diff options
| author | wolfbeast <mcwerewolf@gmail.com> | 2018-08-14 07:52:35 +0200 |
|---|---|---|
| committer | wolfbeast <mcwerewolf@gmail.com> | 2018-08-14 16:42:52 +0200 |
| commit | ab1060037931158d3a8bf4c8f9f6cb4dbfe916e9 (patch) | |
| tree | 5e4677e52b9a349602f04135a44b3000c8baa97b /security/nss/lib/ssl/sslcert.c | |
| parent | f44e99950fc25d16a3cdaffe26dadf7b58a9d38c (diff) | |
| download | UXP-ab1060037931158d3a8bf4c8f9f6cb4dbfe916e9.tar UXP-ab1060037931158d3a8bf4c8f9f6cb4dbfe916e9.tar.gz UXP-ab1060037931158d3a8bf4c8f9f6cb4dbfe916e9.tar.lz UXP-ab1060037931158d3a8bf4c8f9f6cb4dbfe916e9.tar.xz UXP-ab1060037931158d3a8bf4c8f9f6cb4dbfe916e9.zip | |
Update NSS to 3.38
- Added HACL*Poly1305 32-bit (INRIA/Microsoft)
- Updated to final TLS 1.3 draft version (28)
- Removed TLS 1.3 prerelease draft limit check
- Removed NPN code
- Enabled dev/urandom-only RNG on Linux with NSS_SEED_ONLY_DEV_URANDOM for non-standard environments
- Fixed several bugs with TLS 1.3 negotiation
- Updated internal certificate store
- Added support for the TLS Record Size Limit Extension.
- Fixed CVE-2018-0495
- Various security fixes in the ASN.1 code.
Diffstat (limited to 'security/nss/lib/ssl/sslcert.c')
| -rw-r--r-- | security/nss/lib/ssl/sslcert.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/security/nss/lib/ssl/sslcert.c b/security/nss/lib/ssl/sslcert.c index 6cd02e402..1c3ddb0e7 100644 --- a/security/nss/lib/ssl/sslcert.c +++ b/security/nss/lib/ssl/sslcert.c @@ -256,7 +256,8 @@ ssl_PopulateKeyPair(sslServerCert *sc, sslKeyPair *keyPair) /* Get the size of the cert's public key, and remember it. */ sc->serverKeyBits = SECKEY_PublicKeyStrengthInBits(keyPair->pubKey); - if (sc->serverKeyBits == 0) { + if (sc->serverKeyBits == 0 || + (keyType == rsaKey && sc->serverKeyBits > SSL_MAX_RSA_KEY_BITS)) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } |