diff options
| author | Allan Sandfeld Jensen <allan.jensen@theqtcompany.com> | 2015-05-21 14:09:44 +0200 |
|---|---|---|
| committer | Allan Sandfeld Jensen <allan.jensen@theqtcompany.com> | 2015-05-21 12:21:41 +0000 |
| commit | 85973dd6b8b9bd9fea0a9b3e9441919d8da10974 (patch) | |
| tree | f064f1f5b3af1b70f614a5ee039be9a688d082c6 /chromium/net | |
| parent | 140893bef70011645c686f5fabe45018dd2e392a (diff) | |
| download | qtwebengine-chromium-37.0.2062-based.tar.gz | |
Increase minimum DH size to 1024 bitsv5.4.237.0.2062-based
Applying upstream fixes to openssl and NSS, fixing the weakdh/logjam
issue.
See http://code.google.com/p/chromium/issues/detail?id=490240
Change-Id: Ifc4ff53e52583e6214b0064d8f4d38373729e756
Task-number: QTBUG-46261
Reviewed-by: Andras Becsi <andras.becsi@theqtcompany.com>
Diffstat (limited to 'chromium/net')
| -rw-r--r-- | chromium/net/third_party/nss/README.chromium | 3 | ||||
| -rwxr-xr-x | chromium/net/third_party/nss/patches/applypatches.sh | 2 | ||||
| -rw-r--r-- | chromium/net/third_party/nss/ssl/ssl3con.c | 3 |
3 files changed, 7 insertions, 1 deletions
diff --git a/chromium/net/third_party/nss/README.chromium b/chromium/net/third_party/nss/README.chromium index a1c53038b13..b3f98533c73 100644 --- a/chromium/net/third_party/nss/README.chromium +++ b/chromium/net/third_party/nss/README.chromium @@ -109,6 +109,9 @@ Patches: patches/ignorechangecipherspec.patch https://bugzilla.mozilla.org/show_bug.cgi?id=1009227 + * Increase the minimum DH group size to 1024 + patches/dh1024.patch + Apply the patches to NSS by running the patches/applypatches.sh script. Read the comments at the top of patches/applypatches.sh for instructions. diff --git a/chromium/net/third_party/nss/patches/applypatches.sh b/chromium/net/third_party/nss/patches/applypatches.sh index b5f9d30a197..f8c1f6c3edd 100755 --- a/chromium/net/third_party/nss/patches/applypatches.sh +++ b/chromium/net/third_party/nss/patches/applypatches.sh @@ -50,3 +50,5 @@ patch -p4 < $patches_dir/nssrwlock.patch patch -p4 < $patches_dir/paddingextvalue.patch patch -p4 < $patches_dir/reorderextensions.patch + +patch -p2 < $patches_dir/dh1024.patch diff --git a/chromium/net/third_party/nss/ssl/ssl3con.c b/chromium/net/third_party/nss/ssl/ssl3con.c index 7ff7beacbc1..67fdfe1d28f 100644 --- a/chromium/net/third_party/nss/ssl/ssl3con.c +++ b/chromium/net/third_party/nss/ssl/ssl3con.c @@ -6922,7 +6922,8 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) if (rv != SECSuccess) { goto loser; /* malformed. */ } - if (dh_p.len < 512/8) { + if (dh_p.len < 1024/8 || + (dh_p.len == 1024/8 && (dh_p.data[0] & 0x80) == 0)) { errCode = SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY; goto alert_loser; } |