Bug 642795
Summary: | RFE: add PKCS#12 support | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Dmitri Pal <dpal> | ||||
Component: | python-nss | Assignee: | John Dennis <jdennis> | ||||
Status: | CLOSED ERRATA | QA Contact: | Patrik Kis <pkis> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 6.1 | CC: | dcantrell, herrold, jdennis, jkodak, pkis, psplicha, rcritten, tlavigne | ||||
Target Milestone: | rc | Keywords: | FutureFeature | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | python-nss-0.13 | Doc Type: | Release Note | ||||
Doc Text: |
PKCS#12 Support for python-nss
The python-nss package, which provides Python bindings for Network Security Services (NSS) and the Netscape Portable Runtime (NSPR), has been updated to add PKCS#12 support.
|
Story Points: | --- | ||||
Clone Of: | Environment: | ||||||
Last Closed: | 2013-02-21 10:11:46 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 642407, 703208, 786498 | ||||||
Attachments: |
|
Description
Dmitri Pal
2010-10-13 20:25:21 UTC
This request was not resolved in time for the current release. Red Hat invites you to ask your support representative to propose this request, if still desired, for consideration in the next release of Red Hat Enterprise Linux. This request was erroneously removed from consideration in Red Hat Enterprise Linux 6.4, which is currently under development. This request will be evaluated for inclusion in Red Hat Enterprise Linux 6.4. Created attachment 667306 [details]
s390x core dump
Hi John, While verifying this bug and running unit test I found out that export to pkcs12 file does not work on ppc64 and s390x architectures. I'm not sure if the problem is in python-nss or elsewhere but the same code that works on x86_64/i686 core dumps on s390x and ppc64. The two scripts setup_certs.py is taken fro unit tests and exp.py is just an extracted unit test to (from test_pkcs12.py). # rpm -qa nss python-nss python nss-3.14.0.0-10.el6.s390 nss-3.14.0.0-9.el6.s390x python-2.6.6-36.el6.s390x python-nss-0.13-0.el6.s390x # # ls -l total 16 -rw-r--r--. 1 root root 613 Dec 21 10:49 exp.py -rw-r--r--. 1 root root 12265 Dec 21 10:49 setup_certs.py # python setup_certs.py setting up certs ... # ls -l total 20 -rw-r--r--. 1 root root 613 Dec 21 10:49 exp.py drwxr-xr-x. 2 root root 4096 Dec 21 10:55 pki -rw-r--r--. 1 root root 0 Dec 21 10:55 setup_certs.log -rw-r--r--. 1 root root 12265 Dec 21 10:49 setup_certs.py # certutil -L -d pki Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI test_ca CTu,Cu,Cu test_user u,u,u test_server_subca u,u,u test_server u,u,u subca CTu,Cu,Cu # # cat exp.py #!/usr/bin/python import sys import os import subprocess import shlex import unittest from nss.error import NSPRError import nss.error as nss_error import nss.nss as nss certdir = 'pki' db_passwd = 'db_passwd' pkcs12_file_password = 'pk12_passwd' export_nickname = 'test_server' #------------------------------------------------------------------------------- def password_callback(slot, retry): return db_passwd nss.nss_init(certdir) nss.set_password_callback(password_callback) nss.pkcs12_enable_all_ciphers() pkcs12_data = nss.pkcs12_export(export_nickname, pkcs12_file_password) nss.nss_shutdown() # # python exp.py Segmentation fault (core dumped) # ls -l total 4212 -rw-------. 