Open
Bug 308724
Opened 19 years ago
Updated 1 year ago
RSA key size limits are not uniformly applied in freebl and softoken
Categories
(NSS :: Libraries, defect, P3)
Tracking
(Not tracked)
NEW
People
(Reporter: wtc, Unassigned)
Details
This bug is the continuation of bug 295298, which we didn't have time to fix completely in NSS 3.10.2. The RSA algorithms has a hardcoded limit of 8192 bits in freebl/rsa.c . But that limit is only applied to public key ops and key pair generation. It is not applied to private key ops. We should impose the RSA key size limits in softoken also. While we're at it, we may also want to check out limits for DSA and DH keys and params, too. Softoken imposes lower bounds on RSA public key sizes with calls to sftk_ConstrainAttribute in sftk_handlePublicKeyObject (near http://lxr.mozilla.org/security/source/security/nss/lib/softoken/pkcs11.c#1047 ) but does not impose an upper bound. Since we now have an upper bound, it should be imposed at key import/derive/unwrap/gen time also, and imposing the limit in the calls to sftk_ConstrainAttribute would do that. sftk_handlePrivateKeyObject (near http://lxr.mozilla.org/security/source/security/nss/lib/softoken/pkcs11.c#1198 should impose similar limits on the corresponding private keys.
|
Reporter | |
Updated•19 years ago
|
Status: NEW → ASSIGNED
Priority: -- → P3
Target Milestone: --- → 3.12
|
||
Updated•18 years ago
|
QA Contact: jason.m.reid → libraries
|
|
||
Comment 1•15 years ago
|
||
Unsetting target milestone in unresolved bugs whose targets have passed.
Target Milestone: 3.12 → ---
|
||
Updated•2 years ago
|
Severity: normal → S3
|
||
Comment 2•1 year ago
|
||
The bug assignee is inactive on Bugzilla, so the assignee is being reset.
Assignee: wtc → nobody
Status: ASSIGNED → NEW
You need to log in
before you can comment on or make changes to this bug.
Description
•