From 1da1e686a87ad9f95d26786d2b53a1a4c280189f Mon Sep 17 00:00:00 2001
From: agl <agl@chromium.org>
Date: Wed, 20 May 2015 13:20:29 -0700
Subject: [PATCH] NSS: reject DH groups smaller than 1024 bits.

Since some platforms are still using NSS for now, this change mirrors https://boringssl-review.googlesource.com/#/c/4813/ in NSS.

BUG=490240

Review URL: https://codereview.chromium.org/1143303002

Cr-Commit-Position: refs/heads/master@{#330791}
---
 net/third_party/nss/ssl/ssl3con.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c
index 89c98ea..861d434 100644
--- a/net/third_party/nss/ssl/ssl3con.c
+++ b/net/third_party/nss/ssl/ssl3con.c
@@ -6946,7 +6946,8 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
     	if (rv != SECSuccess) {
 	    goto loser;		/* malformed. */
 	}
-	if (dh_p.len < 512/8) {
+	if (dh_p.len < 1024/8 ||
+	    (dh_p.len == 1024/8 && (dh_p.data[0] & 0x80) == 0)) {
 	    errCode = SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY;
 	    goto alert_loser;
 	}
-- 
2.4.2