Bug 829088 - nss-softokn sha224 self-test fails in fips mode
nss-softokn sha224 self-test fails in fips mode
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: nss-softokn (Show other bugs)
17
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Elio Maldonado Batiz
Fedora Extras Quality Assurance
:
: 903144 (view as bug list)
Depends On:
Blocks: 717789 811753 867144
  Show dependency treegraph
 
Reported: 2012-06-05 18:34 EDT by Alexandre Oliva
Modified: 2013-01-24 12:45 EST (History)
13 users (show)

See Also:
Fixed In Version: nss-softokn-3.13.4-3.fc18, nss-softokn-3.13.4-3.fc17
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 811753
Environment:
Last Closed: 2012-07-19 05:13:49 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
nss test sample C file (4.67 KB, text/plain)
2012-06-07 12:03 EDT, Paul Wouters
no flags Details
minimalist bug reproducer (1.55 KB, text/plain)
2012-06-12 22:20 EDT, Elio Maldonado Batiz
no flags Details
nss-softokn sha224 fips self test fix (922 bytes, patch)
2012-06-13 01:40 EDT, Paul Wouters
no flags Details | Diff
patch as it was checked in - same as applied upstream (1.01 KB, patch)
2012-06-13 17:37 EDT, Elio Maldonado Batiz
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
Mozilla Foundation 762198 None None None 2012-06-06 15:40:29 EDT

  None (edit)
Description Alexandre Oliva 2012-06-05 18:34:08 EDT
+++ This bug was initially created as a clone of Bug #811753 +++

Description of problem:
crypt() returns NULL in fipsmode 

crypt returned NULL for salt $6$FOOBAR
crypt returned NULL for salt $5$FOOBAR

Expected results:
$6$FOOBAR$yPOQuPE1ruwOrYiApWDYw9BxeLk/oIjajCgzubzO0PYEos/vnqpTnNI12VIdiUF8hiHT9bMslahk/0Oikb.nA.
$5$FOOBAR$cDCnc4lB6JRog7XV9JxxoKiWTHbH09P9xkfnf237ke7

--- Additional comment from aoliva@redhat.com on 2012-06-05 18:14:33 EDT ---

FWIW, I've managed to duplicate the problem on a F16-ish box, with glibc master (with or without my patches) and nss-softokn-{freebl,debuginfo}-3.13.4-1.fc16.x86_64

I didn't have FIPS enabled, so I used gdb to pretend it was enabled, setting a breakpoint on nsslowhash.c:305 and setting d to '1' before proceeding (that's where it tests what it read from /proc/sys/crypto/fips_enabled).

Then I stepped into freebl_fips_SHA_PowerUpSelfTest, only run when FIPS is enabled, and noticed the problem was that the SHA224 self-test was failing: SHA224_HashBuf set sha_computed_digest to a bitstream completely different from sha224_known_digest.

I'm not sufficiently familiar with these crypto algorithms to tell whether it is the test or the implementation that is broken, but I'm pretty sure that once either of them is fixed, SHA256 and SHA512 password crypto is going to work with glibc's crypt() build with --enable-nss-crypt.

So, I'm going to clone this bug and assign the clone to nss-softokn, so that this one remains about the glibc crypt changes.
Comment 1 Elio Maldonado Batiz 2012-06-06 15:26:03 EDT
Though we can't currently enable system wide fips mode by doing a buildwith tis change
-    if (!post && nsslow_GetFIPSEnabled()) {
+    if (!post && (1 || nsslow_GetFIPSEnabled())) { /* force the test to be run always */
 	crv = freebl_fipsPowerUpSelfTest();
 	if (crv != CKR_OK) {
 	    post_failed = 1;
that forces execution of the powerup slef-tests regradless I can reproduce the problem. I booted in single user mode okay and when to run level 3 where authetication of root failed, likewise on run level 5 I could gogin as regular user. I checkd the expected anwser and it matches a value from
http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/SHA224.pdf
so the computed value is indeed wrong. I'll work on this and log the corresponding bug.
Comment 2 Paul Wouters 2012-06-07 12:03:32 EDT
Created attachment 590229 [details]
nss test sample C file

I'm confused then. The attached nss-example.c runs fine in fips mode. If the fips self test is supposed to fail over the bad sha2 selftest, why does this example run fine in fips mode?
Comment 3 Bob Relyea 2012-06-07 13:26:43 EDT
The problem isn't in softoken. Softoken in Fips mode works fine. The problem is in the direct to freebl interface in FIPS mode (think libgcrypt).