1 root root 4444160 Dec 21 10:56 core.python -rw-r--r--. 1 root root 613 Dec 21 10:49 exp.py drwxr-xr-x. 2 root root 4096 Dec 21 10:55 pki -rw-r--r--. 1 root root 0 Dec 21 10:55 setup_certs.log -rw-r--r--. 1 root root 12265 Dec 21 10:49 setup_certs.py # # # gdb /usr/bin/python core.python GNU gdb (GDB) Red Hat Enterprise Linux (7.2-60.el6) Copyright (C) 2010 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "s390x-redhat-linux-gnu". For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>... Reading symbols from /usr/bin/python...Reading symbols from /usr/lib/debug/usr/bin/python2.6.debug...done. done. [New Thread 47541] Missing separate debuginfo for Try: yum --disablerepo='*' --enablerepo='*-debug*' install /usr/lib/debug/.build-id/24/40a46e10b15be8b243b0074f1af491288009fa Reading symbols from /usr/lib64/libpython2.6.so.1.0...Reading symbols from /usr/lib/debug/usr/lib64/libpython2.6.so.1.0.debug...done. done. Loaded symbols for /usr/lib64/libpython2.6.so.1.0 Reading symbols from /lib64/libpthread-2.12.so...Reading symbols from /usr/lib/debug/lib64/libpthread-2.12.so.debug...done. [Thread debugging using libthread_db enabled] done. Loaded symbols for /lib64/libpthread-2.12.so Reading symbols from /lib64/libdl-2.12.so...Reading symbols from /usr/lib/debug/lib64/libdl-2.12.so.debug...done. done. Loaded symbols for /lib64/libdl-2.12.so Reading symbols from /lib64/libutil-2.12.so...Reading symbols from /usr/lib/debug/lib64/libutil-2.12.so.debug...done. done. Loaded symbols for /lib64/libutil-2.12.so Reading symbols from /lib64/libm-2.12.so...Reading symbols from /usr/lib/debug/lib64/libm-2.12.so.debug...done. done. Loaded symbols for /lib64/libm-2.12.so Reading symbols from /lib64/libc-2.12.so...Reading symbols from /usr/lib/debug/lib64/libc-2.12.so.debug...done. done. Loaded symbols for /lib64/libc-2.12.so Reading symbols from /lib64/ld-2.12.so...Reading symbols from /usr/lib/debug/lib64/ld-2.12.so.debug...done. done. Loaded symbols for /lib64/ld-2.12.so Reading symbols from /usr/lib64/python2.6/lib-dynload/timemodule.so...Reading symbols from /usr/lib/debug/usr/lib64/python2.6/lib-dynload/timemodule.so.debug...done. done. Loaded symbols for /usr/lib64/python2.6/lib-dynload/timemodule.so Reading symbols from /usr/lib64/python2.6/lib-dynload/selectmodule.so...Reading symbols from /usr/lib/debug/usr/lib64/python2.6/lib-dynload/selectmodule.so.debug...done. done. Loaded symbols for /usr/lib64/python2.6/lib-dynload/selectmodule.so Reading symbols from /usr/lib64/python2.6/lib-dynload/fcntlmodule.so...Reading symbols from /usr/lib/debug/usr/lib64/python2.6/lib-dynload/fcntlmodule.so.debug...done. done. Loaded symbols for /usr/lib64/python2.6/lib-dynload/fcntlmodule.so Reading symbols from /usr/lib64/python2.6/lib-dynload/_struct.so...Reading symbols from /usr/lib/debug/usr/lib64/python2.6/lib-dynload/_struct.so.debug...done. done. Loaded symbols for /usr/lib64/python2.6/lib-dynload/_struct.so Reading symbols from /usr/lib64/python2.6/lib-dynload/binascii.so...Reading symbols from /usr/lib/debug/usr/lib64/python2.6/lib-dynload/binascii.so.debug...done. done. Loaded symbols for /usr/lib64/python2.6/lib-dynload/binascii.so Reading