +++ b/usr/lib/common/mech_openssl.c
 | ||||||
|  | @@ -5160,7 +5160,8 @@ CK_RV openssl_specific_rsa_derive_kdk(STDLL_TokData_t *tokdata, OBJECT *key_obj,
 | ||||||
|  |   | ||||||
|  |      rc = template_attribute_get_non_empty(key_obj->template, | ||||||
|  |                                            CKA_PRIVATE_EXPONENT, &priv_exp_attr); | ||||||
|  | -    if (rc != CKR_OK && rc != CKR_TEMPLATE_INCOMPLETE) {
 | ||||||
|  | +    if (rc != CKR_OK && rc != CKR_TEMPLATE_INCOMPLETE &&
 | ||||||
|  | +        rc != CKR_ATTRIBUTE_VALUE_INVALID) {
 | ||||||
|  |          TRACE_ERROR("Failed to get CKA_PRIVATE_EXPONENT\n"); | ||||||
|  |          goto out; | ||||||
|  |      } | ||||||
|  | |||||||
| @ -1,7 +1,7 @@ | |||||||
| Name:			opencryptoki | Name:			opencryptoki | ||||||
| Summary:		Implementation of the PKCS#11 (Cryptoki) specification v3.0 | Summary:		Implementation of the PKCS#11 (Cryptoki) specification v3.0 | ||||||
| Version:		3.22.0 | Version:		3.22.0 | ||||||
| Release:		2%{?dist} | Release:		3%{?dist} | ||||||
| License:		CPL | License:		CPL | ||||||
| URL:			https://github.com/opencryptoki/opencryptoki | URL:			https://github.com/opencryptoki/opencryptoki | ||||||
| Source0:		https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz | Source0:		https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz | ||||||
| @ -351,6 +351,10 @@ fi | |||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
| %changelog | %changelog | ||||||
|  | * Fri Feb 16 2024 Than Ngo <than@redhat.com> - 3.22.0-3 | ||||||
|  | - Fix implicit rejection with RSA keys with empty CKA_PRIVATE_EXPONENT | ||||||
|  | Related: RHEL-22792 | ||||||
|  | 
 | ||||||
| * Thu Feb 08 2024 Than Ngo <than@redhat.com> - 3.22.0-2 | * Thu Feb 08 2024 Than Ngo <than@redhat.com> - 3.22.0-2 | ||||||
| - timing side-channel in handling of RSA PKCS#1 v1.5 padded ciphertexts (Marvin) | - timing side-channel in handling of RSA PKCS#1 v1.5 padded ciphertexts (Marvin) | ||||||
| Resolves: RHEL-22792 | Resolves: RHEL-22792 | ||||||
|  | |||||||
		Loading…
	
		Reference in New Issue
	
	Block a user