Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1249720 - nss-softokn 3.16.2.3-9 RSA_PopulatePrivateKey API call failure
nss-softokn 3.16.2.3-9 RSA_PopulatePrivateKey API call failure
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: nss-softokn (Show other bugs)
7.1
Unspecified Linux
unspecified Severity high
: rc
: 7.4
Assigned To: Daiki Ueno
Hubert Kario
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-08-03 11:58 EDT by Stefan Berger
Modified: 2017-08-01 12:47 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-08-01 12:47:42 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Mozilla Foundation 992240 None None None 2016-06-28 08:44 EDT
Red Hat Product Errata RHEA-2017:1977 normal SHIPPED_LIVE nss bug fix and enhancement update 2017-08-01 13:57:47 EDT

  None (edit)
Description Stefan Berger 2015-08-03 11:58:53 EDT 
Description of problem:

Failures in RSA_PopulatePrivateKey

Version-Release number of selected component (if applicable):

nss-softokn-freebl-3.16.2.3-9.el7.x86_64.rpm


How reproducible:

This is not easy to reproduce due to the software I am using to call RSA_PopulatePrivateKey. The result is that sometimes this function fails, other times it succeeds. What helped was a downgrade of the package using

yum -y downgrade nss-softokn-freebl-3.15.4-2.el7 nss-softokn-freebl-devel-3.15.4-2.el7 nss-softokn-3.15.4-2.el7 nss-softokn-devel-3.15.4-2.el7 nss-3.15.4-6.el7 nss-tools-3.15.4-6.el7 nss-devel-3.15.4-6.el7 nss-sysinit-3.15.4-6.el7


I am running a test suite that is part of a swtpm package located here:

https://github.com/stefanberger/swtpm.git

It builds on top of libtpms located here:

https://github.com/stefanberger/libtpms.git

Steps to Reproduce:
1. libtpms: ./configure --prefix=/usr ; make ; sudo make install
2. swtpm: ./configure --prefix=/usr ; make check
3. swtpm individual test: ./tests/test_hashing

Actual results:

Test cases are sometimes failing, sometimes passing when using nss-softokn-freebl 3.16.2.3-9.el7

Expected results:

Test case should always pass.

Additional info:

It looks to me we are hitting the bug described here:

https://bugzilla.mozilla.org/show_bug.cgi?id=992240
Comment 5 Kai Engert (:kaie) (inactive account) 2016-10-18 09:57:42 EDT 
I see upstream has fixed the bug, and the fix will be released with NSS 3.28 later this year.

The fix was inside the softokn module, which we keep at a FIPS validated snapshot, so it's not yet possible to say when this can be fixed in RHEL 7.x
Comment 17 errata-xmlrpc 2017-08-01 12:47:42 EDT 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2017:1977
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.