diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h index c460963fe..1254615b9 100644 --- a/include/polarssl/ssl.h +++ b/include/polarssl/ssl.h @@ -759,6 +759,7 @@ void ssl_set_own_cert_alt( ssl_context *ssl, x509_cert *own_cert, /** * \brief Set the Diffie-Hellman public P and G values, * read as hexadecimal strings (server-side only) + * (Default: POLARSSL_DHM_RFC5114_MODP_1024_[PG]) * * \param ssl SSL context * \param dhm_P Diffie-Hellman-Merkle modulus diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 65bd7d431..5ae581f33 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2848,10 +2848,27 @@ int ssl_init( ssl_context *ssl ) memset( ssl, 0, sizeof( ssl_context ) ); + /* + * Sane defaults + */ ssl->rsa_decrypt = ssl_rsa_decrypt; ssl->rsa_sign = ssl_rsa_sign; ssl->rsa_key_len = ssl_rsa_key_len; +#if defined(POLARSSL_DHM_C) + if( ( ret = mpi_read_string( &ssl->dhm_P, 16, + POLARSSL_DHM_RFC5114_MODP_1024_P) ) != 0 || + ( ret = mpi_read_string( &ssl->dhm_G, 16, + POLARSSL_DHM_RFC5114_MODP_1024_G) ) != 0 ) + { + SSL_DEBUG_RET( 1, "mpi_read_string", ret ); + return( ret ); + } +#endif + + /* + * Prepare base structures + */ ssl->in_ctr = (unsigned char *) malloc( len ); ssl->in_hdr = ssl->in_ctr + 8; ssl->in_msg = ssl->in_ctr + 13;