Closed Bug 1767943 Opened 3 years ago Closed 3 years ago

Audit RSA-PSS bounds checks for Delegated Credentials

Tracking

(Not tracked)

Status:

RESOLVED FIXED

People

(Reporter: djackson, Unassigned)

References

Details

Dennis Jackson

Reporter

Description

•

3 years ago

I stumbled across this warning regarding ssl_sig_rsa_pss_pss_sha_* signature schemes (which shipped in 1088140) and delegated credentials.

We should audit this.

John Schanck [:jschanck]

Comment 1

•

3 years ago

I reviewed the warning that Dennis mentioned above. The sEnabledSignatureSchemes list contains ssl_sig_rsa_pss_rsae_* (by way of these aliases) but not ssl_sig_rsa_pss_pss_sha_*. Nothing needs to be done.

Group: crypto-core-security

Status: NEW → RESOLVED

Closed: 3 years ago

Keywords: sec-audit

Resolution: --- → FIXED

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Audit RSA-PSS bounds checks for Delegated Credentials

Categories

(NSS :: Libraries, task)

Tracking

(Not tracked)

People

(Reporter: djackson, Unassigned)

References

Details

Crash Data

Security

(public)

User Story

Description

Comment 1