symbols from /usr/lib64/python2.6/lib-dynload/cStringIO.so...Reading symbols from /usr/lib/debug/usr/lib64/python2.6/lib-dynload/cStringIO.so.debug...done. done. Loaded symbols for /usr/lib64/python2.6/lib-dynload/cStringIO.so Reading symbols from /usr/lib64/python2.6/lib-dynload/_collectionsmodule.so...Reading symbols from /usr/lib/debug/usr/lib64/python2.6/lib-dynload/_collectionsmodule.so.debug...done. done. Loaded symbols for /usr/lib64/python2.6/lib-dynload/_collectionsmodule.so Reading symbols from /usr/lib64/python2.6/lib-dynload/operator.so...Reading symbols from /usr/lib/debug/usr/lib64/python2.6/lib-dynload/operator.so.debug...done. done. Loaded symbols for /usr/lib64/python2.6/lib-dynload/operator.so Reading symbols from /usr/lib64/python2.6/site-packages/nss/error.so...Reading symbols from /usr/lib/debug/usr/lib64/python2.6/site-packages/nss/error.so.debug...done. done. Loaded symbols for /usr/lib64/python2.6/site-packages/nss/error.so Reading symbols from /lib64/libnspr4.so...Reading symbols from /usr/lib/debug/lib64/libnspr4.so.debug...done. done. Loaded symbols for /lib64/libnspr4.so Reading symbols from /usr/lib64/python2.6/site-packages/nss/nss.so...Reading symbols from /usr/lib/debug/usr/lib64/python2.6/site-packages/nss/nss.so.debug...done. done. Loaded symbols for /usr/lib64/python2.6/site-packages/nss/nss.so Reading symbols from /usr/lib64/libssl3.so...Reading symbols from /usr/lib/debug/usr/lib64/libssl3.so.debug...done. done. Loaded symbols for /usr/lib64/libssl3.so Reading symbols from /usr/lib64/libnss3.so...Reading symbols from /usr/lib/debug/usr/lib64/libnss3.so.debug...done. done. Loaded symbols for /usr/lib64/libnss3.so Reading symbols from /usr/lib64/libsmime3.so...Reading symbols from /usr/lib/debug/usr/lib64/libsmime3.so.debug...done. done. Loaded symbols for /usr/lib64/libsmime3.so Reading symbols from /usr/lib64/libnssutil3.so...Reading symbols from /usr/lib/debug/usr/lib64/libnssutil3.so.debug...done. done. Loaded symbols for /usr/lib64/libnssutil3.so Reading symbols from /lib64/libplc4.so...Reading symbols from /usr/lib/debug/lib64/libplc4.so.debug...done. done. Loaded symbols for /lib64/libplc4.so Reading symbols from /lib64/libplds4.so...Reading symbols from /usr/lib/debug/lib64/libplds4.so.debug...done. done. Loaded symbols for /lib64/libplds4.so Reading symbols from /lib64/libz.so.1.2.3...Reading symbols from /usr/lib/debug/lib64/libz.so.1.2.3.debug...done. done. Loaded symbols for /lib64/libz.so.1.2.3 Reading symbols from /usr/lib64/libsoftokn3.so...Reading symbols from /usr/lib/debug/usr/lib64/libsoftokn3.so.debug...done. done. Loaded symbols for /usr/lib64/libsoftokn3.so Reading symbols from /usr/lib64/libsqlite3.so.0.8.6...Reading symbols from /usr/lib/debug/usr/lib64/libsqlite3.so.0.8.6.debug...done. done. Loaded symbols for /usr/lib64/libsqlite3.so.0.8.6 Reading symbols from /usr/lib64/libnssdbm3.so...Reading symbols from /usr/lib/debug/usr/lib64/libnssdbm3.so.debug...done. done. Loaded symbols for /usr/lib64/libnssdbm3.so Reading symbols from /lib64/libfreebl3.so...Reading symbols from /usr/lib/debug/lib64/libfreebl3.so.debug...done. done. Loaded symbols for /lib64/libfreebl3.so Reading symbols from /usr/lib64/libnssckbi.so...Reading