Merge remote-tracking branch 'origin/fastpath'

* origin/fastpath: for dh key exchanges, use p as the parameter for weak key exchanges. Y can be a few bytes smaller due to the modulo operation - this is ok.
2025-10-16 13:38:19 +00:00 · 2014-11-18 10:53:04 -08:00 · 2014-11-18 10:53:04 -08:00 · 3868cbd88e
commit 3868cbd88e
parent 08d843c258 f99bc98800
3 changed files with 7 additions and 2 deletions
--- a/5
+++ b/5
@ -1,4 +1,9 @@

+2.3-303 | 2014-11-18 10:53:04 -0800
+
+  * For DH key exchanges, use p as the parameter for weak key
+    exchanges. (Johanna Amann)
+
 2.3-301 | 2014-11-11 13:47:27 -0800

  * Add builtin function enum_to_int() that converts an enum into a
--- a/2
+++ b/2
@ -1 +1 @@
-2.3-301
+2.3-303
--- a/scripts/policy/protocols/ssl/weak-keys.bro
+++ b/scripts/policy/protocols/ssl/weak-keys.bro
@ -65,7 +65,7 @@ event ssl_dh_server_params(c: connection, p: string, q: string, Ys: string) &pri
 	if ( ! addr_matches_host(c$id$resp_h, notify_weak_keys) )
 		return;

-	local key_length = |Ys| * 8; # key length in bits
+	local key_length = |p| * 8; # length of the used prime number in bits

 	if ( key_length < notify_minimal_key_length )
 		NOTICE([$note=Weak_Key,
 @ -1 +1 @@
 .3-301
 .3-303