Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-16 05:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge remote-tracking branch 'origin/fastpath'

Browse source 
* origin/fastpath:
  for dh key exchanges, use p as the parameter for weak key exchanges. Y can be a few bytes smaller due to the modulo operation - this is ok.
This commit is contained in:
Robin Sommer 2014-11-18 10:53:04 -08:00
commit 3868cbd88e
3 changed files with 7 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

5
CHANGES
View file

@ -1,4 +1,9 @@
2.3-303 | 2014-11-18 10:53:04 -0800
* For DH key exchanges, use p as the parameter for weak key
exchanges. (Johanna Amann)
2.3-301 | 2014-11-11 13:47:27 -0800 2.3-301 | 2014-11-11 13:47:27 -0800
* Add builtin function enum_to_int() that converts an enum into a * Add builtin function enum_to_int() that converts an enum into a

2
VERSION
View file

@ -1 +1 @@
2.3-301 2.3-303

2
scripts/policy/protocols/ssl/weak-keys.bro
View file

@ -65,7 +65,7 @@ event ssl_dh_server_params(c: connection, p: string, q: string, Ys: string) &pri
if ( ! addr_matches_host(c$id$resp_h, notify_weak_keys) ) if ( ! addr_matches_host(c$id$resp_h, notify_weak_keys) )
return; return;
local key_length = |Ys| * 8; # key length in bits local key_length = |p| * 8; # length of the used prime number in bits
if ( key_length < notify_minimal_key_length ) if ( key_length < notify_minimal_key_length )
NOTICE([$note=Weak_Key, NOTICE([$note=Weak_Key,