Open Bug 1834672 Opened 2 years ago Updated 5 months ago

guard against excessive iteration count in PKCS#12 files

Categories

(NSS :: Libraries, enhancement, P3)

Product:
NSS
Component:
Libraries
Type:
enhancement

Tracking

(Not tracked)

Status:
UNCONFIRMED

People

(Reporter: marc, Unassigned)

Details

(Whiteboard: [nss-fx])

Attachments

(1 file)

outfile_2147483647.p12
2.48 KB, application/x-pkcs12
Details
Attached file outfile_2147483647.p12

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36

Steps to reproduce:

  • Create a PKCS12 file from a certificate, set the mac iteration count to 2147483647

  • Installed firefox 113.0.2-1 from Mozilla on Ubuntu 22.04

  • Imported a certificate in PKCS12 format in Certificate Manager. The supplied file outfile_2147483647.p12 has a mac iteration count set to 2147483647 (and password is empty)

openssl pkcs12 -info -in outfile_2147483647.p12
Enter Import Password:
MAC: sha256, Iteration 2147483647
MAC length: 32, salt length: 8
^C

Actual results:

Firefox GUI locks up for unexpectedly long time, and CPU usage goes up to max.
893244 user 20 0 11.1g 497080 201956 R 100.0 3.1 37:03.87 firefox

Expected results:

Firefox should have warned about service interruption due to high max iteration count (as by NIST recommendation).

Behavior of other tools:

  • The Java keytool rejects the iteration count as being to high
  • Schannel certutil reacts with a decoding error

Industry recommendation:
The Nist publication 800-132 "Recommendation for Password-Based Key Derivation" recommends to handle iteration counts carefully: "The iteration count shall be selected as large as possible, as long as the time required to generate the key using the entered password is acceptable for the users". Since the iteration count is known before importing the entire file, this recommendation may also apply for importing such files too.

The process is busy here:

#0 0x00007f592f45b0f0 in ?? () from target:/snap/firefox/2710/usr/lib/firefox/libfreeblpriv3.so
#1 0x00007f592f45c596 in ?? () from target:/snap/firefox/2710/usr/lib/firefox/libfreeblpriv3.so
#2 0x00007f592f3e3a78 in ?? () from target:/snap/firefox/2710/usr/lib/firefox/libfreeblpriv3.so
#3 0x00007f592f4bf9eb in ?? () from target:/snap/firefox/2710/usr/lib/firefox/libsoftokn3.so
#4 0x00007f592f4cf5db in ?? () from target:/snap/firefox/2710/usr/lib/firefox/libsoftokn3.so
#5 0x00007f592f4cf2b0 in ?? () from target:/snap/firefox/2710/usr/lib/firefox/libsoftokn3.so
#6 0x00007f594a9c4036 in PK11_KeyGenWithTemplate () from target:/snap/firefox/2710/usr/lib/firefox/libnss3.so
#7 0x00007f594a9c3d95 in ?? () from target:/snap/firefox/2710/usr/lib/firefox/libnss3.so
#8 0x00007f594a9c03aa in ?? () from target:/snap/firefox/2710/usr/lib/firefox/libnss3.so
#9 0x00007f594a9c0583 in PK11_PBEKeyGen () from target:/snap/firefox/2710/usr/lib/firefox/libnss3.so
#10 0x00007f594b4154c9 in ?? () from target:/snap/firefox/2710/usr/lib/firefox/libsmime3.so
#11 0x00007f594b41bb81 in ?? () from target:/snap/firefox/2710/usr/lib/firefox/libsmime3.so
#12 0x00007f594b41ab24 in ?? () from target:/snap/firefox/2710/usr/lib/firefox/libsmime3.so
#13 0x00007f594b445f16 in SEC_ASN1DecoderUpdate_Util () from target:/snap/firefox/2710/usr/lib/firefox/libnssutil3.so
#14 0x00007f594b41ac63 in SEC_PKCS7DecoderUpdate () from target:/snap/firefox/2710/usr/lib/firefox/libsmime3.so
#15 0x00007f594b447705 in SEC_ASN1DecoderUpdate_Util () from target:/snap/firefox/2710/usr/lib/firefox/libnssutil3.so
#16 0x00007f594b4151fb in ?? () from target:/snap/firefox/2710/usr/lib/firefox/libsmime3.so
#17 0x00007f594b41bf46 in ?? () from target:/snap/firefox/2710/usr/lib/firefox/libsmime3.so
#18 0x00007f594b447705 in SEC_ASN1DecoderUpdate_Util () from target:/snap/firefox/2710/usr/lib/firefox/libnssutil3.so
#19 0x00007f594b41ac63 in SEC_PKCS7DecoderUpdate () from target:/snap/firefox/2710/usr/lib/firefox/libsmime3.so
#20 0x00007f594b41506d in ?? () from target:/snap/firefox/2710/usr/lib/firefox/libsmime3.so
#21 0x00007f594b447705 in SEC_ASN1DecoderUpdate_Util () from target:/snap/firefox/2710/usr/lib/firefox/libnssutil3.so
#22 0x00007f594b413489 in SEC_PKCS12DecoderUpdate () from target:/snap/firefox/2710/usr/lib/firefox/libsmime3.so

Not sure this needs to be security-sensitive as this functionality is not (AFAIK) exposed to the web. Dana?

Group: firefox-core-security → crypto-core-security
Component: Untriaged → Security: PSM
Flags: needinfo?(dkeeler)
Product: Firefox → Core

As expected, this would also affect pk12util to stall with high CPU. A secure default to be checked prior mac calculation could be helpful.

This isn't exposed to web content. In any case, I think NSS should provide some way of handling this - maybe either a parameter that specifies the max iteration count, or setting a default and returning an error, etc.

Assignee: nobody → nobody
Group: crypto-core-security
Type: defect → enhancement
Component: Security: PSM → Libraries
Flags: needinfo?(dkeeler)
Product: Core → NSS
Summary: Importing a certificate in PKCS12 format freezes Firefox → guard against excessive iteration count in PKCS#12 files
Version: Firefox 113 → other
Severity: -- → S4
Priority: -- → P3
Whiteboard: [nss-fx]

This also affects pk12util, it accepts any password and stalls forever.

After two years, any new movement to fix this?

You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: