Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
mozilla-nss.22260
nss-fips-zeroization.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File nss-fips-zeroization.patch of Package mozilla-nss.22260
# HG changeset patch # User Hans Petter Jansson <hpj@cl.no> # Date 1574240665 -3600 # Wed Nov 20 10:04:25 2019 +0100 # Node ID 3a2cb65dc157344cdad19e8e16e9c33e36f82d96 # Parent 2d4483f4a1259f965f32ff4c65436e92aef83be7 [PATCH 07/10] 29 From 76da775313bd40a1353a9d2f6cc43ebe1a287574 Mon Sep 17 00:00:00 2001 --- nss/lib/freebl/aeskeywrap.c | 1 + nss/lib/freebl/cts.c | 18 +++++++++------ nss/lib/freebl/dh.c | 4 ++++ nss/lib/freebl/ec.c | 2 +- nss/lib/freebl/gcm.c | 45 +++++++++++++++++++++++++++++++++---- 5 files changed, 58 insertions(+), 12 deletions(-) Index: nss/lib/freebl/aeskeywrap.c =================================================================== --- nss.orig/lib/freebl/aeskeywrap.c +++ nss/lib/freebl/aeskeywrap.c @@ -102,6 +102,7 @@ AESKeyWrap_DestroyContext(AESKeyWrapCont { if (cx) { AES_DestroyContext(&cx->aescx, PR_FALSE); + memset(cx->iv, 0, sizeof (cx->iv)); /* memset(cx, 0, sizeof *cx); */ if (freeit) { PORT_Free(cx->mem); Index: nss/lib/freebl/cts.c =================================================================== --- nss.orig/lib/freebl/cts.c +++ nss/lib/freebl/cts.c @@ -37,6 +37,7 @@ CTS_CreateContext(void *context, freeblC void CTS_DestroyContext(CTSContext *cts, PRBool freeit) { + PORT_Memset(cts, 0, sizeof(CTSContext)); if (freeit) { PORT_Free(cts); } @@ -135,7 +136,7 @@ CTS_EncryptUpdate(CTSContext *cts, unsig PORT_Memset(lastBlock + inlen, 0, blocksize - inlen); rv = (*cts->cipher)(cts->context, outbuf, &tmp, maxout, lastBlock, blocksize, blocksize); - PORT_Memset(lastBlock, 0, blocksize); + PORT_Memset(lastBlock, 0, MAX_BLOCK_SIZE); if (rv == SECSuccess) { *outlen = written + blocksize; } else { @@ -230,13 +231,15 @@ CTS_DecryptUpdate(CTSContext *cts, unsig rv = (*cts->cipher)(cts->context, outbuf, outlen, maxout, inbuf, fullblocks, blocksize); if (rv != SECSuccess) { - return SECFailure; + rv = SECFailure; + goto cleanup; } *outlen = fullblocks; /* AES low level doesn't set outlen */ inbuf += fullblocks; inlen -= fullblocks; if (inlen == 0) { - return SECSuccess; + rv = SECSuccess; + goto cleanup; } outbuf += fullblocks; @@ -280,9 +283,9 @@ CTS_DecryptUpdate(CTSContext *cts, unsig rv = (*cts->cipher)(cts->context, Pn, &tmpLen, blocksize, lastBlock, blocksize, blocksize); if (rv != SECSuccess) { - PORT_Memset(lastBlock, 0, blocksize); PORT_Memset(saveout, 0, *outlen); - return SECFailure; + rv = SECFailure; + goto cleanup; } /* make up for the out of order CBC decryption */ XOR_BLOCK(Pn, Cn_2, blocksize); @@ -297,7 +300,8 @@ CTS_DecryptUpdate(CTSContext *cts, unsig /* clear last block. At this point last block contains Pn xor Cn_1 xor * Cn_2, both of with an attacker would know, so we need to clear this * buffer out */ - PORT_Memset(lastBlock, 0, blocksize); +cleanup: + PORT_Memset(lastBlock, 0, MAX_BLOCK_SIZE); /* Cn, Cn_1, and Cn_2 have encrypted data, so no need to clear them */ - return SECSuccess; + return rv; } Index: nss/lib/freebl/dh.c =================================================================== --- nss.orig/lib/freebl/dh.c +++ nss/lib/freebl/dh.c @@ -193,6 +193,10 @@ cleanup: rv = SECFailure; } if (rv) { + SECITEM_ZfreeItem(&key->prime, PR_FALSE); + SECITEM_ZfreeItem(&key->base, PR_FALSE); + SECITEM_ZfreeItem(&key->publicValue, PR_FALSE); + SECITEM_ZfreeItem(&key->privateValue, PR_FALSE); *privKey = NULL; PORT_FreeArena(arena, PR_TRUE); } Index: nss/lib/freebl/ec.c =================================================================== --- nss.orig/lib/freebl/ec.c +++ nss/lib/freebl/ec.c @@ -943,7 +943,7 @@ ECDSA_VerifyDigest(ECPublicKey *key, con ECParams *ecParams = NULL; SECItem pointC = { siBuffer, NULL, 0 }; int slen; /* length in bytes of a half signature (r or s) */ - int flen; /* length in bytes of the field size */ + int flen = 0; /* length in bytes of the field size */ unsigned olen; /* length in bytes of the base point order */ unsigned obits; /* length in bits of the base point order */ Index: nss/lib/freebl/gcm.c =================================================================== --- nss.orig/lib/freebl/gcm.c +++ nss/lib/freebl/gcm.c @@ -162,6 +162,9 @@ bmul(uint64_t x, uint64_t y, uint64_t *r *r_high = (uint64_t)(r >> 64); *r_low = (uint64_t)r; + + /* Zeroization */ + x1 = x2 = x3 = x4 = x5 = y1 = y2 = y3 = y4 = y5 = r = z = 0; } SECStatus @@ -200,6 +203,12 @@ gcm_HashMult_sftw(gcmHashContext *ghash, } ghash->x_low = ci_low; ghash->x_high = ci_high; + + /* Zeroization */ + ci_low = ci_high = z2_low = z2_high = z0_low = z0_high = z1a_low = z1a_high = 0; + z_low = z_high = 0; + i = 0; + return SECSuccess; } #else @@ -239,6 +248,10 @@ bmul32(uint32_t x, uint32_t y, uint32_t z = z0 | z1 | z2 | z3; *r_high = (uint32_t)(z >> 32); *r_low = (uint32_t)z; + + /* Zeroization */ + x0 = x1 = x2 = x3 = y0 = y1 = y2 = y3 = 0; + z0 = z1 = z2 = z3 = z = 0; } SECStatus @@ -324,6 +337,20 @@ gcm_HashMult_sftw32(gcmHashContext *ghas ghash->x_high = z_high_h; ghash->x_low = z_high_l; } + + /* Zeroization */ + ci_low = ci_high = z_high_h = z_high_l = z_low_h = z_low_l = 0; + + ci_high_h = ci_high_l = ci_low_h = ci_low_l + = b_a_h = b_a_l = a_a_h = a_a_l = b_b_h = b_b_l + = a_b_h = a_b_l = b_c_h = b_c_l = a_c_h = a_c_l = c_c_h = c_c_l + = ci_highXlow_h = ci_highXlow_l = c_a_h = c_a_l = c_b_h = c_b_l + = h_high_h = h_high_l = h_low_h = h_low_l = h_highXlow_h = h_highXlow_l + = h_highX_xored + = 0; + + i = 0; + return SECSuccess; } #endif /* HAVE_INT128_SUPPORT */ @@ -867,11 +894,13 @@ GCM_DecryptUpdate(GCMContext *gcm, unsig /* verify the block */ rv = gcmHash_Update(gcm->ghash_context, inbuf, inlen); if (rv != SECSuccess) { - return SECFailure; + rv = SECFailure; + goto cleanup; } rv = gcm_GetTag(gcm, tag, &len, AES_BLOCK_SIZE); if (rv != SECSuccess) { - return SECFailure; + rv = SECFailure; + goto cleanup; } /* Don't decrypt if we can't authenticate the encrypted data! * This assumes that if tagBits is not a multiple of 8, intag will @@ -879,10 +908,18 @@ GCM_DecryptUpdate(GCMContext *gcm, unsig if (NSS_SecureMemcmp(tag, intag, tagBytes) != 0) { /* force a CKR_ENCRYPTED_DATA_INVALID error at in softoken */ PORT_SetError(SEC_ERROR_BAD_DATA); - PORT_Memset(tag, 0, sizeof(tag)); - return SECFailure; + rv = SECFailure; + goto cleanup; } +cleanup: + tagBytes = 0; PORT_Memset(tag, 0, sizeof(tag)); + intag = NULL; + len = 0; + if (rv != SECSuccess) { + return rv; + } + /* finish the decryption */ return CTR_Update(&gcm->ctr_context, outbuf, outlen, maxout, inbuf, inlen, AES_BLOCK_SIZE);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor