Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-114443

NSS: Updating nss database password corupts ML-DSA seed. [rhel-10.2]

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • No
    • Low
    • rhel-security-crypto-clubs
    • ZStream
    • 2
    • 24
    • 26
    • 1
    • False
    • False
    • Hide

      None

      Show
      None
    • Yes
    • Crypto25-11, Crypto25-12
    • Regression Exception
    • Hide

      AC1) MLDSA key seed is still present in NSS DB after password change.

      1. Create key pair using MLDSA.
      2. Export it to PKCS#12.
      3. Change NSS DB password.
      4. Export the key material again.
      5. Extract private keys from p12 bundles.
      6. Compare the sizes, they should be the same.
      7. Check seed explicitly by openssl pkey -in <key> -text -noout, shoud should see it in both keys.

      Don't forget you need PQ subpolicy active on RHEL-9 to all NSS using PQC (you don't need that on RHEL-10).

      Show
      AC1) MLDSA key seed is still present in NSS DB after password change. Create key pair using MLDSA. Export it to PKCS#12. Change NSS DB password. Export the key material again. Extract private keys from p12 bundles. Compare the sizes, they should be the same. Check seed explicitly by openssl pkey -in <key> -text -noout, shoud should see it in both keys. Don't forget you need PQ subpolicy active on RHEL-9 to all NSS using PQC (you don't need that on RHEL-10).
    • Pass
    • Automated
    • Bug Fix
    • Hide
      NSS database password updates no longer corrupt ML-DSA seeds::

      Before this update, a bug in how NSS handled database re-encryption prevented the ML-DSA seed attribute from updating when you changed the database password. As a result, the seed value was permanently lost, even if you knew the previous password. With this update, password changes correctly update the ML-DSA seed attribute and no longer cause the permanent loss of seed values. Previously lost seeds cannot be recovered.
      Show
      NSS database password updates no longer corrupt ML-DSA seeds:: Before this update, a bug in how NSS handled database re-encryption prevented the ML-DSA seed attribute from updating when you changed the database password. As a result, the seed value was permanently lost, even if you knew the previous password. With this update, password changes correctly update the ML-DSA seed attribute and no longer cause the permanent loss of seed values. Previously lost seeds cannot be recovered.
    • In Progress
    • Unspecified
    • Done
    • Unspecified
    • None

      ML-DSA keys come in multiple formats. Generating one starts with a seed, and the seed is enough to derive the key, but the keys could be also expanded to speed up subsequent operations with them. If you have ML-DSA keys in an NSS database, either generated or imported, it is highly likely that both the expanded format and the seed are stored. Due to an issue with how NSS handles database reencryption, if you decide to change the password of the database, the seed attribute will not get updated to accommodate the new password and its value will be permanently lost.

      Due to security reasons it is impossible to recover it even with the knowledge of the previous password, unless one has a backup of the database or the key made before the password change took place. The only way to work around this issue is to export the key before updating the password and re-import it after the update.

              rrelyea Robert Relyea
              fkrenzel František Krenželok
              Robert Relyea Robert Relyea
              Joao Silva Joao Silva
              Zuzana Fantini Zoubkova Zuzana Fantini Zoubkova
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

                Created:
                Updated: