From 62f2deef8b3bd0fd31a960fea109728bcf62f96c Mon Sep 17 00:00:00 2001
From: Paul Bakker <p.j.bakker@polarssl.org>
Date: Fri, 28 Sep 2012 07:31:51 +0000
Subject: [PATCH]  - Set POLARSSL_DHM_RFC5114_MODP_1024_[PG] as default DHM
 MODP group for SSL/TLS

---
 include/polarssl/ssl.h |  1 +
 library/ssl_tls.c      | 17 +++++++++++++++++
 2 files changed, 18 insertions(+)

diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index c460963fe..1254615b9 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -759,6 +759,7 @@ void ssl_set_own_cert_alt( ssl_context *ssl, x509_cert *own_cert,
 /**
  * \brief          Set the Diffie-Hellman public P and G values,
  *                 read as hexadecimal strings (server-side only)
+ *                 (Default: POLARSSL_DHM_RFC5114_MODP_1024_[PG])
  *
  * \param ssl      SSL context
  * \param dhm_P    Diffie-Hellman-Merkle modulus
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 65bd7d431..5ae581f33 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2848,10 +2848,27 @@ int ssl_init( ssl_context *ssl )
 
     memset( ssl, 0, sizeof( ssl_context ) );
 
+    /*
+     * Sane defaults
+     */
     ssl->rsa_decrypt = ssl_rsa_decrypt;
     ssl->rsa_sign = ssl_rsa_sign;
     ssl->rsa_key_len = ssl_rsa_key_len;
 
+#if defined(POLARSSL_DHM_C)
+    if( ( ret = mpi_read_string( &ssl->dhm_P, 16,
+                                 POLARSSL_DHM_RFC5114_MODP_1024_P) ) != 0 ||
+        ( ret = mpi_read_string( &ssl->dhm_G, 16,
+                                 POLARSSL_DHM_RFC5114_MODP_1024_G) ) != 0 )
+    {
+        SSL_DEBUG_RET( 1, "mpi_read_string", ret );
+        return( ret );
+    }
+#endif
+
+    /*
+     * Prepare base structures
+     */
     ssl->in_ctr = (unsigned char *) malloc( len );
     ssl->in_hdr = ssl->in_ctr +  8;
     ssl->in_msg = ssl->in_ctr + 13;