symbols from /usr/lib/debug/usr/lib64/libnssckbi.so.debug...done. done. Loaded symbols for /usr/lib64/libnssckbi.so Core was generated by `python exp.py'. Program terminated with signal 11, Segmentation fault. #0 0x000000453ea5c3aa in sec_pkcs12_convert_item_to_unicode (arena=0x0, dest=0x3ffffb4d828, src=0x3ffffb4d930, zeroTerm=<value optimized out>, asciiConvert=<value optimized out>, toUnicode=1) at p12local.c:931 931 if((dest->data[dest->len-1] || dest->data[dest->len-2]) && zeroTerm) { (gdb) bt full #0 0x000000453ea5c3aa in sec_pkcs12_convert_item_to_unicode (arena=0x0, dest=0x3ffffb4d828, src=0x3ffffb4d930, zeroTerm=<value optimized out>, asciiConvert=<value optimized out>, toUnicode=1) at p12local.c:931 success = 1 #1 0x000000453ea60ba2 in SEC_PKCS12CreatePasswordPrivSafe (p12ctxt=0x93fb0780, pwitem=0x3ffffb4d930, privAlg=<value optimized out>) at p12e.c:393 safeInfo = 0x93fb08a8 mark = 0x93fb08a8 slot = 0x0 algId = <value optimized out> uniPwitem = {type = siBuffer, data = 0x93fa88f0 "", len = 0} #2 0x000003fff739d660 in pkcs12_export (self=<value optimized out>, args=<value optimized out>, kwds=<value optimized out>) at src/py_nss.c:20120 cert = 0x93fa8990 kwlist = {0x3fff73ba240 "nickname", 0x3fff73b9ca8 "pkcs12_password", 0x3fff73b9cb8 "key_cipher", 0x3fff73b9cc4 "cert_cipher", 0x3fff73b9cd0 "pin_args", 0x0} utf8_nickname = 0x93f2f1e0 "test_server" utf8_pkcs12_password = 0x93fa88d0 "pk12_passwd" utf8_pkcs12_password_len = 0 key_cipher = 156 cert_cipher = 159 pin_args = 0x0 py_encoded_buf = 0x0 export_ctx = 0x93fb0780 key_safe = 0x93fb0828 cert_safe = <value optimized out> utf8_pkcs12_password_item = {type = siUTF8String, data = 0x93fa88d0 "pk12_passwd", len = 0} cert_list = 0x93fab080 node = 0x93fab098 slot = <value optimized out> #3 0x000000453e48c4e2 in call_function (f=Frame 0x93ebc6c8, for file exp.py, line 26, in <module> (), throwflag=<value optimized out>) at Python/ceval.c:3794 callargs = ('test_server', 'pk12_passwd') flags = <value optimized out> tstate = 0x93e2d0a0 func = <built-in function pkcs12_export> w = <value optimized out> na = <value optimized out> nk = <value optimized out> n = 2 pfunc = 0x93ebc840 x = <value optimized out> #4 PyEval_EvalFrameEx (f=Frame 0x93ebc6c8, for file exp.py, line 26, in <module> (), throwflag=<value optimized out>) at Python/ceval.c:2453 sp = 0x93ebc848 stack_pointer = <value optimized out> next_instr = 0x3fffd3bd302 "Z\024" opcode = <value optimized out> oparg = 0 ---Type <return> to continue, or q <return> to quit--- why = WHY_NOT err = 0 x = <value optimized out> v = <value optimized out> w = 'pkcs12_file_password' u = <value optimized out> t = <value optimized out> stream = 0x0 fastlocals = 0x93ebc840 freevars = 0x93ebc840 retval = 0x0 tstate = <value optimized out> co = 0x3fffd3aa6c0 instr_ub = -1 instr_lb = 0 instr_prev = -1 first_instr = 0x3fffd3bd244 "d" names = ('sys', 'os', 'subprocess', 'shlex', 'unittest', 'nss.error', 'NSPRError', 'error', 'nss_error', 'nss.nss', 'nss', 'certdir', 'db_passwd', 'pkcs12_file_password', 'export_nickname', 'password_callback', 'nss_init', 'set_password_callback', 'pkcs12_enable_all_ciphers', 'pkcs12_export', 'pkcs12_data', 'nss_shutdown') consts = (-1, None, ('NSPRError',), 'pki', 