Merge remote-tracking branch 'upstream-restricted/pr/414' into mbedtls-2.1-restricted

This commit is contained in:
Jaeden Amero 2018-01-26 18:09:14 +00:00
commit bfafd12789
4 changed files with 12 additions and 3 deletions

View file

@ -41,6 +41,9 @@ Security
* Fix a potential heap buffer overread in ALPN extension parsing
(server-side). Could result in application crash, but only if an ALPN
name larger than 16 bytes had been configured on the server.
* Change default choice of DHE parameters from untrustworthy RFC 5114
to RFC 3526 containing parameters generated in a nothing-up-my-sleeve
manner.
Features
* Allow comments in test data files.

View file

@ -51,6 +51,12 @@
* RFC 3526 4. 3072-bit MODP Group
* RFC 3526 5. 4096-bit MODP Group
* RFC 5114 2.2. 2048-bit MODP Group with 224-bit Prime Order Subgroup
*
* \warning The primes from RFC 5114 do not come together with information
* on how they were generated and are therefore not considered
* trustworthy. It is recommended to avoid them and to use the
* nothing-up-my-sleeve primes from RFC 3526 instead.
*
*/
#define MBEDTLS_DHM_RFC3526_MODP_2048_P \
"FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \

View file

@ -7325,8 +7325,8 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
if( endpoint == MBEDTLS_SSL_IS_SERVER )
{
if( ( ret = mbedtls_ssl_conf_dh_param( conf,
MBEDTLS_DHM_RFC5114_MODP_2048_P,
MBEDTLS_DHM_RFC5114_MODP_2048_G ) ) != 0 )
MBEDTLS_DHM_RFC3526_MODP_2048_P,
MBEDTLS_DHM_RFC3526_MODP_2048_G ) ) != 0 )
{
return( ret );
}

View file

@ -2828,7 +2828,7 @@ run_test "DHM parameters: reference" \
debug_level=3" \
0 \
-c "value of 'DHM: P ' (2048 bits)" \
-c "value of 'DHM: G ' (2048 bits)"
-c "value of 'DHM: G ' (2 bits)"
run_test "DHM parameters: other parameters" \
"$P_SRV dhm_file=data_files/dhparams.pem" \