Update NSS to NSS 3.14 pre-release snapshot 2012-06-26 01:00:00 PDT.

mozilla/security/nss/lib/freebl/dh.c

Index: mozilla/security/nss/lib/freebl/dh.c
===================================================================
--- mozilla/security/nss/lib/freebl/dh.c	(revision 164196)
+++ mozilla/security/nss/lib/freebl/dh.c	(working copy)
@@ -21,9 +21,28 @@
 #include "mpprime.h"
 #include "secmpi.h"
 
-#define DH_SECRET_KEY_LEN      20
 #define KEA_DERIVED_SECRET_LEN 128
 
+/* Lengths are in bytes. */
+static unsigned int
+dh_GetSecretKeyLen(unsigned int primeLen)
+{
+    /* Based on Table 2 in NIST SP 800-57. */
+    if (primeLen >= 1920) { /* 15360 bits */
+        return 64;  /* 512 bits */
+    }
+    if (primeLen >= 960) { /* 7680 bits */
+        return 48;  /* 384 bits */
+    }
+    if (primeLen >= 384) { /* 3072 bits */
+        return 32;  /* 256 bits */
+    }
+    if (primeLen >= 256) { /* 2048 bits */
+        return 28;  /* 224 bits */
+    }
+    return 20;  /* 160 bits */
+}
+
 SECStatus 
 DH_GenParam(int primeLen, DHParams **params)
 {
@@ -154,7 +173,8 @@
     CHECK_SEC_OK( SECITEM_CopyItem(arena, &key->base, &params->base) );
     SECITEM_TO_MPINT(key->base, &g);
     /* Generate private key xa */
-    SECITEM_AllocItem(arena, &key->privateValue, DH_SECRET_KEY_LEN);
+    SECITEM_AllocItem(arena, &key->privateValue,
+                      dh_GetSecretKeyLen(params->prime.len));
     RNG_GenerateGlobalRandomBytes(key->privateValue.data, 
                                   key->privateValue.len);
     SECITEM_TO_MPINT( key->privateValue, &xa );