Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(291)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/third_party/nss/ssl/ssl3con.c

Issue 1143303002: NSS: reject DH groups smaller than 1024 bits. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: include patch file Created 5 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/third_party/nss/patches/dh1024.patch ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ 1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
2 /* 2 /*
3 * SSL3 Protocol 3 * SSL3 Protocol
4 * 4 *
5 * This Source Code Form is subject to the terms of the Mozilla Public 5 * This Source Code Form is subject to the terms of the Mozilla Public
6 * License, v. 2.0. If a copy of the MPL was not distributed with this 6 * License, v. 2.0. If a copy of the MPL was not distributed with this
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
8 8
9 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */ 9 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */
10 10
(...skipping 6928 matching lines...) Expand 10 before | Expand all | Expand 10 after
6939 6939
6940 case kt_dh: { 6940 case kt_dh: {
6941 SECItem dh_p = {siBuffer, NULL, 0}; 6941 SECItem dh_p = {siBuffer, NULL, 0};
6942 SECItem dh_g = {siBuffer, NULL, 0}; 6942 SECItem dh_g = {siBuffer, NULL, 0};
6943 SECItem dh_Ys = {siBuffer, NULL, 0}; 6943 SECItem dh_Ys = {siBuffer, NULL, 0};
6944 6944
6945 rv = ssl3_ConsumeHandshakeVariable(ss, &dh_p, 2, &b, &length); 6945 rv = ssl3_ConsumeHandshakeVariable(ss, &dh_p, 2, &b, &length);
6946 if (rv != SECSuccess) { 6946 if (rv != SECSuccess) {
6947 goto loser; /* malformed. */ 6947 goto loser; /* malformed. */
6948 } 6948 }
6949 » if (dh_p.len < 512/8) { 6949 » if (dh_p.len < 1024/8 ||
6950 » (dh_p.len == 1024/8 && (dh_p.data[0] & 0x80) == 0)) {
6950 errCode = SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY; 6951 errCode = SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY;
6951 goto alert_loser; 6952 goto alert_loser;
6952 } 6953 }
6953 rv = ssl3_ConsumeHandshakeVariable(ss, &dh_g, 2, &b, &length); 6954 rv = ssl3_ConsumeHandshakeVariable(ss, &dh_g, 2, &b, &length);
6954 if (rv != SECSuccess) { 6955 if (rv != SECSuccess) {
6955 goto loser; /* malformed. */ 6956 goto loser; /* malformed. */
6956 } 6957 }
6957 if (dh_g.len > dh_p.len || !ssl3_BigIntGreaterThanOne(&dh_g)) 6958 if (dh_g.len > dh_p.len || !ssl3_BigIntGreaterThanOne(&dh_g))
6958 goto alert_loser; 6959 goto alert_loser;
6959 rv = ssl3_ConsumeHandshakeVariable(ss, &dh_Ys, 2, &b, &length); 6960 rv = ssl3_ConsumeHandshakeVariable(ss, &dh_Ys, 2, &b, &length);
(...skipping 5928 matching lines...) Expand 10 before | Expand all | Expand 10 after
12888 PORT_Free(ss->ssl3.hs.recvdFragments.buf); 12889 PORT_Free(ss->ssl3.hs.recvdFragments.buf);
12889 } 12890 }
12890 } 12891 }
12891 12892
12892 ss->ssl3.initialized = PR_FALSE; 12893 ss->ssl3.initialized = PR_FALSE;
12893 12894
12894 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); 12895 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE);
12895 } 12896 }
12896 12897
12897 /* End of ssl3con.c */ 12898 /* End of ssl3con.c */
OLDNEW
« no previous file with comments | « net/third_party/nss/patches/dh1024.patch ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698