bob
Comment 4 Bob Relyea 2012-06-07 13:37:35 EDT
It also only affects softoken 3.13.x, so there is no issue with RHEL5 or RHEL6.

bob
Comment 5 Elio Maldonado Batiz 2012-06-12 22:20:03 EDT
Created attachment 591327 [details]
minimalist bug reproducer

See the comments at the top of the file wit the steps to reproduce it. Since fedora isn't quite ready for fips mode I turn it on and off by devious means.
Proceed with care. I followed the steps and traced execition with gdb and saw the sha224 power-up self-test fail the compare. I have submitted a patch to the upstream bug and along with it a full test suite for the nss low hash api.
Comment 6 Paul Wouters 2012-06-13 01:40:06 EDT
Created attachment 591352 [details]
nss-softokn sha224 fips self test fix

This patch does fix my issue, and nss works properly in fips mode
Comment 7 Paul Wouters 2012-06-13 01:41:30 EDT
It also properly handles the crypt() calls now via freebl for $5$ and $6$ salts.
Comment 8 Elio Maldonado Batiz 2012-06-13 10:39:51 EDT
Thank you Paul for verifiying the fix and attaching a downstream version of the upstream patch - they are effectively the same. The fix consists of using for the nss lowhash self-tests the same expected value as used in softoken .
Comment 9 Elio Maldonado Batiz 2012-06-13 17:37:58 EDT
Created attachment 591641 [details]
patch as it was checked in - same as applied upstream
Comment 10 Fedora Update System 2012-07-08 18:51:56 EDT
nspr-4.9.1-1.fc17,nss-util-3.13.5-1.fc17,nss-softokn-3.13.5-1.fc17,nss-3.13.5-1.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/nspr-4.9.1-1.fc17,nss-util-3.13.5-1.fc17,nss-softokn-3.13.5-1.fc17,nss-3.13.5-1.fc17
Comment 11 Fedora Update System 2012-07-10 12:31:51 EDT
Package nspr-4.9.1-1.fc17, nss-util-3.13.5-1.fc17, nss-softokn-3.13.5-1.fc17, nss-3.13.5-1.fc17:
* should fix your issue,
* was pushed to the Fedora 17 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing nspr-4.9.1-1.fc17 nss-util-3.13.5-1.fc17 nss-softokn-3.13.5-1.fc17 nss-3.13.5-1.fc17'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-10451/nspr-4.9.1-1.fc17,nss-util-3.13.5-1.fc17,nss-softokn-3.13.5-1.fc17,nss-3.13.5-1.fc17
then log in and leave karma (feedback).
Comment 12 Fedora Update System 2012-07-12 14:57:45 EDT
Package nspr-4.9.1-2.fc17, nss-util-3.13.5-1.fc17, nss-softokn-3.13.5-1.fc17, nss-3.13.5-1.fc17:
* should fix your issue,
* was pushed to the Fedora 17 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing nspr-4.9.1-2.fc17 nss-util-3.13.5-1.fc17 nss-softokn-3.13.5-1.fc17 nss-3.13.5-1.fc17'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-10451/nspr-4.9.1-2.fc17,nss-util-3.13.5-1.fc17,nss-softokn-3.13.5-1.fc17,nss-3.13.5-1.fc17
then log in and leave karma (feedback).
Comment 13 Fedora Update System 2012-07-12 16:15:01 EDT
nspr-4.9.1-2.fc16,nss-util-3.13.5-1.fc16,nss-softokn-3.13.5-1.fc16,nss-3.13.5-1.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/nspr-4.9.1-2.fc16,nss-util-3.13.5-1.fc16,nss-softokn-3.13.5-1.fc16,nss-3.13.5-1.fc16
Comment 14 Paul Wouters 2012-07-17 20:09:42 EDT
confirmed working on f16 and f17. Thanks!
Comment 15 Fedora Update System 2012-07-19 05:13:49 EDT
nspr-4.9.1-2.fc17, nss-util-3.13.5-1.fc17, nss-softokn-3.13.5-1.fc17, nss-3.13.5-1.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 16 Fedora Update System 2012-07-30 18:24:20 EDT
nspr-4.9.1-2.fc16, nss-util-3.13.5-1.fc16, nss-softokn-3.13.5-1.fc16, nss-3.13.5-1.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 19 Miroslav Lichvar 2013-01-24 12:45:16 EST
*** Bug 903144 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.