mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-23 04:15:43 +01:00
Merge remote-tracking branch 'upstream-restricted/pr/414' into mbedtls-2.1-restricted
This commit is contained in:
commit
bfafd12789
@ -41,6 +41,9 @@ Security
|
||||
* Fix a potential heap buffer overread in ALPN extension parsing
|
||||
(server-side). Could result in application crash, but only if an ALPN
|
||||
name larger than 16 bytes had been configured on the server.
|
||||
* Change default choice of DHE parameters from untrustworthy RFC 5114
|
||||
to RFC 3526 containing parameters generated in a nothing-up-my-sleeve
|
||||
manner.
|
||||
|
||||
Features
|
||||
* Allow comments in test data files.
|
||||
|
@ -51,6 +51,12 @@
|
||||
* RFC 3526 4. 3072-bit MODP Group
|
||||
* RFC 3526 5. 4096-bit MODP Group
|
||||
* RFC 5114 2.2. 2048-bit MODP Group with 224-bit Prime Order Subgroup
|
||||
*
|
||||
* \warning The primes from RFC 5114 do not come together with information
|
||||
* on how they were generated and are therefore not considered
|
||||
* trustworthy. It is recommended to avoid them and to use the
|
||||
* nothing-up-my-sleeve primes from RFC 3526 instead.
|
||||
*
|
||||
*/
|
||||
#define MBEDTLS_DHM_RFC3526_MODP_2048_P \
|
||||
"FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \
|
||||
|
@ -7325,8 +7325,8 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
|
||||
if( endpoint == MBEDTLS_SSL_IS_SERVER )
|
||||
{
|
||||
if( ( ret = mbedtls_ssl_conf_dh_param( conf,
|
||||
MBEDTLS_DHM_RFC5114_MODP_2048_P,
|
||||
MBEDTLS_DHM_RFC5114_MODP_2048_G ) ) != 0 )
|
||||
MBEDTLS_DHM_RFC3526_MODP_2048_P,
|
||||
MBEDTLS_DHM_RFC3526_MODP_2048_G ) ) != 0 )
|
||||
{
|
||||
return( ret );
|
||||
}
|
||||
|
@ -2828,7 +2828,7 @@ run_test "DHM parameters: reference" \
|
||||
debug_level=3" \
|
||||
0 \
|
||||
-c "value of 'DHM: P ' (2048 bits)" \
|
||||
-c "value of 'DHM: G ' (2048 bits)"
|
||||
-c "value of 'DHM: G ' (2 bits)"
|
||||
|
||||
run_test "DHM parameters: other parameters" \
|
||||
"$P_SRV dhm_file=data_files/dhparams.pem" \
|
||||
|
Loading…
Reference in New Issue
Block a user