'db_passwd', 'pk12_passwd', 'test_server', <code at remote 0x3fffd3aa198>) #5 0x000000453e48db78 in PyEval_EvalCodeEx (co=0x3fffd3aa6c0, globals=<value optimized out>, locals=<value optimized out>, args=<value optimized out>, argcount=<value optimized out>, kws=0x0, kwcount=0, defs=0x0, defcount=0, closure=0x0) at Python/ceval.c:3044 f = Frame 0x93ebc6c8, for file exp.py, line 26, in <module> () retval = 0x0 fastlocals = 0x93ebc840 freevars = 0x93ebc840 tstate = 0x93e2d0a0 x = <value optimized out> u = <value optimized out> #6 0x000000453e48dc38 in PyEval_EvalCode (co=<value optimized out>, globals=<value optimized out>, locals=<value optimized out>) at Python/ceval.c:545 No locals. #7 0x000000453e4ac44a in run_mod (mod=<value optimized out>, filename=<value optimized out>, globals= {'nss': <module at remote 0x3fff748bc48>, 'certdir': 'pki', 'export_nickname': 'test_server', 'NSPRError': <type at remote 0x93f286c8>, '__builtins__': <module at remote 0x3fffd3ecf78>, '__file__': 'exp.py', 'db_passwd': 'db_passwd', '__package__': None, 'sys': <module at remote 0x3fffd408ca8>, 'nss_error': <module at remote 0x3fff748bbe8>, 'pkcs12_file_password': 'pk12_passwd', 'shlex': <module at remote 0x3fffd357348>, 'password_callback': <function at remote 0x3fff7481518>, '__name__': '__main__', 'unittest': <module at remote 0x3fff748bb58>, 'subprocess': <module at remote 0x3fffd357bb8>, 'os': <module at remote 0x3fffd3acb28>, '__doc__': None}, locals= {'nss': <module at remote 0x3fff748bc48>, 'certdir': 'pki', 'export_nickname': 'test_server', 'NSPRError': <type at remote 0x93f286c8>, '__builtins__': <module at remote 0x3fffd3ecf78>, '__file__': 'exp.py', 'db_passwd': 'db_passwd', '__package__': None, 'sys': <module at remote 0x3fffd408ca8>, 'nss_error': <module at remote 0x3fff748bbe8>, 'pkcs12_file_password': 'pk12_passwd', 'shlex': <module at remote 0x3fffd357348>, 'password_callback': <function at remote 0x3fff7481518>, '__name__': '__main__', 'unittest': <module at remote 0x3fff748bb58>, 'subprocess': <module at remote 0x3fffd357bb8>, 'os': <module at remote 0x3fffd3acb28>, '__doc__': None}, flags=0x3ffffb4e0bc, arena= 0x93eb69c0) at Python/pythonrun.c:1358 co = 0x3fffd3aa6c0 ---Type <return> to continue, or q <return> to quit--- v = <value optimized out> #8 0x000000453e4ac562 in PyRun_FileExFlags (fp=0x93eba2e0, filename=0x3ffffb4e5a4 "exp.py", start=<value optimized out>, globals= {'nss': <module at remote 0x3fff748bc48>, 'certdir': 'pki', 'export_nickname': 'test_server', 'NSPRError': <type at remote 0x93f286c8>, '__builtins__': <module at remote 0x3fffd3ecf78>, '__file__': 'exp.py', 'db_passwd': 'db_passwd', '__package__': None, 'sys': <module at remote 0x3fffd408ca8>, 'nss_error': <module at remote 0x3fff748bbe8>, 'pkcs12_file_password': 'pk12_passwd', 'shlex': <module at remote 0x3fffd357348>, 'password_callback': <function at remote 0x3fff7481518>, '__name__': '__main__', 'unittest': <module at remote 0x3fff748bb58>, 'subprocess': <module at remote 0x3fffd357bb8>, 'os': <module at remote 0x3fffd3acb28>, '__doc__': None}, locals= {'nss': <module at remote 0x3fff748bc48>, 'certdir': 'pki', 'export_nickname': 'test_server', 'NSPRError': <type at remote 0x93f286c8>, '__builtins__': <module