Bug 1417665 - RSA-PSS signatures with keys that have modulus_bits % 8 > 0 are not supported
Summary: RSA-PSS signatures with keys that have modulus_bits % 8 > 0 are not supported
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: nss-softokn
Version: 7.3
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: ---
Assignee: Daiki Ueno
QA Contact: Hubert Kario
Depends On: 1457789
Blocks: rhel7-rsa-pss-in-nss rhel7-nss-tls1.3
TreeView+ depends on / blocked
Reported: 2017-01-30 15:28 UTC by Hubert Kario
Modified: 2018-04-10 09:25 UTC (History)
7 users (show)

Fixed In Version: nss-softokn-3.34.0-0.2.beta1.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2018-04-10 09:23:57 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Mozilla Foundation 1334474 0 -- RESOLVED Support RSA-PSS signatures with (modulus_bits % 8 > 0) 2020-11-02 17:00:26 UTC
Red Hat Product Errata RHEA-2018:0679 0 None None None 2018-04-10 09:25:17 UTC

Description Hubert Kario 2017-01-30 15:28:27 UTC
NSS fails to correctly handle keys with modulus that is not multiple of 8.

Comment 1 Kai Engert (:kaie) (inactive account) 2017-01-30 15:34:16 UTC
Hubert says we need this softokn change for RHEL 7.4.0

Because upstream added if AFTER 3.28, we must make sure it's included as a backported patch.

Daiki, could you please check, can this be easily backported? Or does it depend on other changes after 3.28 ?

What do you recommend?

Comment 2 Daiki Ueno 2017-01-30 15:49:03 UTC
Yes, it would be easy to backport this.

Comment 3 Kai Engert (:kaie) (inactive account) 2017-02-24 14:21:40 UTC
(In reply to Daiki Ueno from comment #2)
> Yes, it would be easy to backport this.

thanks, setting devel-ack+

Comment 19 errata-xmlrpc 2018-04-10 09:23:57 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.