mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-25 13:51:41 +00:00
Bugzilla Bug 336509: check for continuous RNG test failure after direct and
indirect uses of the RNG. r=relyea,nelsonb.
Modified files: fipstokn.c keydb.c pkcs11.c pkcs11c.c pkcs11i.h rsawrapr.c
softoken.h
This commit is contained in:
wtchang%redhat.com
parent
8e93d081bd
commit
48090e59a8
@ -106,7 +106,7 @@ libaudit_init(void)
|
||||
* ******************** Password Utilities *******************************
|
||||
*/
|
||||
static PRBool isLoggedIn = PR_FALSE;
|
||||
static PRBool fatalError = PR_FALSE;
|
||||
PRBool sftk_fatalError = PR_FALSE;
|
||||
|
||||
/*
|
||||
* This function returns
|
||||
@ -204,7 +204,7 @@ static CK_RV sftk_newPinCheck(CK_CHAR_PTR pPin, CK_ULONG ulPinLen) {
|
||||
|
||||
/* FIPS required checks before any useful cryptographic services */
|
||||
static CK_RV sftk_fipsCheck(void) {
|
||||
if (fatalError)
|
||||
if (sftk_fatalError)
|
||||
return CKR_DEVICE_ERROR;
|
||||
if (!isLoggedIn)
|
||||
return CKR_USER_NOT_LOGGED_IN;
|
||||
@ -217,7 +217,7 @@ static CK_RV sftk_fipsCheck(void) {
|
||||
if ((rv = sftk_fipsCheck()) != CKR_OK) return rv;
|
||||
|
||||
#define SFTK_FIPSFATALCHECK() \
|
||||
if (fatalError) return CKR_DEVICE_ERROR;
|
||||
if (sftk_fatalError) return CKR_DEVICE_ERROR;
|
||||
|
||||
|
||||
/* grab an attribute out of a raw template */
|
||||
@ -424,16 +424,16 @@ CK_RV FC_Initialize(CK_VOID_PTR pReserved) {
|
||||
|
||||
/* not an 'else' rv can be set by either SFTK_LowInit or SFTK_SlotInit*/
|
||||
if (crv != CKR_OK) {
|
||||
fatalError = PR_TRUE;
|
||||
sftk_fatalError = PR_TRUE;
|
||||
return crv;
|
||||
}
|
||||
|
||||
fatalError = PR_FALSE; /* any error has been reset */
|
||||
sftk_fatalError = PR_FALSE; /* any error has been reset */
|
||||
|
||||
crv = sftk_fipsPowerUpSelfTest();
|
||||
if (crv != CKR_OK) {
|
||||
nsc_CommonFinalize(NULL, PR_TRUE);
|
||||
fatalError = PR_TRUE;
|
||||
sftk_fatalError = PR_TRUE;
|
||||
if (sftk_audit_enabled) {
|
||||
char msg[128];
|
||||
PR_snprintf(msg,sizeof msg,
|
||||
@ -536,7 +536,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
|
||||
CK_RV FC_InitPIN(CK_SESSION_HANDLE hSession,
|
||||
CK_CHAR_PTR pPin, CK_ULONG ulPinLen) {
|
||||
CK_RV rv;
|
||||
if (fatalError) return CKR_DEVICE_ERROR;
|
||||
if (sftk_fatalError) return CKR_DEVICE_ERROR;
|
||||
if ((rv = sftk_newPinCheck(pPin,ulPinLen)) == CKR_OK) {
|
||||
rv = NSC_InitPIN(hSession,pPin,ulPinLen);
|
||||
}
|
||||
@ -616,7 +616,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
|
||||
CK_RV FC_Login(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType,
|
||||
CK_CHAR_PTR pPin, CK_ULONG usPinLen) {
|
||||
CK_RV rv;
|
||||
if (fatalError) return CKR_DEVICE_ERROR;
