yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-22 18:05:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

Upgrade default DHM params size

Browse Source
This commit is contained in:
Manuel Pégourié-Gonnard 2015-05-06 17:33:07 +01:00
parent 8836994f6b
commit 1028b74cff
5 changed files with 29 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@ -84,6 +84,7 @@ Default behavior changes
* Support for RSA_ALT contexts in the PK layer is now optional. Since is is * Support for RSA_ALT contexts in the PK layer is now optional. Since is is
enabled in the default configuration, this is only noticeable if using a enabled in the default configuration, this is only noticeable if using a
custom config.h custom config.h
* Default DHM parameters server-side upgraded from 1024 to 2048 bits.
Reauirement changes Reauirement changes
* The minimum MSVC version required is now 2010 (better C99 support). * The minimum MSVC version required is now 2010 (better C99 support).

4
include/mbedtls/ssl.h
View File

@ -1621,11 +1621,11 @@ void mbedtls_ssl_set_psk_cb( mbedtls_ssl_config *conf,
void *p_psk ); void *p_psk );
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
#if defined(MBEDTLS_DHM_C) #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
/** /**
* \brief Set the Diffie-Hellman public P and G values, * \brief Set the Diffie-Hellman public P and G values,
* read as hexadecimal strings (server-side only) * read as hexadecimal strings (server-side only)
* (Default: MBEDTLS_DHM_RFC5114_MODP_1024_[PG]) * (Default: MBEDTLS_DHM_RFC5114_MODP_2048_[PG])
* *
* \param conf SSL configuration * \param conf SSL configuration
* \param dhm_P Diffie-Hellman-Merkle modulus * \param dhm_P Diffie-Hellman-Merkle modulus

6
library/ssl_srv.c
View File

@ -2871,6 +2871,12 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl )
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA || if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA ||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ) ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK )
{ {
if( ssl->conf->dhm_P.p == NULL || ssl->conf->dhm_G.p == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "no DH parameters set" ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
/* /*
* Ephemeral DH parameters: * Ephemeral DH parameters:
* *

36
library/ssl_tls.c
View File

@ -5400,11 +5400,13 @@ int mbedtls_ssl_set_dh_param( mbedtls_ssl_config *conf, const char *dhm_P, const
{ {
int ret; int ret;
if( ( ret = mbedtls_mpi_read_string( &conf->dhm_P, 16, dhm_P ) ) != 0 ) if( ( ret = mbedtls_mpi_read_string( &conf->dhm_P, 16, dhm_P ) ) != 0 ||
return( ret ); ( ret = mbedtls_mpi_read_string( &conf->dhm_G, 16, dhm_G ) ) != 0 )
{
if( ( ret = mbedtls_mpi_read_string( &conf->dhm_G, 16, dhm_G ) ) != 0 ) mbedtls_mpi_free( &conf->dhm_P );
mbedtls_mpi_free( &conf->dhm_G );
return( ret ); return( ret );
}
return( 0 ); return( 0 );
} }
@ -5413,11 +5415,13 @@ int mbedtls_ssl_set_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context
{ {
int ret; int ret;
if( ( ret = mbedtls_mpi_copy( &conf->dhm_P, &dhm_ctx->P ) ) != 0 ) if( ( ret = mbedtls_mpi_copy( &conf->dhm_P, &dhm_ctx->P ) ) != 0 ||
return( ret ); ( ret = mbedtls_mpi_copy( &conf->dhm_G, &dhm_ctx->G ) ) != 0 )
{
if( ( ret = mbedtls_mpi_copy( &conf->dhm_G, &dhm_ctx->G ) ) != 0 ) mbedtls_mpi_free( &conf->dhm_P );
mbedtls_mpi_free( &conf->dhm_G );
return( ret ); return( ret );
}
return( 0 ); return( 0 );
} }
@ -6667,15 +6671,15 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
conf->renego_period[7] = 0x00; conf->renego_period[7] = 0x00;
#endif #endif
#if defined(MBEDTLS_DHM_C) #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
if( ( ret = mbedtls_mpi_read_string( &conf->dhm_P, 16, if( endpoint == MBEDTLS_SSL_IS_SERVER )
MBEDTLS_DHM_RFC5114_MODP_1024_P) ) != 0 ||
( ret = mbedtls_mpi_read_string( &conf->dhm_G, 16,
MBEDTLS_DHM_RFC5114_MODP_1024_G) ) != 0 )
{ {
mbedtls_mpi_free( &conf->dhm_P ); if( ( ret = mbedtls_ssl_set_dh_param( conf,
mbedtls_mpi_free( &conf->dhm_G ); MBEDTLS_DHM_RFC5114_MODP_2048_P,
return( ret ); MBEDTLS_DHM_RFC5114_MODP_2048_G ) ) != 0 )
{
return( ret );
}
} }
#endif #endif

4
programs/ssl/ssl_server2.c
View File

@ -1727,11 +1727,7 @@ int main( int argc, char *argv[] )
#if defined(MBEDTLS_FS_IO) #if defined(MBEDTLS_FS_IO)
if( opt.dhm_file != NULL ) if( opt.dhm_file != NULL )
ret = mbedtls_ssl_set_dh_param_ctx( &conf, &dhm ); ret = mbedtls_ssl_set_dh_param_ctx( &conf, &dhm );
else
#endif #endif
ret = mbedtls_ssl_set_dh_param( &conf, MBEDTLS_DHM_RFC5114_MODP_2048_P,
MBEDTLS_DHM_RFC5114_MODP_2048_G );
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_printf( " failed\n mbedtls_ssl_set_dh_param returned -0x%04X\n\n", - ret ); mbedtls_printf( " failed\n mbedtls_ssl_set_dh_param returned -0x%04X\n\n", - ret );