Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 2063378

Summary: Sending incorrect mechanism params for RSA OAEP operations
Product: Red Hat Enterprise Linux 9 Reporter: space88man <shihping.chan>
Component: openssl-pkcs11Assignee: Jakub Jelen <jjelen>
Status: CLOSED ERRATA QA Contact: Miluse Bezo Konecna <mbezokon>
Severity: unspecified Docs Contact:
Priority: low    
Version: 9.4CC: ansasaki, mbezokon
Target Milestone: rcKeywords: Triaged
Target Release: 9.4Flags: pm-rhel: mirror+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openssl-pkcs11-0.4.11-8.el9 Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2024-04-30 10:12:02 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description space88man 2022-03-12 00:22:10 UTC 
Description of problem:
When using OAEP pkcs11 engine is sending incorrect CK_RSA_PKCS_OAEP_PARAM params: 0x00UL for the field "source" instead of 0x01UL (CKZ_DATA_SPECIFIED)

See section 2.1.7 of PKCS #11 Cryptographic Token Interface Current Mechanisms Specification Version 3.0
https://docs.oasis-open.org/pkcs11/pkcs11-curr/v3.0/os/pkcs11-curr-v3.0-os.html#_Toc30061136

A strict HSM (Thales Luna) rejects this with CKR_MECHANISM_INVALID


Version-Release number of selected component (if applicable):
openssl-pkcs11-0.4.10-3.el8.x86_64

How reproducible:
Always 

Steps to Reproduce:
1. Peform OAEP decryption
openssl pkeyutl -decrypt -inkey 'pkcs11:token=mytoken;object=mykey' -keyform engine -engine pkcs11
    -pkeyopt rsa_padding_mode:oaep
    -pkeyopt rsa_oaep_md:sha384
    -pkeyopt rsa_mgf1_md:sha384
    -in ciphertext -out recovered

2.
3.

Actual results:
CKR_MECHANISM_INVALID


Expected results:
Successful decryption


Additional info:
The params structure is 40 bytes long
Incorrect:
60020000000000000300000000000000000000000000000000000000000000000000000000000000
Correct
60020000000000000300000000000000010000000000000000000000000000000000000000000000

The correct params are sent by Thales gem engine and python_pkcs11.
The incorrect params are sent by openssl-pkcs11

Its possible (not verified) that softhsm2 - used in the development of openssl-pkcs11 - is more lenient in parsing this field so the "bug" is not detected
Comment 1 space88man 2022-03-12 02:24:33 UTC 
Verified that softhsm2 accepts C_DecryptInit calls with source=0

33: C_DecryptInit
2022-03-12 10:22:49.721
[in] hSession = 0x1
pMechanism->type=CKM_RSA_PKCS_OAEP            
pMechanism->pParameter->hashAlg=CKM_SHA_1                    
pMechanism->pParameter->mgf=CKG_MGF1_SHA1  
pMechanism->pParameter->source=0
[out] pSourceData[ulSourceDalaLen] NULL [size : 0x0 (0)]
[in] hKey = 0x2
Returned:  0 CKR_OK

34: C_Decrypt
2022-03-12 10:22:49.721
[in] hSession = 0x1
[in] pEncryptedData[ulEncryptedDataLen] 0000564542b5cc20 / 256
    00000000  56 C5 1D 72 84 24 97 ED 87 B1 8B 26 C2 FF 3E 26  V..r.$.....&..>&
    00000010  83 A1 DD 9E A4 3E EE 38 74 C1 C3 E4 B1 FE 1F 8B  .....>.8t.......
    00000020  07 1D AD 40 8D FB 31 65 F7 CA 1E 39 44 38 E0 C0  ...@..1e...9D8..
    00000030  40 57 49 F9 78 BD DA EB E0 51 EC F3 64 32 79 31  @WI.x....Q..d2y1
Comment 2 Jakub Jelen 2022-03-14 09:43:49 UTC 
Thank you for the PR and a bug report. As we will have the issue merged upstream, I will look if and when we can update it in RHEL.
Comment 3 Jakub Jelen 2022-03-14 12:40:25 UTC 
Also, please open a customer support case with Red Hat support to make sure the issue is properly prioritized. Without that, we can not guarantee the RHEL update.
Comment 4 Jakub Jelen 2023-05-18 11:26:15 UTC 
Moving to RHEL 9 as we do not plan to do any other non-critical bugfixes in RHEL8.
Comment 7 Jakub Jelen 2023-08-30 17:07:14 UTC 
Change is available for testing in the following centos stream MR:

https://gitlab.com/redhat/centos-stream/rpms/openssl-pkcs11/-/merge_requests/4
Comment 12 errata-xmlrpc 2024-04-30 10:12:02 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (openssl-pkcs11 bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2024:2398