|
||||
if (sftk_fatalError) return CKR_DEVICE_ERROR;
|
||||
rv = NSC_Login(hSession,userType,pPin,usPinLen);
|
||||
if (rv == CKR_OK)
|
||||
isLoggedIn = PR_TRUE;
|
||||
@ -629,12 +629,12 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
|
||||
if (rv == CKR_OK)
|
||||
rv = CKR_USER_ALREADY_LOGGED_IN;
|
||||
else
|
||||
fatalError = PR_TRUE;
|
||||
sftk_fatalError = PR_TRUE;
|
||||
}
|
||||
if (sftk_audit_enabled) {
|
||||
char msg[128];
|
||||
NSSAuditSeverity severity;
|
||||
if (fatalError) {
|
||||
if (sftk_fatalError) {
|
||||
severity = NSS_AUDIT_ERROR;
|
||||
PR_snprintf(msg,sizeof msg,
|
||||
"C_Login(hSession=%lu, userType=%lu)=0x%08lX ",
|
||||
@ -1107,7 +1107,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
|
||||
usPrivateKeyAttributeCount,phPublicKey,phPrivateKey);
|
||||
if (crv == CKR_GENERAL_ERROR) {
|
||||
/* pairwise consistency check failed. */
|
||||
fatalError = PR_TRUE;
|
||||
sftk_fatalError = PR_TRUE;
|
||||
}
|
||||
return crv;
|
||||
}
|
||||
@ -1183,7 +1183,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
|
||||
SFTK_FIPSFATALCHECK();
|
||||
crv = NSC_SeedRandom(hSession,pSeed,usSeedLen);
|
||||
if (crv != CKR_OK) {
|
||||
fatalError = PR_TRUE;
|
||||
sftk_fatalError = PR_TRUE;
|
||||
}
|
||||
return crv;
|
||||
}
|
||||
@ -1197,7 +1197,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
|
||||
SFTK_FIPSFATALCHECK();
|
||||
crv = NSC_GenerateRandom(hSession,pRandomData,ulRandomLen);
|
||||
if (crv != CKR_OK) {
|
||||
fatalError = PR_TRUE;
|
||||
sftk_fatalError = PR_TRUE;
|
||||
if (sftk_audit_enabled) {
|
||||
char msg[128];
|
||||
PR_snprintf(msg,sizeof msg,
|
||||
|
||||
@ -34,7 +34,7 @@
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: keydb.c,v 1.45 2006/05/17 17:56:32 alexei.volkov.bugs%sun.com Exp $ */
|
||||
/* $Id: keydb.c,v 1.46 2006/07/31 18:10:17 wtchang%redhat.com Exp $ */
|
||||
|
||||
#include "lowkeyi.h"
|
||||
#include "seccomon.h"
|
||||
@ -580,13 +580,18 @@ makeGlobalSalt(NSSLOWKEYDBHandle *handle)
|
||||
DBT saltData;
|
||||
unsigned char saltbuf[16];
|
||||
int status;
|
||||
SECStatus rv;
|
||||
|
||||
saltKey.data = SALT_STRING;
|
||||
saltKey.size = sizeof(SALT_STRING) - 1;
|
||||
|
||||
saltData.data = (void *)saltbuf;
|
||||
saltData.size = sizeof(saltbuf);
|
||||
RNG_GenerateGlobalRandomBytes(saltbuf, sizeof(saltbuf));
|
||||
rv = RNG_GenerateGlobalRandomBytes(saltbuf, sizeof(saltbuf));
|
||||
if ( rv != SECSuccess ) {
|
||||
sftk_fatalError = PR_TRUE;
|
||||
return(rv);
|
||||
}
|
||||
|
||||
/* put global salt into the database now */
|
||||
status = keydb_Put(handle, &saltKey, &saltData, 0);
|
||||
@ -1522,11 +1527,12 @@ seckey_create_rc4_salt(void)
|
||||
if(salt->data != NULL)
|
||||
{
|
||||
