Red Hat Bugzilla – Bug 1004107
softoken needs to address FIPS review comments.
Last modified: 2015-03-05 03:27:33 EST
+++ This bug was initially created as a clone of Bug #1004105 +++
The lab has a set of comments for the FIPS review in:
- update to continous random test.
- memset in error patch for prng_generateNewBytes()
- zeroize data struct, buffer and counter Buffer in gcmHash_DestroyContext.
- zeroize C_i in gcmHash_Mult
- seroize T in gcmHash_final
- GCM_DestroyContext: zeroization of tagBits and tagKey missing
- GCM_DecryptUpdate: zeroization of tag
- ctr_GetNextCtr: need to prevent wrap of the counter here.
- CTS_EncryptUpdate/CTS_DecryptUpdate: zeroization of the chars
- ECDSA_VerifyDigest: zeroization of pointC missing
- ec_GenerateRandomPrivateKey: zeroization of privKeyBytes missing in
- DH_NewKey: there is no CHECK_SEC_OK around RNG_GenerateGlobalRandomBytes\
- DH_NewKey: zeroize key in case of error (e.g mp_mod can cause an error
even after a random value is generated)
- DH_Derive / KEA_Derive: there is no check for NULL after allocation of
- makePrimefromPrimesShaweTaylor / makePrimefromSeedShaweTaylor:
- RSA_NewKey / RSA_PopulatePrivateKey: zeroize arena in error case
The following is public data that may need to be zeroized?:
- AESKeyWrap_DestroyContext: zeroization of iv?
- DH_GenParam: zeroize arena in error case
- CTS_DestroyContext: zeroization of iv?
- PQG_DestroyParams: zeroize all stuff before release
- PQG_DestroyVerify: zeroize all entries
fixed in : nss-softokn-3.16.2-3.el7
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.