Bug 500454 - NSS does not handle ECC correctly
Summary: NSS does not handle ECC correctly
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: nss
Version: 5.5
Hardware: All
OS: Linux
low
medium
Target Milestone: rc
: ---
Assignee: Kai Engert (:kaie) (inactive account)
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On:
Blocks: 500877
TreeView+ depends on / blocked
 
Reported: 2009-05-12 18:49 UTC by Bob Relyea
Modified: 2009-11-06 19:12 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-11-06 19:12:12 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Bob Relyea 2009-05-12 18:49:35 UTC 
Description of problem:

NSS does not implement the ECC PKCS #11 boundary correctly. This causes a number of HSMs to fail when used with NSS. This problem has been fixed upstream in Mozilla bug https://bugzilla.mozilla.org/show_bug.cgi?id=480280 .


Version-Release number of selected component (if applicable):


How reproducible:
Install and ECC capable HSM and try to use it.


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

The fix changes NSS to conform to the PKCS #11 spec. Some PKCS #11 modules may have conformed to NSS usage. To maintain support for those modules NSS accepts a define "NSS_USE_DECODED_CKA_EC_POINT" which tells NSS to revert to the old usage.

bob
Comment 1 RHEL Program Management 2009-11-06 19:03:47 UTC 
This request was evaluated by Red Hat Product Management for
inclusion, but this component is not scheduled to be updated in
the current Red Hat Enterprise Linux release. If you would like
this request to be reviewed for the next minor release, ask your
support representative to set the next rhel-x.y flag to "?".
Comment 2 Bob Relyea 2009-11-06 19:12:12 UTC 
This bug is already fixed.
Note You need to log in before you can comment on or make changes to this bug.