salt->len = SALT_LENGTH;
|
||||
RNG_GenerateGlobalRandomBytes(salt->data, salt->len);
|
||||
rv = SECSuccess;
|
||||
rv = RNG_GenerateGlobalRandomBytes(salt->data, salt->len);
|
||||
if(rv != SECSuccess)
|
||||
sftk_fatalError = PR_TRUE;
|
||||
}
|
||||
|
||||
if(rv == SECFailure)
|
||||
if(rv != SECSuccess)
|
||||
{
|
||||
SECITEM_FreeItem(salt, PR_TRUE);
|
||||
salt = NULL;
|
||||
|
||||
@ -1538,6 +1538,7 @@ sftk_GenerateSecretCKA_ID(NSSLOWKEYDBHandle *handle, SECItem *id, char *label)
|
||||
|
||||
if ((rv != SECSuccess) || (retries > SFTK_KEY_MAX_RETRIES)) {
|
||||
crv = CKR_DEVICE_ERROR; /* random number generator is bad */
|
||||
sftk_fatalError = PR_TRUE;
|
||||
PORT_Free(id->data);
|
||||
id->data = NULL;
|
||||
id->len = 0;
|
||||
|
||||
@ -1666,6 +1666,9 @@ nsc_DSA_Sign_Stub(void *ctx, void *sigBuf,
|
||||
digest.data = (unsigned char *)dataBuf;
|
||||
digest.len = dataLen;
|
||||
rv = DSA_SignDigest(&(key->u.dsa), &signature, &digest);
|
||||
if (rv != SECSuccess && PORT_GetError() == SEC_ERROR_LIBRARY_FAILURE) {
|
||||
sftk_fatalError = PR_TRUE;
|
||||
}
|
||||
*sigLen = signature.len;
|
||||
return rv;
|
||||
}
|
||||
@ -1699,6 +1702,9 @@ nsc_ECDSASignStub(void *ctx, void *sigBuf,
|
||||
digest.data = (unsigned char *)dataBuf;
|
||||
digest.len = dataLen;
|
||||
rv = ECDSA_SignDigest(&(key->u.ec), &signature, &digest);
|
||||
if (rv != SECSuccess && PORT_GetError() == SEC_ERROR_LIBRARY_FAILURE) {
|
||||
sftk_fatalError = PR_TRUE;
|
||||
}
|
||||
*sigLen = signature.len;
|
||||
return rv;
|
||||
}
|
||||
@ -2604,6 +2610,9 @@ nsc_parameter_gen(CK_KEY_TYPE key_type, SFTKObject *key)
|
||||
}
|
||||
|
||||
if (rv != SECSuccess) {
|
||||
if (PORT_GetError() == SEC_ERROR_LIBRARY_FAILURE) {
|
||||
sftk_fatalError = PR_TRUE;
|
||||
}
|
||||
return CKR_DEVICE_ERROR;
|
||||
}
|
||||
crv = sftk_AddAttributeType(key,CKA_PRIME,
|
||||
@ -3432,6 +3441,9 @@ CK_RV NSC_GenerateKeyPair (CK_SESSION_HANDLE hSession,
|
||||
rsaPriv = RSA_NewKey(public_modulus_bits, &pubExp);
|
||||
PORT_Free(pubExp.data);
|
||||
if (rsaPriv == NULL) {
|
||||
if (PORT_GetError() == SEC_ERROR_LIBRARY_FAILURE) {
|
||||
sftk_fatalError = PR_TRUE;
|
||||
}
|
||||
crv = CKR_DEVICE_ERROR;
|
||||
break;
|
||||
}
|
||||
@ -3548,7 +3560,13 @@ kpg_done:
|
||||
PORT_Free(pqgParam.subPrime.data);
|
||||
PORT_Free(pqgParam.base.data);
|
||||
|
||||
if (rv != SECSuccess) { crv = CKR_DEVICE_ERROR; break; }
|
||||
if (rv != SECSuccess) {
|
||||
if (PORT_GetError() == SEC_ERROR_LIBRARY_FAILURE) {
|
||||
sftk_fatalError = PR_TRUE;
|
||||
}
|
||||
crv = CKR_DEVICE_ERROR;
|
||||
break;
|
||||
}
|
||||
|
||||
/* store the generated key into the attributes */
|
||||
crv = sftk_AddAttributeType(publicKey,CKA_VALUE,
|
||||
