Hide Forgot
+++ This bug was initially created as a clone of Bug #1004105 +++ The lab has a set of comments for the FIPS review in: prng - update to continous random test. - memset in error patch for prng_generateNewBytes() AES GCM - zeroize data struct, buffer and counter Buffer in gcmHash_DestroyContext. - zeroize C_i in gcmHash_Mult - seroize T in gcmHash_final - GCM_DestroyContext: zeroization of tagBits and tagKey missing - GCM_DecryptUpdate: zeroization of tag AES CTR - ctr_GetNextCtr: need to prevent wrap of the counter here. - CTS_EncryptUpdate/CTS_DecryptUpdate: zeroization of the chars ECC - - ECDSA_VerifyDigest: zeroization of pointC missing - ec_GenerateRandomPrivateKey: zeroization of privKeyBytes missing in error condition DH - - DH_NewKey: there is no CHECK_SEC_OK around RNG_GenerateGlobalRandomBytes\ - DH_NewKey: zeroize key in case of error (e.g mp_mod can cause an error even after a random value is generated) - DH_Derive / KEA_Derive: there is no check for NULL after allocation of secret, derivedSecret PQG - makePrimefromPrimesShaweTaylor / makePrimefromSeedShaweTaylor: zeroize x RSA - - RSA_NewKey / RSA_PopulatePrivateKey: zeroize arena in error case Thi The following is public data that may need to be zeroized?: - AESKeyWrap_DestroyContext: zeroization of iv? - DH_GenParam: zeroize arena in error case - CTS_DestroyContext: zeroization of iv? - PQG_DestroyParams: zeroize all stuff before release - PQG_DestroyVerify: zeroize all entries
fixed in : nss-softokn-3.16.2-3.el7
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-0364.html