Ubuntu
nss package

[fips] freebl_fipsSoftwareIntegrityTest fails in FIPS mode

Bug #1885562 reported by Dariusz Gadomski
266
This bug affects 1 person
Affects Status Importance Assigned to Milestone
nss (Ubuntu)
Fix Released
Medium
Dariusz Gadomski
Bionic
Fix Released
Medium
Dariusz Gadomski
Focal
Fix Released
Medium
Dariusz Gadomski
Groovy
Fix Released
Medium
Dariusz Gadomski

Bug Description

[Impact]

 * Prevents using some parts of nss in FIPS mode - e.g. libfreeblpriv3.so (failed asserts). The library during initialization tries to verify it's own binaries against signatures in chk files shipped along with it (created at build time). They are installed at /usr/lib/$(DEB_HOST_MULTIARCH)/nss while it tries to look for them at /usr/lib/$(DEB_HOST_MULTIARCH).

[Test Case]

 * Setup Ubuntu 18.04 in FIPS mode.
 * sudo apt install chrony
 * sudo chronyd -d
 * chronyd: util.c:373 UTI_IPToRefid: Assertion `MD5_hash >= 0' failed.

[Regression Potential]

 * Fix introduces 2 new artifacts to the filesystem (symlinks to the chk files). It may cause alerts in e.g. CI systems.

[Other Info]
Original bug description:

In FIPS mode there are some additional checks performed.

They lead to verifying binaries signatures. Those signatures are shipped in the libnss3 package as *.chk files installed in /usr/lib/$(DEB_HOST_MULTIARCH)/nss. Along with those files are the libraries themselves (libfreebl3.so libfreeblpriv3.so libnssckbi.so libnssdbm3.so libsoftokn3.so).

Those libraries are symlinked to be present in /usr/lib/$(DEB_HOST_MULTIARCH):
ls -l /usr/lib/x86_64-linux-gnu/libfreeblpriv3.so
lrwxrwxrwx 1 root root 21 Jun 10 18:54 /usr/lib/x86_64-linux-gnu/libfreeblpriv3.so -> nss/libfreeblpriv3.so

The client binaries are linked against the symlinks, so when the verification happens (lib/freebl/shvfy.c) the mkCheckFileName function takes path to the symlink to the shlib and replaces the .so extension with .chk.
Then it tries to open that file. Obviosly it fails, because the actual file is in /usr/lib/$(DEB_HOST_MULTIARCH)/nss.

[Test case]
sudo apt install chrony
sudo chronyd -d
chronyd: util.c:373 UTI_IPToRefid: Assertion `MD5_hash >= 0' failed.

Potential solutions:
Solution A:
Drop the /usr/lib/$(DEB_HOST_MULTIARCH)/nss directory and put all signatures and libs in /usr/lib/$(DEB_HOST_MULTIARCH).

Solution B:
Create symlinks to *.chk files in /usr/lib/$(DEB_HOST_MULTIARCH) (like it is done for *.so).

Solution C:
Implement and upstream NSS feature of resolving symlinks and looking for *.chk where the symlinks lead to.

See original description
Dariusz Gadomski (dgadomski)
no longer affects: nss (Ubuntu Xenial)
description: updated
Dariusz Gadomski (dgadomski)
summary: - freebl_fipsSoftwareIntegrityTest fails in FIPS mode
+ [fips] freebl_fipsSoftwareIntegrityTest fails in FIPS mode
tags: added: sts
Dariusz Gadomski (dgadomski)
description: updated
Changed in nss (Ubuntu Bionic):
importance: Undecided → Medium
Changed in nss (Ubuntu):
importance: Undecided → Medium
Revision history for this message
Dariusz Gadomski (dgadomski) wrote :

I have briefly analyzed nss code - it uses the nspr library for, inter alia, file access abstraction. From what I saw in the docs it does not offer any form of symlink resolution, so it may be nontrivial to safely implement it in nss code.

