Description[webcrypto] Disable RSA key import for NSS versions less than 3.16.2.
Prior to NSS 3.16.2 there wasn't any validation of the RSA key parameters.
This has several consequences:
* Importing an RSA private key with another key's public modulus can be used to gain access to that key.
* importKey() can succeed for invalid RSA keys (invalid n, e, d, p, q etc).
This only affects Linux, since other platforms of Chromium bundle NSS/OpenSSL.
BUG=380424, 378315
R=rsleevi@chromium.org
Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=278803
Patch Set 1 #
Total comments: 2
Patch Set 2 : Use rsleevi's code to test softoken version #Patch Set 3 : use != SECSuccess rather than == SECFailure #Patch Set 4 : Exclude checks from being run when using embedded NSS #Patch Set 5 : Exclude ChromeOS from ifdef #Patch Set 6 : Don't run rsaoaep or rsa key import tests on ChromeOS (since NSS hasn't rolled yet) #Patch Set 7 : rebase onto master #
Messages
Total messages: 19 (0 generated)
|