Bug 500454 - NSS does not handle ECC correctly
NSS does not handle ECC correctly
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: nss (Show other bugs)
5.5
All Linux
low Severity medium
: rc
: ---
Assigned To: Kai Engert (:kaie)
BaseOS QE Security Team
:
Depends On:
Blocks: 500877
  Show dependency treegraph
 
Reported: 2009-05-12 14:49 EDT by Bob Relyea
Modified: 2009-11-06 14:12 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-11-06 14:12:12 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Bob Relyea 2009-05-12 14:49:35 EDT
Description of problem:

NSS does not implement the ECC PKCS #11 boundary correctly. This causes a number of HSMs to fail when used with NSS. This problem has been fixed upstream in Mozilla bug https://bugzilla.mozilla.org/show_bug.cgi?id=480280 .


Version-Release number of selected component (if applicable):


How reproducible:
Install and ECC capable HSM and try to use it.


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

The fix changes NSS to conform to the PKCS #11 spec. Some PKCS #11 modules may have conformed to NSS usage. To maintain support for those modules NSS accepts a define "NSS_USE_DECODED_CKA_EC_POINT" which tells NSS to revert to the old usage.

bob
Comment 1 RHEL Product and Program Management 2009-11-06 14:03:47 EST
This request was evaluated by Red Hat Product Management for
inclusion, but this component is not scheduled to be updated in
the current Red Hat Enterprise Linux release. If you would like
this request to be reviewed for the next minor release, ask your
support representative to set the next rhel-x.y flag to "?".
Comment 2 Bob Relyea 2009-11-06 14:12:12 EST
This bug is already fixed.

Note You need to log in before you can comment on or make changes to this bug.