Dariusz Gadomski (dgadomski)
description: updated
Richard Maciel Costa (richardmaciel)
Changed in nss (Ubuntu):
assignee: nobody → Richard Maciel Costa (richardmaciel)
Changed in nss (Ubuntu Bionic):
assignee: nobody → Richard Maciel Costa (richardmaciel)
Revision history for this message
Dariusz Gadomski (dgadomski) wrote :

groovy fix

Revision history for this message
Dariusz Gadomski (dgadomski) wrote :

SRU proposal for Focal

May be useful if it gets FIPS-certified.

Revision history for this message
Dariusz Gadomski (dgadomski) wrote :

SRU proposal for bionic

Revision history for this message
Dariusz Gadomski (dgadomski) wrote :

Groovy debdiff re-upload

Revision history for this message
Dariusz Gadomski (dgadomski) wrote :

Focal debdiff reupload

Revision history for this message
Dariusz Gadomski (dgadomski) wrote :

Bionic debdiff reupload

Revision history for this message
Dariusz Gadomski (dgadomski) wrote :

The patches I've uploaded implement the Solution B from the description.

It actually applies only to Bionic, but I believe it's worth having it in Focal if it gets FIPS certification and for Groovy - to keep it for the future releases.

Ubuntu Foundations Team Bug Bot (crichton)
tags: added: patch
Revision history for this message
Dariusz Gadomski (dgadomski) wrote :

@richardmaciel please let me know if I can help you with anything with regard to this bug.

Steve Beattie (sbeattie)
Changed in nss (Ubuntu):
status: New → In Progress
Changed in nss (Ubuntu Bionic):
status: New → In Progress
Dariusz Gadomski (dgadomski)
Changed in nss (Ubuntu):
assignee: Richard Maciel Costa (richardmaciel) → Dariusz Gadomski (dgadomski)
Changed in nss (Ubuntu Bionic):
assignee: Richard Maciel Costa (richardmaciel) → Dariusz Gadomski (dgadomski)
Revision history for this message
Dariusz Gadomski (dgadomski) wrote :

As discussed with Richard outside LP: we agreed that adding symlinks is an acceptable solution to this problem.

Debdiffs linked.

Revision history for this message
Richard Maciel Costa (richardmaciel) wrote :

Reviewed patches and they look good to me.

However, in the future, we should consider another possibility: disable FIPS mode for libNSS3 by default, since that lib isn't FIPS-certified.

This can prevent customers from mistakenly think the opposite.

Dan Streetman (ddstreet)
Changed in nss (Ubuntu Focal):
assignee: nobody → Dariusz Gadomski (dgadomski)
importance: Undecided → Medium
status: New → In Progress
Dariusz Gadomski (dgadomski)
description: updated
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nss - 2:3.49.1-1ubuntu4

---------------
nss (2:3.49.1-1ubuntu4) groovy; urgency=medium

  * Symlink chk files to fix self-verification in FIPS mode (LP: #1885562)

 -- Dariusz Gadomski <email address hidden> Wed, 01 Jul 2020 14:48:13 +0200

Changed in nss (Ubuntu Groovy):
status: In Progress → Fix Released
Revision history for this message
Brian Murray (brian-murray) wrote : Please test proposed package

Hello Dariusz, or anyone else affected,

Accepted nss into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/nss/2:3.49.1-1ubuntu1.3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in nss (Ubuntu Focal):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-focal
Revision history for this message
Brian Murray (brian-murray) wrote :

Hello Dariusz, or anyone else affected,

Accepted nss into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/nss/2:3.35-2ubuntu2.10 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in nss (Ubuntu Bionic):
status: In Progress → Fix Committed
tags: added: verification-needed-bionic
Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (nss/2:3.35-2ubuntu2.10)

