RSA key size limits are not uniformly applied in freebl and softoken

ASSIGNED
Assigned to

Status

P3
normal
ASSIGNED
13 years ago
8 years ago

People

(Reporter: wtc, Assigned: wtc)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Assignee)

Description

13 years ago
This bug is the continuation of bug 295298, which we
didn't have time to fix completely in NSS 3.10.2.

The RSA algorithms has a hardcoded limit of 8192 bits
in freebl/rsa.c . But that limit is only applied to
public key ops and key pair generation.  It is not
applied to private key ops.

We should impose the RSA key size limits in softoken
also.  While we're at it, we may also want to check out
limits for DSA and DH keys and params, too.

Softoken imposes lower bounds on RSA public key sizes with
calls to sftk_ConstrainAttribute in sftk_handlePublicKeyObject (near
http://lxr.mozilla.org/security/source/security/nss/lib/softoken/pkcs11.c#1047 )
but does not impose an upper bound.  Since we now have an
upper bound, it should be imposed at key import/derive/unwrap/gen
time also, and imposing the limit in the calls to
sftk_ConstrainAttribute would do that.

sftk_handlePrivateKeyObject (near
http://lxr.mozilla.org/security/source/security/nss/lib/softoken/pkcs11.c#1198
should impose similar limits on the corresponding private keys.
(Assignee)

Updated

13 years ago
Status: NEW → ASSIGNED
Priority: -- → P3
Target Milestone: --- → 3.12
QA Contact: jason.m.reid → libraries
Unsetting target milestone in unresolved bugs whose targets have passed.
Target Milestone: 3.12 → ---
You need to log in before you can comment on or make changes to this bug.