Bug 1004107 - softoken needs to address FIPS review comments.
softoken needs to address FIPS review comments.
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: nss-softokn (Show other bugs)
Unspecified Unspecified
high Severity high
: rc
: ---
Assigned To: Elio Maldonado Batiz
Hubert Kario
Depends On:
Blocks: 717789
  Show dependency treegraph
Reported: 2013-09-03 20:20 EDT by Bob Relyea
Modified: 2015-03-05 03:27 EST (History)
9 users (show)

See Also:
Fixed In Version: nss-softokn-3.16.2-3.el7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1004105
Last Closed: 2015-03-05 03:27:33 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Bob Relyea 2013-09-03 20:20:40 EDT
+++ This bug was initially created as a clone of Bug #1004105 +++

The lab has a set of comments for the FIPS review in:

  - update to continous random test.
  - memset in error patch for prng_generateNewBytes()

  - zeroize data struct, buffer and counter Buffer in gcmHash_DestroyContext.
  - zeroize C_i in gcmHash_Mult
  - seroize T in gcmHash_final
  - GCM_DestroyContext: zeroization of tagBits and tagKey missing
  - GCM_DecryptUpdate: zeroization of tag

  - ctr_GetNextCtr: need to prevent wrap of the counter here.
  - CTS_EncryptUpdate/CTS_DecryptUpdate: zeroization of the chars

ECC - 
   - ECDSA_VerifyDigest: zeroization of pointC missing
   - ec_GenerateRandomPrivateKey: zeroization of privKeyBytes missing in 
error condition

DH - 
  - DH_NewKey: there is no CHECK_SEC_OK around RNG_GenerateGlobalRandomBytes\
  - DH_NewKey: zeroize key in case of error (e.g mp_mod can cause an error 
even after a random value is generated)
  - DH_Derive / KEA_Derive: there is no check for NULL after allocation of 
secret, derivedSecret

   - makePrimefromPrimesShaweTaylor / makePrimefromSeedShaweTaylor:
zeroize x

   - RSA_NewKey / RSA_PopulatePrivateKey: zeroize arena in error case


The following is public data that may need to be zeroized?:
- AESKeyWrap_DestroyContext: zeroization of iv?
- DH_GenParam: zeroize arena in error case
- CTS_DestroyContext: zeroization of iv?
- PQG_DestroyParams: zeroize all stuff before release
- PQG_DestroyVerify: zeroize all entries
Comment 7 Bob Relyea 2014-09-26 18:50:13 EDT
fixed in : nss-softokn-3.16.2-3.el7
Comment 11 errata-xmlrpc 2015-03-05 03:27:33 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.