• Robert Relyea's avatar
    Bug 1697303 NSS needs to update it's csp clearing to FIPS 180-3 standards. · 888f7ca4
    Robert Relyea authored
    FIPS 180-3 updated the standard for clearing sensitive key material in FIPS modules. I've done a complete review of the portions of NSS affected by the FIPS requirements and identified all the areas where we need to update. The report is available here: https://docs.google.com/document/d/1v9kedUiwVYYIUagyT_vQdtrktjGUrA3SFsVP-LA6vOw/edit?usp=sharing
    
    This patch does the following:
        - Clears the stack in gcm and ecc to deal with large stack leakages.
    This only happens in FIPS enabled case. The size of the stack is based on the
    size of the leakage, with some extra to make sure we reach down into that area.
    Most of the leakage happens in either auto generated code or machine dependent
    acceleration code.
        - Clears hash related data that wasn't cleared previously
        - Clears public key exponents that wasn't cleared previously.
        - Clears components that should have been cleared previously but wasn't.
    
    Usually clearing takes one of the following forms:
        PORT_Free(x) -> PORT_Free(x, size). This means we need to know what
    the size is supposed to be. In some cases we need to add code to preserve
    the size.
        PORT_Free(x.data) -> SECITEM_ZfreeItem(&x, PR_FALSE). In this case x is
    a SECITEM, which carries the length. PR_FALSE means clear and free the data in
    the item, not the item itself. The code should have had SECITEM_FreeItem before
    anyway.
        SECIEM_FreeItem(item, bool) -> SECITEM_ZfreeItem(item, bool). Simply change
    the normal SECITEM free call to the one that clears the item.
        PR_ArenaFree(arena, PR_FALSE) -> PR_ArenaFree(arena, PR_TRUE). The bool here
    means whether or not to clear as well as free the data in the arena.
        PORT_Memset(value, 0, size). This the obvious clear operation. It happens
    if the variable is a stack variable, or if the memory isn't cleared with one
    of the three clearing functions above.
    
    In addition this patch fixes the following:
        - moves the determination if whether or not a slot is in FIPS mode by
    slotID to a macro. NSS allows user defined slots to be opened. If you open a
    user defined slot using the FIPS slot, the resulting slots will also be FIPS
    slots. In areas where the semantics change based on the slot, these slots should
    have the FIPS semantics. Directly checking if the slot is the FIPS slot now
    only happens when we really mean the main FIPS slot and not just any FIPS slot.
        - In handling the clearing of PSS and OAEP, I identified an issue. These
    functions where holding a pointer to the pMechanismParams in their C_XXXXInit
    calls for later use in the C_XXXXUpdate/C_XXXXFinal/C_XXXX calls. The problem
    is applications are allowed to free their pMechanismParams once C_XXXXInit is
    complete. We need to make a copy of the params to use them.
    
    Differential Revision: https://phabricator.services.mozilla.com/D108223
    
    --HG--
    extra : rebase_source : 7ac6f9d40bffbaf1a45e9e0996893afe618d4fc5
    888f7ca4
Name
Last commit
Last update
automation Loading commit data...
cmd Loading commit data...
coreconf Loading commit data...
cpputil Loading commit data...
doc Loading commit data...
fuzz Loading commit data...
gtests Loading commit data...
lib Loading commit data...
nss/automation/abi-check Loading commit data...
nss-tool Loading commit data...
pkg Loading commit data...
tests Loading commit data...
.arcconfig Loading commit data...
.clang-format Loading commit data...
.gitignore Loading commit data...
.hgignore Loading commit data...
.hgtags Loading commit data...
.sancov-blacklist Loading commit data...
.taskcluster.yml Loading commit data...
COPYING Loading commit data...
Makefile Loading commit data...
build.sh Loading commit data...
exports.gyp Loading commit data...
help.txt Loading commit data...
mach Loading commit data...
manifest.mn Loading commit data...
nss.gyp Loading commit data...
readme.md Loading commit data...
trademarks.txt Loading commit data...