Closed
Bug 150708
Opened 22 years ago
Closed 22 years ago
S/MIME bug: Incorrect keysize when finding bulk algorithm for recipients.
Categories
(NSS :: Libraries, defect, P1)
Tracking
(Not tracked)
RESOLVED
FIXED
3.6
People
(Reporter: ddrinan0264, Assigned: wtc)
References
Details
Attachments
(1 file)
609 bytes,
patch
|
Details | Diff | Splinter Review |
The S/MIME function to find the bulk algorithm and keyszie for recipients (NSS_SMIMEUtil_FindBulkAlgForRecipients) always returns a keysize of -1. This can cause keygen failures on certain algorithms e.g. RC2. The RC2 case will happen if the recipient is using weak crypto or has a 512 bit cert. Another thing to consider is what should the app do when it uses RC2 40 bit, considering that RC2 40 bit is relativity easy to break? Should it warn the user?
Reporter | ||
Comment 1•22 years ago
|
||
Fix to return the correct key length.
Assignee | ||
Comment 2•22 years ago
|
||
David, thanks for the patch. I think your patch is correct judging from the function's name and prototype. The bug seems to be an error in cutting and pasting from the previous line. You can go ahead and check it into the tip of NSS. Does this bug affect MachV?
Status: NEW → ASSIGNED
Priority: -- → P1
Target Milestone: --- → 3.6
Assignee | ||
Updated•22 years ago
|
Priority: -- → P1
Target Milestone: --- → 3.6
Comment 4•22 years ago
|
||
I'm not sure what has to be done or checked for PSM / Mach V. I have filed PSM bug 150809, to allow us to handle the application action independently of this NSS bug.
Assignee | ||
Comment 5•22 years ago
|
||
Marked the bug fixed.
Status: ASSIGNED → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•