diff options
author | Martin Thomson <martin.thomson@gmail.com> | 2015-05-20 17:18:49 -0700 |
---|---|---|
committer | Martin Thomson <martin.thomson@gmail.com> | 2015-05-20 17:18:49 -0700 |
commit | e8ba2bddb56757423221e1b5aa0147e0c4ee2e04 (patch) | |
tree | 3762a335bf9651103f6bf8e97ffaffda90395e55 | |
parent | adb32210c1eefa7d568149d8a705c86d97dd572b (diff) | |
download | nss-hg-e8ba2bddb56757423221e1b5aa0147e0c4ee2e04.tar.gz |
Bug 1138554 - Explanation for numbers, r=wtcNSS_3_19_1_BETA1
-rw-r--r-- | lib/freebl/blapit.h | 3 | ||||
-rw-r--r-- | lib/ssl/ssl3con.c | 4 |
2 files changed, 5 insertions, 2 deletions
diff --git a/lib/freebl/blapit.h b/lib/freebl/blapit.h index 7bad59d41..a43edef5b 100644 --- a/lib/freebl/blapit.h +++ b/lib/freebl/blapit.h @@ -141,6 +141,9 @@ typedef int __BLAPI_DEPRECATED __attribute__((deprecated)); #define RSA_MIN_MODULUS_BITS 512 #define RSA_MAX_MODULUS_BITS 16384 #define RSA_MAX_EXPONENT_BITS 64 +/* 1023 to avoid cases where p = 2q+1 for a 512-bit q turns out to be + * only 1023 bits and similar. We don't have good data on whether this + * happens because NSS used to count bit lengths incorrectly. */ #define DH_MIN_P_BITS 1023 #define DH_MAX_P_BITS 16384 diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c index fa18667c9..8f67aeebb 100644 --- a/lib/ssl/ssl3con.c +++ b/lib/ssl/ssl3con.c @@ -10050,8 +10050,8 @@ ssl3_AuthCertificate(sslSocket *ss) KeyType pubKeyType = SECKEY_GetPublicKeyType(pubKey); /* Too small: not good enough. Send a fatal alert. */ /* TODO: Use 1023 for RSA because a higher RSA_MIN_MODULUS_BITS - * breaks export cipher suites; when those are removed, increase - * RSA_MIN_MODULUS_BITS and use that here. */ + * breaks export cipher suites, not 1024 to be conservative; when + * export removed, increase RSA_MIN_MODULUS_BITS and use that. */ /* We aren't checking EC here on the understanding that we only * support curves we like, a decision that might need revisiting. */ if (((pubKeyType == rsaKey || pubKeyType == rsaPssKey || |