@ -3616,6 +3634,9 @@ dsagn_done:
|
||||
PORT_Free(dhParam.prime.data);
|
||||
PORT_Free(dhParam.base.data);
|
||||
if (rv != SECSuccess) {
|
||||
if (PORT_GetError() == SEC_ERROR_LIBRARY_FAILURE) {
|
||||
sftk_fatalError = PR_TRUE;
|
||||
}
|
||||
crv = CKR_DEVICE_ERROR;
|
||||
break;
|
||||
}
|
||||
@ -3665,8 +3686,11 @@ dhgn_done:
|
||||
rv = EC_NewKey(ecParams, &ecPriv);
|
||||
PORT_FreeArena(ecParams->arena, PR_TRUE);
|
||||
if (rv != SECSuccess) {
|
||||
crv = CKR_DEVICE_ERROR;
|
||||
break;
|
||||
if (PORT_GetError() == SEC_ERROR_LIBRARY_FAILURE) {
|
||||
sftk_fatalError = PR_TRUE;
|
||||
}
|
||||
crv = CKR_DEVICE_ERROR;
|
||||
break;
|
||||
}
|
||||
|
||||
crv = sftk_AddAttributeType(publicKey, CKA_EC_POINT,
|
||||
|
||||
@ -556,7 +556,7 @@ typedef struct sftk_parametersStr {
|
||||
SEC_BEGIN_PROTOS
|
||||
|
||||
/* shared functions between pkcs11.c and fipstokn.c */
|
||||
extern int nsf_init;
|
||||
extern PRBool nsf_init;
|
||||
extern CK_RV nsc_CommonInitialize(CK_VOID_PTR pReserved, PRBool isFIPS);
|
||||
extern CK_RV nsc_CommonFinalize(CK_VOID_PTR pReserved, PRBool isFIPS);
|
||||
extern CK_RV nsc_CommonGetSlotList(CK_BBOOL tokPresent,
|
||||
|
||||
@ -37,7 +37,7 @@
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: rsawrapr.c,v 1.9 2006/04/13 22:12:17 wtchang%redhat.com Exp $ */
|
||||
/* $Id: rsawrapr.c,v 1.10 2006/07/31 18:10:17 wtchang%redhat.com Exp $ */
|
||||
|
||||
#include "blapi.h"
|
||||
#include "softoken.h"
|
||||
@ -193,6 +193,7 @@ rsa_FormatOneBlock(unsigned modulusLen, RSA_BlockType blockType,
|
||||
unsigned char *bp;
|
||||
int padLen;
|
||||
int i;
|
||||
SECStatus rv;
|
||||
|
||||
block = (unsigned char *) PORT_Alloc(modulusLen);
|
||||
if (block == NULL)
|
||||
@ -254,8 +255,13 @@ rsa_FormatOneBlock(unsigned modulusLen, RSA_BlockType blockType,
|
||||
for (i = 0; i < padLen; i++) {
|
||||
/* Pad with non-zero random data. */
|
||||
do {
|
||||
RNG_GenerateGlobalRandomBytes(bp + i, 1);
|
||||
} while (bp[i] == RSA_BLOCK_AFTER_PAD_OCTET);
|
||||
rv = RNG_GenerateGlobalRandomBytes(bp + i, 1);
|
||||
} while (rv == SECSuccess && bp[i] == RSA_BLOCK_AFTER_PAD_OCTET);
|
||||
if (rv != SECSuccess) {
|
||||
sftk_fatalError = PR_TRUE;
|
||||
PORT_Free (block);
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
bp += padLen;
|
||||
*bp++ = RSA_BLOCK_AFTER_PAD_OCTET;
|
||||
@ -292,7 +298,12 @@ rsa_FormatOneBlock(unsigned modulusLen, RSA_BlockType blockType,
|
||||
/*
|
||||
* Salt
|
||||
*/
|
||||
RNG_GenerateGlobalRandomBytes(bp, OAEP_SALT_LEN);
|
||||
rv = RNG_GenerateGlobalRandomBytes(bp, OAEP_SALT_LEN);
|
||||
if (rv != SECSuccess) {
|
||||
sftk_fatalError = PR_TRUE;
|
||||
PORT_Free (block);
|
||||
return NULL;
|
||||
}
|
||||
bp += OAEP_SALT_LEN;
