Bug 1417665

Summary: RSA-PSS signatures with keys that have modulus_bits % 8 > 0 are not supported
Product: Red Hat Enterprise Linux 7 Reporter: Hubert Kario <hkario>
Component: nss-softoknAssignee: Daiki Ueno <dueno>
Status: CLOSED ERRATA QA Contact: Hubert Kario <hkario>
Severity: high Docs Contact:
Priority: medium    
Version: 7.3CC: dueno, hkario, kengert, nmavrogi, rrelyea, szidek, tmraz
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Fixed In Version: nss-softokn-3.34.0-0.2.beta1.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-04-10 09:23:57 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On: 1457789    
Bug Blocks: 1457751, 1484950    

Description Hubert Kario 2017-01-30 15:28:27 UTC
NSS fails to correctly handle keys with modulus that is not multiple of 8.

Comment 1 Kai Engert (:kaie) (inactive account) 2017-01-30 15:34:16 UTC
Hubert says we need this softokn change for RHEL 7.4.0

Because upstream added if AFTER 3.28, we must make sure it's included as a backported patch.

Daiki, could you please check, can this be easily backported? Or does it depend on other changes after 3.28 ?

What do you recommend?

Comment 2 Daiki Ueno 2017-01-30 15:49:03 UTC
Yes, it would be easy to backport this.

Comment 3 Kai Engert (:kaie) (inactive account) 2017-02-24 14:21:40 UTC
(In reply to Daiki Ueno from comment #2)
> Yes, it would be easy to backport this.

thanks, setting devel-ack+

Comment 19 errata-xmlrpc 2018-04-10 09:23:57 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.