All autopkgtests for the newly accepted nss (2:3.35-2ubuntu2.10) for bionic have finished running.
The following regressions have been reported in tests triggered by the package:

libreoffice/1:6.0.7-0ubuntu0.18.04.10 (s390x)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/bionic/update_excuses.html#nss

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (nss/2:3.49.1-1ubuntu1.3)

All autopkgtests for the newly accepted nss (2:3.49.1-1ubuntu1.3) for focal have finished running.
The following regressions have been reported in tests triggered by the package:

libreoffice/1:6.4.4-0ubuntu0.20.04.1 (arm64, armhf)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/focal/update_excuses.html#nss

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Dariusz Gadomski (dgadomski)
tags: added: verification-done-bionic
removed: verification-needed-bionic
Revision history for this message
Dariusz Gadomski (dgadomski) wrote :

Tested with 2:3.35-2ubuntu2.10 on 18.04:

sudo chronyd -d
2020-07-23T08:40:19Z chronyd version 3.2 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SECHASH +SIGND +ASYNCDNS +IPV6 -DEBUG)
2020-07-23T08:40:19Z Frequency -1.068 +/- 0.045 ppm read from /var/lib/chrony/chrony.drift

(no failed assertions, no crashes)

Revision history for this message
Dariusz Gadomski (dgadomski) wrote :

I tested libnss3 2:3.49.1-1ubuntu1.3 on focal, however this was not done in FIPS-mode (as there are no FIPS packages for focal available).

I did not find a way to trigger the signature verification outside FIPS mode, but in normal usecase (FIPS disabled) everything works as expected, no regressions noted.

tags: added: verification-done verification-done-focal
removed: verification-needed verification-needed-focal
Dariusz Gadomski (dgadomski)
tags: added: sts-sponsor-dgadomski
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nss - 2:3.49.1-1ubuntu1.4

---------------
nss (2:3.49.1-1ubuntu1.4) focal-security; urgency=medium

  * SECURITY UPDATE: Side-channel attack
    - debian/patches/CVE-2020-12400-and-6829-*.patch: use constant-time
      P-384 and P-521 in nss/lib/freebl/ecl/ecl-priv.h, nss/lib/freebl/ecl/ecl.c,
      nss/lib/freebl/ecl/ecl_spec384r1.c, nss/lib/freebl/freebl_base.gypi,
      nss/lib/freebl/manifest.mn, nss/test/ec/ectest.sh.
    - CVE-2020-12400
    - CVE-2020-6829
  * SECURITY UPDATE: Timing attack mitigation bypass
    - debian/patches/CVE-2020-12401.patch: remove unnecessary scalar
      padding in nss/lib/freebl/ec.c.
    - CVE-2020-12401

 -- <email address hidden> (Leonidas S. Barbosa) Wed, 05 Aug 2020 15:28:48 -0300

Changed in nss (Ubuntu Focal):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nss - 2:3.35-2ubuntu2.11

---------------
nss (2:3.35-2ubuntu2.11) bionic-security; urgency=medium

  * SECURITY UPDATE: Side-channel attack
    - debian/patches/CVE-2020-12400-and-6829-*.patch: use constant-time
      P-384 and P-521 in nss/lib/freebl/ecl/ecl-priv.h, nss/lib/freebl/ecl/ecl.c,
      nss/lib/freebl/ecl/ecl_spec384r1.c, nss/lib/freebl/freebl_base.gypi,
      nss/lib/freebl/manifest.mn, nss/test/ec/ectest.sh.
    - CVE-2020-12400
    - CVE-2020-6829
  * SECURITY UPDATE: Timing attack mitigation bypass
    - debian/patches/CVE-2020-12401.patch: remove unnecessary scalar
      padding in nss/lib/freebl/ec.c.
    - CVE-2020-12401

 -- <email address hidden> (Leonidas S. Barbosa) Wed, 05 Aug 2020 15:58:41 -0300

Changed in nss (Ubuntu Bionic):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.