1546477 - FIPS review changes.

Status: RESOLVED FIXED

(NSS :: Build, enhancement, P1)

Description

[Robert Relyea]

Guidance continues to change, and we need to make some updates to NSS to meet the latest guidance in FIPS.

This is the issues identified to make the next cut for FIPS:

1. DH/ECDH key tests missing for the PG parameters in softokn. (I think they are actually implememented in the SSL code currently, I just need to move it.).
2. PQG verify fails when create DSA PQG parameters because the counts aren't returned correctly.
3. POST issues:
   3.1 [optional] move ECDSA post to use SHA2 rather than sha2.
   3.2 Missing ECDH post.
   3.3 Missing DH post.
   3.4 Missing AES GCM post (add to aes post).
4. RSA Pairwise consistency test: please memcmp generated signature to be different from input data. (this is to make sure we don't have some form of unity key?.. d = 1 mod phi().
5. zeroization of AES context missing - This one is a patch we've had for a while and just needs to be pushed upstream.

Comment 1

[Robert Relyea]

Attachment: Bug 1546477 - FIPS review changes.

Comment 2

[J.C. Jones [:jcj] (he/him)]

Landed as:
https://hg.mozilla.org/projects/nss/rev/6c626c7440fd67716f41f7ca3d43d52b5382d201
NSS 3.44: https://hg.mozilla.org/projects/nss/rev/60484bf87599d666647a89342cde42a242f1ad1f

However, LSAN has caught memory leaks:

    #17 0x7e5d0b in bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /home/worker/nss/out/Debug/../../gtests/google_test/gtest/src/gtest.cc:2443:10
    #18 0x77aa41 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /home/worker/nss/out/Debug/../../gtests/google_test/gtest/src/gtest.cc:2479:14
    #19 0x77a151 in testing::UnitTest::Run() /home/worker/nss/out/Debug/../../gtests/google_test/gtest/src/gtest.cc:4786:10
    #20 0x71f29f in RUN_ALL_TESTS() /home/worker/nss/out/Debug/../../gtests/google_test/gtest/include/gtest/gtest.h:2341:46
    #21 0x71f149 in main /home/worker/nss/out/Debug/../../gtests/common/gtests.cc:31:12
    #22 0x7fc940725b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
Direct leak of 319 byte(s) in 1 object(s) allocated from:
    #0 0x5daed0 in __interceptor_malloc (/home/worker/dist/Debug/bin/pk11_gtest+0x5daed0)
    #1 0x7fc93bbb3241 in PORT_ZAllocAligned_stub /home/worker/nss/out/Debug/../../lib/freebl/stubs.c:250:12
    #2 0x7fc93bbb34ec in PORT_ZAllocAlignedOffset_stub /home/worker/nss/out/Debug/../../lib/freebl/stubs.c:273:15
    #3 0x7fc93bb0bdad in AES_AllocateContext /home/worker/nss/out/Debug/../../lib/freebl/rijndael.c:812:12
    #4 0x7fc93bb0d2b2 in AES_CreateContext /home/worker/nss/out/Debug/../../lib/freebl/rijndael.c:1014:22
    #5 0x7fc93c7dcbf7 in AES_CreateContext /home/worker/nss/out/Debug/../../lib/freebl/loader.c:439:12
    #6 0x7fc93c760be5 in sftk_CryptInit /home/worker/nss/out/Debug/../../lib/softoken/pkcs11c.c:1168:35
    #7 0x7fc93c75ce54 in NSC_EncryptInit /home/worker/nss/out/Debug/../../lib/softoken/pkcs11c.c:1301:12
    #8 0x7fc94102d1cf in PK11_Encrypt /home/worker/nss/out/Debug/../../lib/pk11wrap/pk11obj.c:969:11
    #9 0x625659 in nss_test::Pkcs11AesGcmTest::EncryptWithIV(std::vector<unsigned char, std::allocator<unsigned char> >&) /home/worker/nss/out/Debug/../../gtests/pk11_gtest/pk11_aes_gcm_unittest.cc:130:12
    #10 0x624630 in nss_test::Pkcs11AesGcmTest_ZeroLengthIV_Test::TestBody() /home/worker/nss/out/Debug/../../gtests/pk11_gtest/pk11_aes_gcm_unittest.cc:147:3
    #11 0x7d8f7b in void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /home/worker/nss/out/Debug/../../gtests/google_test/gtest/src/gtest.cc:2443:10
    #12 0x74bc61 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /home/worker/nss/out/Debug/../../gtests/google_test/gtest/src/gtest.cc:2479:14
    #13 0x74b5f6 in testing::Test::Run() /home/worker/nss/out/Debug/../../gtests/google_test/gtest/src/gtest.cc:2517:5
    #14 0x74f466 in testing::TestInfo::Run() /home/worker/nss/out/Debug/../../gtests/google_test/gtest/src/gtest.cc:2693:11
    #15 0x752c68 in testing::TestCase::Run() /home/worker/nss/out/Debug/../../gtests/google_test/gtest/src/gtest.cc:2811:28
    #16 0x77c7da in testing::internal::UnitTestImpl::RunAllTests() /home/worker/nss/out/Debug/../../gtests/google_test/gtest/src/gtest.cc:5177:43
    #17 0x7e5d0b in bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /home/worker/nss/out/Debug/../../gtests/google_test/gtest/src/gtest.cc:2443:10
    #18 0x77aa41 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /home/worker/nss/out/Debug/../../gtests/google_test/gtest/src/gtest.cc:2479:14
    #19 0x77a151 in testing::UnitTest::Run() /home/worker/nss/out/Debug/../../gtests/google_test/gtest/src/gtest.cc:4786:10
    #20 0x71f29f in RUN_ALL_TESTS() /home/worker/nss/out/Debug/../../gtests/google_test/gtest/include/gtest/gtest.h:2341:46
    #21 0x71f149 in main /home/worker/nss/out/Debug/../../gtests/common/gtests.cc:31:12
    #22 0x7fc940725b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
SUMMARY: AddressSanitizer: 4147 byte(s) leaked in 13 allocation(s).

We will need a fixup ASAP.

Comment 3

[J.C. Jones [:jcj] (he/him)]

NSS_3_44_BRANCH fixup: https://hg.mozilla.org/projects/nss/rev/b1f1420d90c0087dc3d8bc87e5b836a3b6ce4295

Transplanted to default: https://hg.mozilla.org/projects/nss/rev/9af99cee6cbff912bdfe0eefb2351c1c46e756d9

Comment 4

[J.C. Jones [:jcj] (he/him)]

https://hg.mozilla.org/projects/nss/rev/154937a2bff3ad2779e98561088b9834b61761ca