Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
Bug 1249720 - nss-softokn 3.16.2.3-9 RSA_PopulatePrivateKey API call failure
nss-softokn 3.16.2.3-9 RSA_PopulatePrivateKey API call failure
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: nss-softokn (Show other bugs)
7.1
Unspecified Linux
unspecified Severity high
: rc
: 7.4
Assigned To: Daiki Ueno
Hubert Kario
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-08-03 11:58 EDT by Stefan Berger
Modified: 2017-08-01 12:47 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-08-01 12:47:42 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Mozilla Foundation 992240 None None None 2016-06-28 08:44 EDT
Red Hat Product Errata RHEA-2017:1977 normal SHIPPED_LIVE nss bug fix and enhancement update 2017-08-01 13:57:47 EDT

  None (edit)
Description Stefan Berger 2015-08-03 11:58:53 EDT
Description of problem:

Failures in RSA_PopulatePrivateKey

Version-Release number of selected component (if applicable):

nss-softokn-freebl-3.16.2.3-9.el7.x86_64.rpm


How reproducible:

This is not easy to reproduce due to the software I am using to call RSA_PopulatePrivateKey. The result is that sometimes this function fails, other times it succeeds. What helped was a downgrade of the package using

yum -y downgrade nss-softokn-freebl-3.15.4-2.el7 nss-softokn-freebl-devel-3.15.4-2.el7 nss-softokn-3.15.4-2.el7 nss-softokn-devel-3.15.4-2.el7 nss-3.15.4-6.el7 nss-tools-3.15.4-6.el7 nss-devel-3.15.4-6.el7 nss-sysinit-3.15.4-6.el7


I am running a test suite that is part of a swtpm package located here:

https://github.com/stefanberger/swtpm.git

It builds on top of libtpms located here:

https://github.com/stefanberger/libtpms.git

Steps to Reproduce:
1. libtpms: ./configure --prefix=/usr ; make ; sudo make install
2. swtpm: ./configure --prefix=/usr ; make check
3. swtpm individual test: ./tests/test_hashing

Actual results:

Test cases are sometimes failing, sometimes passing when using nss-softokn-freebl 3.16.2.3-9.el7

Expected results:

Test case should always pass.

Additional info:

It looks to me we are hitting the bug described here:

https://bugzilla.mozilla.org/show_bug.cgi?id=992240
Comment 5 Kai Engert (:kaie) (inactive account) 2016-10-18 09:57:42 EDT
I see upstream has fixed the bug, and the fix will be released with NSS 3.28 later this year.

The fix was inside the softokn module, which we keep at a FIPS validated snapshot, so it's not yet possible to say when this can be fixed in RHEL 7.x
Comment 17 errata-xmlrpc 2017-08-01 12:47:42 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2017:1977

Note You need to log in before you can comment on or make changes to this bug.