From 1da1e686a87ad9f95d26786d2b53a1a4c280189f Mon Sep 17 00:00:00 2001 From: agl Date: Wed, 20 May 2015 13:20:29 -0700 Subject: [PATCH] NSS: reject DH groups smaller than 1024 bits. Since some platforms are still using NSS for now, this change mirrors https://boringssl-review.googlesource.com/#/c/4813/ in NSS. BUG=490240 Review URL: https://codereview.chromium.org/1143303002 Cr-Commit-Position: refs/heads/master@{#330791} --- net/third_party/nss/ssl/ssl3con.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c index 89c98ea..861d434 100644 --- a/net/third_party/nss/ssl/ssl3con.c +++ b/net/third_party/nss/ssl/ssl3con.c @@ -6946,7 +6946,8 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) if (rv != SECSuccess) { goto loser; /* malformed. */ } - if (dh_p.len < 512/8) { + if (dh_p.len < 1024/8 || + (dh_p.len == 1024/8 && (dh_p.data[0] & 0x80) == 0)) { errCode = SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY; goto alert_loser; } -- 2.4.2