mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-29 02:38:22 -05:00
TLS client: Reject RSA-DHE prime if it shorter than 768 bits
Such short primes cannot really be considered secure enough for authentication purposes. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
817742f5aa
commit
f5bbb2f284
@ -409,12 +409,37 @@ static int tls_process_certificate(struct tlsv1_client *conn, u8 ct,
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static unsigned int count_bits(const u8 *val, size_t len)
|
||||||
|
{
|
||||||
|
size_t i;
|
||||||
|
unsigned int bits;
|
||||||
|
u8 tmp;
|
||||||
|
|
||||||
|
for (i = 0; i < len; i++) {
|
||||||
|
if (val[i])
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
if (i == len)
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
bits = (len - i - 1) * 8;
|
||||||
|
tmp = val[i];
|
||||||
|
while (tmp) {
|
||||||
|
bits++;
|
||||||
|
tmp >>= 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
return bits;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
static int tlsv1_process_diffie_hellman(struct tlsv1_client *conn,
|
static int tlsv1_process_diffie_hellman(struct tlsv1_client *conn,
|
||||||
const u8 *buf, size_t len,
|
const u8 *buf, size_t len,
|
||||||
tls_key_exchange key_exchange)
|
tls_key_exchange key_exchange)
|
||||||
{
|
{
|
||||||
const u8 *pos, *end, *server_params, *server_params_end;
|
const u8 *pos, *end, *server_params, *server_params_end;
|
||||||
u8 alert;
|
u8 alert;
|
||||||
|
unsigned int bits;
|
||||||
|
|
||||||
tlsv1_client_free_dh(conn);
|
tlsv1_client_free_dh(conn);
|
||||||
|
|
||||||
@ -431,6 +456,14 @@ static int tlsv1_process_diffie_hellman(struct tlsv1_client *conn,
|
|||||||
(unsigned long) conn->dh_p_len);
|
(unsigned long) conn->dh_p_len);
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
|
bits = count_bits(pos, conn->dh_p_len);
|
||||||
|
if (bits < 768) {
|
||||||
|
wpa_printf(MSG_INFO, "TLSv1: Reject under 768-bit DH prime (insecure; only %u bits)",
|
||||||
|
bits);
|
||||||
|
wpa_hexdump(MSG_DEBUG, "TLSv1: Rejected DH prime",
|
||||||
|
pos, conn->dh_p_len);
|
||||||
|
goto fail;
|
||||||
|
}
|
||||||
conn->dh_p = os_malloc(conn->dh_p_len);
|
conn->dh_p = os_malloc(conn->dh_p_len);
|
||||||
if (conn->dh_p == NULL)
|
if (conn->dh_p == NULL)
|
||||||
goto fail;
|
goto fail;
|
||||||
|
Loading…
Reference in New Issue
Block a user