Bug 1990591 (CVE-2021-3798)
Summary: | CVE-2021-3798 openCryptoki: Soft token does not check if an EC key is valid | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Guilherme de Almeida Suckevicz <gsuckevi> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | dan, jjelen, plautrba, than |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via C_CreateObject, nor when C_DeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2021-10-28 10:48:15 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1959894, 1959936, 1979173, 1990592, 1998233, 1998234 | ||
Bug Blocks: | 1990593 |
Description
Guilherme de Almeida Suckevicz
2021-08-05 16:55:52 UTC
Created openCryptoki tracking bugs for this issue: Affects: fedora-all [bug 1990592] As mentioned in the Ubuntu launchpad bug [1] EC support has been introduced in the Soft token with OCK 3.15.0, so this issue only affects openCryptoki versions >= 3.15.0 while earlier openCryptoki releases are not affected. In particular, EC support was introduced through commit [2]. [1] https://bugs.launchpad.net/ubuntu/+source/opencryptoki/+bug/1928780 [2] https://github.com/opencryptoki/opencryptoki/commit/a179fd01a265a98194d9c06ec5958da1dd2ecae3 In an invalid curve attack, the attacker is able to trick the vulnerable application into using curve points outside of the intended elliptic curve, making it possible to (potentially) extract the private key. A cryptographic library implementing Elliptic Curve Cryptography (ECC) needs to make sure that only valid curve points will be processed, while invalid points are detected and discarded accordingly. This is what openCryptoki's patch aims to do by adding the missing check in fill_ec_key_from_pubkey() and fill_ec_key_from_privkey(). This issue has been addressed in Red Hat Enterprise Linux 8 via RHBA-2021:3054: https://access.redhat.com/errata/RHBA-2021:3054 |