Bug 1385290

Summary: nss-softokn 3.27-0-1.0 RSA_PopulatePrivateKey API call failure
Product: [Fedora] Fedora Reporter: Stefan Berger <stefanb>
Component: nss-softoknAssignee: Daiki Ueno <dueno>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: 24CC: dueno, emaldona, kengert, rrelyea
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-06-28 15:44:05 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Stefan Berger 2016-10-15 23:24:55 UTC 
The error is the same error as described here: 

https://bugzilla.redhat.com/show_bug.cgi?id=1249720



The nss-sfotokn-freebl-3.27.0-1.0 package seems to have a bug described here (also referenced in above BZ):

https://bugzilla.redhat.com/show_bug.cgi?id=1249720


The patch that's missing is this one:

https://hg.mozilla.org/projects/nss/rev/df4ebf05c2af


As an example, the function rsa_get_primes_from_exponents in nss/lib/freebl/rsa.c in the Fedora version has this signature:

static mp_err
rsa_get_primes_from_exponents(mp_int *e, mp_int *d, mp_int *p, mp_int *q,
                              mp_int *n, PRBool hasModulus,
                              unsigned int keySizeInBits)


The patch modifies it as follows:

 static mp_err
-rsa_get_primes_from_exponents(mp_int *e, mp_int *d, mp_int *p, mp_int *q,
-                              mp_int *n, PRBool hasModulus,
-                              unsigned int keySizeInBits)
+rsa_get_prime_from_exponents(mp_int *e, mp_int *d, mp_int *p, mp_int *q,
+                             mp_int *n, unsigned int keySizeInBits)
 {


So, we are still at the old version.


Here's a link to the source repo's that has the patched version of this function:

https://hg.mozilla.org/projects/nss/file/0c845c900217/lib/freebl/rsa.c#l530
Comment 1 Stefan Berger 2016-10-15 23:31:41 UTC 
How can I help?
Comment 2 Kai Engert (:kaie) (inactive account) 2016-10-18 13:59:43 UTC 
The other bug you're referring to has a reference to an upstream bug:
  https://bugzilla.mozilla.org/show_bug.cgi?id=992240

That bug has a fix that will apparently released with NSS 3.28.

Unless there's an urgent reason to immediately backport, Fedora will get this fix after the upstream release of NSS 3.28, which is expected later this year.
Comment 3 Stefan Berger 2016-10-20 20:32:25 UTC 
I think a crypto library should not be left with this typo of bug...
Comment 4 Kai Engert (:kaie) (inactive account) 2017-06-28 15:44:05 UTC 
Fedora uses NSS 3.28 or newer, so this should be fixed.