rpms / nss

Clone
Source Code
GIT

Files

  1.   ef3085f396d2aa800cde816676d945c610ec5a1c
  2.   SOURCES
  3.   ssl-server-min-key-sizes.patch
Blob Blame History Raw 
diff -up nss/lib/ssl/ssl3con.c.min_key_sizes nss/lib/ssl/ssl3con.c
--- nss/lib/ssl/ssl3con.c.min_key_sizes	2015-06-08 11:38:41.154472496 -0700
+++ nss/lib/ssl/ssl3con.c	2015-06-08 11:43:45.538294127 -0700
@@ -6743,7 +6743,7 @@ ssl3_HandleServerKeyExchange(sslSocket *
 	    goto loser;		/* malformed. */
 	}
         dh_p_bits = SECKEY_BigIntegerBitLength(&dh_p);
-        if (dh_p_bits < DH_MIN_P_BITS) {
+        if (dh_p_bits < SSL_DH_MIN_P_BITS) {
 	    errCode = SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY;
 	    goto alert_loser;
 	}
@@ -10056,9 +10056,12 @@ ssl3_AuthCertificate(sslSocket *ss)
             /* We aren't checking EC here on the understanding that we only
              * support curves we like, a decision that might need revisiting. */
             if (((pubKeyType == rsaKey || pubKeyType == rsaPssKey ||
-                  pubKeyType == rsaOaepKey) && ss->sec.authKeyBits < 1023) ||
-                (pubKeyType == dsaKey && ss->sec.authKeyBits < DSA_MIN_P_BITS) ||
-                (pubKeyType == dhKey && ss->sec.authKeyBits < DH_MIN_P_BITS)) {
+                  pubKeyType == rsaOaepKey) &&
+                  ss->sec.authKeyBits < SSL_RSA_MIN_MODULUS_BITS) ||
+                (pubKeyType == dsaKey &&
+                 ss->sec.authKeyBits < SSL_DSA_MIN_P_BITS) ||
+                (pubKeyType == dhKey &&
+                 ss->sec.authKeyBits < SSL_DH_MIN_P_BITS)) {
                 PORT_SetError(SSL_ERROR_WEAK_SERVER_CERT_KEY);
                 (void)SSL3_SendAlert(ss, alert_fatal,
                                      ss->version >= SSL_LIBRARY_VERSION_TLS_1_0
diff -up nss/lib/ssl/sslimpl.h.min_key_sizes nss/lib/ssl/sslimpl.h
--- nss/lib/ssl/sslimpl.h.min_key_sizes	2015-06-08 11:39:30.287475197 -0700
+++ nss/lib/ssl/sslimpl.h	2015-06-08 11:46:14.262275334 -0700
@@ -153,6 +153,15 @@ typedef enum { SSLAppOpRead = 0,
 
 #define EXPORT_RSA_KEY_LENGTH 64	/* bytes */
 
+/* The minimum server key sizes accepted by the clients.
+ * Not 1024 to be conservative. */
+#define SSL_RSA_MIN_MODULUS_BITS 1023
+/* 1023 to avoid cases where p = 2q+1 for a 512-bit q turns out to be
+ * only 1023 bits and similar.  We don't have good data on whether this
+ * happens because NSS used to count bit lengths incorrectly. */
+#define SSL_DH_MIN_P_BITS 768
+#define SSL_DSA_MIN_P_BITS 1023
+
 #define INITIAL_DTLS_TIMEOUT_MS   1000  /* Default value from RFC 4347 = 1s*/
 #define MAX_DTLS_TIMEOUT_MS      60000  /* 1 minute */
 #define DTLS_FINISHED_TIMER_MS  120000  /* Time to wait in FINISHED state */

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation