Amazing-Mirror/fragattacks
1
0
Fork 0
mirror of https://github.com/vanhoefm/fragattacks.git synced 2024-11-25 16:58:41 -05:00
Code Issues Projects Releases Wiki Activity

TLS client: Reject RSA-DHE prime if it shorter than 768 bits

Browse Source 
Such short primes cannot really be considered secure enough for
authentication purposes.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2014-03-16 12:27:52 +02:00
parent 817742f5aa
commit f5bbb2f284
1 changed files with 33 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
src/tls/tlsv1_client_read.c
View File

@ -409,12 +409,37 @@ static int tls_process_certificate(struct tlsv1_client *conn, u8 ct,
} }
static unsigned int count_bits(const u8 *val, size_t len)
{
size_t i;
unsigned int bits;
u8 tmp;
for (i = 0; i < len; i++) {
if (val[i])
break;
}
if (i == len)
return 0;
bits = (len - i - 1) * 8;
tmp = val[i];
while (tmp) {
bits++;
tmp >>= 1;
}
return bits;
}
static int tlsv1_process_diffie_hellman(struct tlsv1_client *conn, static int tlsv1_process_diffie_hellman(struct tlsv1_client *conn,
const u8 *buf, size_t len, const u8 *buf, size_t len,
tls_key_exchange key_exchange) tls_key_exchange key_exchange)
{ {
const u8 *pos, *end, *server_params, *server_params_end; const u8 *pos, *end, *server_params, *server_params_end;
u8 alert; u8 alert;
unsigned int bits;
tlsv1_client_free_dh(conn); tlsv1_client_free_dh(conn);
@ -431,6 +456,14 @@ static int tlsv1_process_diffie_hellman(struct tlsv1_client *conn,
(unsigned long) conn->dh_p_len); (unsigned long) conn->dh_p_len);
goto fail; goto fail;
} }
bits = count_bits(pos, conn->dh_p_len);
if (bits < 768) {
wpa_printf(MSG_INFO, "TLSv1: Reject under 768-bit DH prime (insecure; only %u bits)",
bits);
wpa_hexdump(MSG_DEBUG, "TLSv1: Rejected DH prime",
pos, conn->dh_p_len);
goto fail;
}
conn->dh_p = os_malloc(conn->dh_p_len); conn->dh_p = os_malloc(conn->dh_p_len);
if (conn->dh_p == NULL) if (conn->dh_p == NULL)
goto fail; goto fail;