|
||||
|
||||
/*
|
||||
@ -310,8 +321,14 @@ rsa_FormatOneBlock(unsigned modulusLen, RSA_BlockType blockType,
|
||||
/*
|
||||
* Pad2
|
||||
*/
|
||||
if (bp < (block + modulusLen))
|
||||
RNG_GenerateGlobalRandomBytes(bp, block - bp + modulusLen);
|
||||
if (bp < (block + modulusLen)) {
|
||||
rv = RNG_GenerateGlobalRandomBytes(bp, block - bp + modulusLen);
|
||||
if (rv != SECSuccess) {
|
||||
sftk_fatalError = PR_TRUE;
|
||||
PORT_Free (block);
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Now we have the following:
|
||||
@ -463,6 +480,9 @@ RSA_Sign(NSSLOWKEYPrivateKey *key,
|
||||
goto done;
|
||||
|
||||
rv = RSA_PrivateKeyOpDoubleChecked(&key->u.rsa, output, formatted.data);
|
||||
if (rv != SECSuccess && PORT_GetError() == SEC_ERROR_LIBRARY_FAILURE) {
|
||||
sftk_fatalError = PR_TRUE;
|
||||
}
|
||||
*output_len = modulus_len;
|
||||
|
||||
goto done;
|
||||
@ -665,8 +685,12 @@ RSA_DecryptBlock(NSSLOWKEYPrivateKey *key,
|
||||
goto failure;
|
||||
|
||||
rv = RSA_PrivateKeyOp(&key->u.rsa, buffer, input);
|
||||
if (rv != SECSuccess)
|
||||
if (rv != SECSuccess) {
|
||||
if (PORT_GetError() == SEC_ERROR_LIBRARY_FAILURE) {
|
||||
sftk_fatalError = PR_TRUE;
|
||||
}
|
||||
goto loser;
|
||||
}
|
||||
|
||||
if (buffer[0] != 0 || buffer[1] != 2)
|
||||
goto loser;
|
||||
@ -725,6 +749,9 @@ RSA_SignRaw(NSSLOWKEYPrivateKey *key,
|
||||
goto done;
|
||||
|
||||
rv = RSA_PrivateKeyOpDoubleChecked(&key->u.rsa, output, formatted.data);
|
||||
if (rv != SECSuccess && PORT_GetError() == SEC_ERROR_LIBRARY_FAILURE) {
|
||||
sftk_fatalError = PR_TRUE;
|
||||
}
|
||||
*output_len = modulus_len;
|
||||
|
||||
done:
|
||||
@ -874,8 +901,12 @@ RSA_DecryptRaw(NSSLOWKEYPrivateKey *key,
|
||||
goto failure;
|
||||
|
||||
rv = RSA_PrivateKeyOp(&key->u.rsa, output, input);
|
||||
if (rv != SECSuccess)
|
||||
if (rv != SECSuccess) {
|
||||
if (PORT_GetError() == SEC_ERROR_LIBRARY_FAILURE) {
|
||||
sftk_fatalError = PR_TRUE;
|
||||
}
|
||||
goto failure;
|
||||
}
|
||||
|
||||
*output_len = modulus_len;
|
||||
return SECSuccess;
|
||||
|
||||
@ -36,7 +36,7 @@
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: softoken.h,v 1.12 2006/05/05 20:02:47 wtchang%redhat.com Exp $ */
|
||||
/* $Id: softoken.h,v 1.13 2006/07/31 18:10:17 wtchang%redhat.com Exp $ */
|
||||
|
||||
#ifndef _SOFTOKEN_H_
|
||||
#define _SOFTOKEN_H_
|
||||
@ -184,6 +184,11 @@ extern PRBool sftk_audit_enabled;
|
||||
|
||||
extern void sftk_LogAuditMessage(NSSAuditSeverity severity, const char *msg);
|
||||
|
||||
/*
|
||||
** FIPS 140-2 Error state
|
||||
*/
|
||||
extern PRBool sftk_fatalError;
|
||||
|
||||
SEC_END_PROTOS
|
||||
|
||||
#endif /* _SOFTOKEN_H_ */
|
||||
|
||||
Loading…
Reference in New Issue
Block a user