|
 |
1b6f66 |
diff --git a/lib/nss/nssoptions.h b/lib/nss/nssoptions.h
|
|
|
1b6f66 |
--- a/lib/nss/nssoptions.h
|
|
|
1b6f66 |
+++ b/lib/nss/nssoptions.h
|
|
|
1b6f66 |
@@ -11,11 +11,11 @@
|
|
|
1b6f66 |
* file into NSS proper */
|
|
|
1b6f66 |
|
|
|
1b6f66 |
/* The minimum server key sizes accepted by the clients.
|
|
|
1b6f66 |
* Not 1024 to be conservative. */
|
|
|
1b6f66 |
#define SSL_RSA_MIN_MODULUS_BITS 1023
|
|
|
1b6f66 |
/* 1023 to avoid cases where p = 2q+1 for a 512-bit q turns out to be
|
|
|
1b6f66 |
* only 1023 bits and similar. We don't have good data on whether this
|
|
|
1b6f66 |
* happens because NSS used to count bit lengths incorrectly. */
|
|
|
1b6f66 |
-#define SSL_DH_MIN_P_BITS 1023
|
|
|
1b6f66 |
+#define SSL_DH_MIN_P_BITS 768
|
|
|
1b6f66 |
#define SSL_DSA_MIN_P_BITS 1023
|
|
|
1b6f66 |
|
|
|
1b6f66 |
diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
|
|
|
1b6f66 |
--- a/lib/ssl/ssl3con.c
|
|
|
1b6f66 |
+++ b/lib/ssl/ssl3con.c
|
|
|
1b6f66 |
@@ -6950,17 +6950,17 @@ ssl3_HandleServerKeyExchange(sslSocket *
|
|
|
054978 |
goto loser; /* malformed. */
|
|
|
054978 |
}
|
|
|
1b6f66 |
|
|
|
1b6f66 |
rv = NSS_OptionGet(NSS_DH_MIN_KEY_SIZE, &minDH);
|
|
|
1b6f66 |
if (rv != SECSuccess) {
|
|
|
1b6f66 |
minDH = SSL_DH_MIN_P_BITS;
|
|
|
1b6f66 |
}
|
|
|
054978 |
dh_p_bits = SECKEY_BigIntegerBitLength(&dh_p);
|
|
|
1b6f66 |
- if (dh_p_bits < minDH) {
|
|
|
054978 |
+ if (dh_p_bits < SSL_DH_MIN_P_BITS) {
|
|
|
054978 |
errCode = SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY;
|
|
|
054978 |
goto alert_loser;
|
|
|
054978 |
}
|
|
|
1b6f66 |
rv = ssl3_ConsumeHandshakeVariable(ss, &dh_g, 2, &b, &length);
|
|
|
1b6f66 |
if (rv != SECSuccess) {
|
|
|
1b6f66 |
goto loser; /* malformed. */
|
|
|
1b6f66 |
}
|
|
|
1b6f66 |
/* Abort if dh_g is 0, 1, or obviously too big. */
|
|
|
1b6f66 |
diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h
|
|
|
1b6f66 |
--- a/lib/ssl/sslimpl.h
|
|
|
1b6f66 |
+++ b/lib/ssl/sslimpl.h
|
|
|
1b6f66 |
@@ -24,16 +24,17 @@
|
|
|
1b6f66 |
#include "nssilock.h"
|
|
|
1b6f66 |
#include "pkcs11t.h"
|
|
|
1b6f66 |
#if defined(XP_UNIX) || defined(XP_BEOS)
|
|
|
1b6f66 |
#include "unistd.h"
|
|
|
1b6f66 |
#endif
|
|
|
1b6f66 |
#include "nssrwlk.h"
|
|
|
1b6f66 |
#include "prthread.h"
|
|
|
1b6f66 |
#include "prclist.h"
|
|
|
1b6f66 |
+#include "nssoptions.h" /* defines SSL_DH_MIN_P_BITS 768 */
|
|
|
1b6f66 |
|
|
|
1b6f66 |
#include "sslt.h" /* for some formerly private types, now public */
|
|
|
1b6f66 |
|
|
|
1b6f66 |
/* to make some of these old enums public without namespace pollution,
|
|
|
1b6f66 |
** it was necessary to prepend ssl_ to the names.
|
|
|
1b6f66 |
** These #defines preserve compatibility with the old code here in libssl.
|
|
|
1b6f66 |
*/
|
|
|
1b6f66 |
typedef SSLKEAType SSL3KEAType;
|
|
|
1b6f66 |
@@ -149,16 +150,24 @@ typedef enum { SSLAppOpRead = 0,
|
|
|
1b6f66 |
#define SSL3_SUITE_B_SUPPORTED_CURVES_MASK 0x3800000
|
|
|
1b6f66 |
|
|
|
1b6f66 |
#ifndef BPB
|
|
|
1b6f66 |
#define BPB 8 /* Bits Per Byte */
|
|
|
1b6f66 |
#endif
|
|
|
054978 |
|
|
|
054978 |
#define EXPORT_RSA_KEY_LENGTH 64 /* bytes */
|
|
|
054978 |
|
|
|
054978 |
+/* The minimum server key sizes accepted by the clients.
|
|
|
054978 |
+ * Not 1024 to be conservative. */
|
|
|
054978 |
+#define SSL_RSA_MIN_MODULUS_BITS 1023
|
|
|
054978 |
+/* 1023 to avoid cases where p = 2q+1 for a 512-bit q turns out to be
|
|
|
054978 |
+ * only 1023 bits and similar. We don't have good data on whether this
|
|
|
054978 |
+ * happens because NSS used to count bit lengths incorrectly. */
|
|
|
054978 |
+#define SSL_DSA_MIN_P_BITS 1023
|
|
|
054978 |
+
|
|
|
054978 |
#define INITIAL_DTLS_TIMEOUT_MS 1000 /* Default value from RFC 4347 = 1s*/
|
|
|
054978 |
#define MAX_DTLS_TIMEOUT_MS 60000 /* 1 minute */
|
|
|
054978 |
#define DTLS_FINISHED_TIMER_MS 120000 /* Time to wait in FINISHED state */
|
|
|
1b6f66 |
|
|
|
1b6f66 |
typedef struct sslBufferStr sslBuffer;
|
|
|
1b6f66 |
typedef struct sslConnectInfoStr sslConnectInfo;
|
|
|
1b6f66 |
typedef struct sslGatherStr sslGather;
|
|
|
1b6f66 |
typedef struct sslSecurityInfoStr sslSecurityInfo;
|