CVE-2021-3798: 
NixOS vulnerability analysis and mitigation

A security vulnerability (CVE-2021-3798) was discovered in openCryptoki's Soft token implementation. The vulnerability affects versions 3.15.0 and later, where EC support was first introduced. The flaw exists because the openCryptoki Soft token does not properly validate EC keys when they are created via CCreateObject or when CDeriveKey is used with ECDH public data (CVE Details, Red Hat Bugzilla).

The vulnerability stems from missing validation checks in the EC key handling process. Specifically, when constructing an OpenSSL EC public or private key from PKCS#11 attributes or ECDH public data, the system failed to verify that the key point lies on the intended elliptic curve. This issue was addressed by adding validation checks through the ECKEYcheckkey() function in the filleckeyfrompubkey() and filleckeyfrom_privkey() functions (GitHub Commit).

The vulnerability could allow a malicious user to perform an invalid curve attack, potentially leading to the extraction of the private key. In an invalid curve attack, the attacker can trick the vulnerable application into using curve points outside of the intended elliptic curve, compromising the security of the cryptographic operations (Red Hat Bugzilla).

The vulnerability has been fixed in openCryptoki version 3.17.0. The fix implements proper validation checks for EC keys during creation and derivation operations. Users are advised to upgrade to the patched version. Red Hat Enterprise Linux 8 users can apply the fix through RHBA-2021:3054 (Red Hat Bugzilla).