- Set POLARSSL_DHM_RFC5114_MODP_1024_[PG] as default DHM MODP group for SSL/TLS

This commit is contained in:
Paul Bakker 2012-09-28 07:31:51 +00:00
parent da7e3f225a
commit 62f2deef8b
2 changed files with 18 additions and 0 deletions

View File

@ -759,6 +759,7 @@ void ssl_set_own_cert_alt( ssl_context *ssl, x509_cert *own_cert,
/** /**
* \brief Set the Diffie-Hellman public P and G values, * \brief Set the Diffie-Hellman public P and G values,
* read as hexadecimal strings (server-side only) * read as hexadecimal strings (server-side only)
* (Default: POLARSSL_DHM_RFC5114_MODP_1024_[PG])
* *
* \param ssl SSL context * \param ssl SSL context
* \param dhm_P Diffie-Hellman-Merkle modulus * \param dhm_P Diffie-Hellman-Merkle modulus

View File

@ -2848,10 +2848,27 @@ int ssl_init( ssl_context *ssl )
memset( ssl, 0, sizeof( ssl_context ) ); memset( ssl, 0, sizeof( ssl_context ) );
/*
* Sane defaults
*/
ssl->rsa_decrypt = ssl_rsa_decrypt; ssl->rsa_decrypt = ssl_rsa_decrypt;
ssl->rsa_sign = ssl_rsa_sign; ssl->rsa_sign = ssl_rsa_sign;
ssl->rsa_key_len = ssl_rsa_key_len; ssl->rsa_key_len = ssl_rsa_key_len;
#if defined(POLARSSL_DHM_C)
if( ( ret = mpi_read_string( &ssl->dhm_P, 16,
POLARSSL_DHM_RFC5114_MODP_1024_P) ) != 0 ||
( ret = mpi_read_string( &ssl->dhm_G, 16,
POLARSSL_DHM_RFC5114_MODP_1024_G) ) != 0 )
{
SSL_DEBUG_RET( 1, "mpi_read_string", ret );
return( ret );
}
#endif
/*
* Prepare base structures
*/
ssl->in_ctr = (unsigned char *) malloc( len ); ssl->in_ctr = (unsigned char *) malloc( len );
ssl->in_hdr = ssl->in_ctr + 8; ssl->in_hdr = ssl->in_ctr + 8;
ssl->in_msg = ssl->in_ctr + 13; ssl->in_msg = ssl->in_ctr + 13;