at remote 0x3fffd3ecf78>, '__file__': 'exp.py', 'db_passwd': 'db_passwd', '__package__': None, 'sys': <module at remote 0x3fffd408ca8>, 'nss_error': <module at remote 0x3fff748bbe8>, 'pkcs12_file_password': 'pk12_passwd', 'shlex': <module at remote 0x3fffd357348>, 'password_callback': <function at remote 0x3fff7481518>, '__name__': '__main__', 'unittest': <module at remote 0x3fff748bb58>, 'subprocess': <module at remote 0x3fffd357bb8>, 'os': <module at remote 0x3fffd3acb28>, '__doc__': None}, closeit=1, flags=0x3ffffb4e0bc) at Python/pythonrun.c:1344 ret = <value optimized out> mod = 0x93ec7590 arena = 0x93eb69c0 #9 0x000000453e4adbfa in PyRun_SimpleFileExFlags (fp=0x93eba2e0, filename=0x3ffffb4e5a4 "exp.py", closeit=<value optimized out>, flags=0x3ffffb4e0bc) at Python/pythonrun.c:948 m = <value optimized out> d = {'nss': <module at remote 0x3fff748bc48>, 'certdir': 'pki', 'export_nickname': 'test_server', 'NSPRError': <type at remote 0x93f286c8>, '__builtins__': <module at remote 0x3fffd3ecf78>, '__file__': 'exp.py', 'db_passwd': 'db_passwd', '__package__': None, 'sys': <module at remote 0x3fffd408ca8>, 'nss_error': <module at remote 0x3fff748bbe8>, 'pkcs12_file_password': 'pk12_passwd', 'shlex': <module at remote 0x3fffd357348>, 'password_callback': <function at remote 0x3fff7481518>, '__name__': '__main__', 'unittest': <module at remote 0x3fff748bb58>, 'subprocess': <module at remote 0x3fffd357bb8>, 'os': <module at remote 0x3fffd3acb28>, '__doc__': None} v = <value optimized out> ext = <value optimized out> set_file_name = 1 ret = <value optimized out> len = <value optimized out> #10 0x000000453e4bbf98 in Py_Main (argc=<value optimized out>, argv=<value optimized out>) at Modules/main.c:618 c = <value optimized out> sts = <value optimized out> command = 0x0 filename = 0x3ffffb4e5a4 "exp.py" module = 0x0 fp = 0x93eba2e0 p = <value optimized out> unbuffered = 0 skipfirstline = 0 stdin_is_interactive = 1 help = <value optimized out> version = <value optimized out> saw_unbuffered_flag = 1 cf = {cf_flags = 0} #11 0x000000453d0b18c4 in __libc_start_main (main=0x80000794 <main>, argc=<value optimized out>, ubp_av=0x3ffffb4e2e8, init=<value optimized out>, fini= ---Type <return> to continue, or q <return> to quit--- 0x8000079c <__libc_csu_fini>, rtld_fini=0x453d07c0ec <_dl_fini>, stack_end=0x3ffffb4e230) at libc-start.c:226 self = <value optimized out> result = <value optimized out> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {{__gregs = {2147485596, 4398041588432, 2147485308, 0, 2147485600, 0, 297378529280, 297378214992, -8463577057646431838, -8463576272714774264}, __fpregs = {4741433369068306432, 4612367379483415458, 4415559729152896087, 4612367379483415830, 297376731000, 4398000605472, 297376660174, 4398041588104}}}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = <value optimized out> #12 0x00000000800006ba in _start () No symbol table info available. (gdb) q # I have a patch for the segfault seen on s390x and ppc64. There was an incorrect type declaration due to a documentation bug for one of the CPython API's. Thus why this was only seen on these arches. I will produce a new build tomorrow morning. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-0405.html |