TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 9ea1b23cc47d6be317f951909ec87f9ac9f9bacc^! / .
commit9ea1b23cc47d6be317f951909ec87f9ac9f9bacc[log] [tgz]
authorManuel Pégourié-Gonnard <mpg@elzevir.fr>Mon Jun 29 15:27:52 2015 +0200
committerManuel Pégourié-Gonnard <mpg@elzevir.fr>Mon Jun 29 18:52:57 2015 +0200
tree2c5dc0552d9a7189cfe0dff5e3ac6c0640ca8f22
parent6c3ccf5fd030e4c48c103e9175a13752bc64cb01 [diff]
Up min size of DHM params to 1024 bits on client

diff --git a/ChangeLog b/ChangeLog
index a206690..69bd936 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -2,9 +2,17 @@
 
 = mbed TLS 1.3.12 released 2015-07-??
 
+Security
+   * Increase the minimum size of Diffie-Hellman parameters accepted by the
+     client to 1024 bits, to protect against Logjam attack.
+
 Bugfix
    * Fix thread-safety issue in SSL debug module (found by Edwin van Vliet).
 
+Changes
+   * Add SSL_MIN_DHM_BYTES configuration parameter in config.h to choose the
+     minimum size of Diffie-Hellman parameters accepted by the client.
+
 = mbed TLS 1.3.11 released 2015-06-04
 
 Security

diff --git a/include/polarssl/config.h b/include/polarssl/config.h
index 6bfa705..422c8be 100644
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h

@@ -2328,6 +2328,7 @@
 
 /* SSL options */
 //#define SSL_MAX_CONTENT_LEN             16384 /**< Size of the input / output buffer */
+//#define SSL_MIN_DHM_BYTES                 128 /**< Min size of the Diffie-Hellman prime */
 //#define SSL_DEFAULT_TICKET_LIFETIME     86400 /**< Lifetime of session tickets (if enabled) */
 //#define POLARSSL_PSK_MAX_LEN               32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */
 

diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index 730594a..f82d4fc 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h

@@ -282,6 +282,12 @@
 #define SSL_MAX_CONTENT_LEN         16384   /**< Size of the input / output buffer */
 #endif
 
+/*
+ * Minimum size of the Diffie-Hellman parameters to accept from a server.
+ * The default is 1024 bits (128 bytes) for compatibility reasons.
+ * From a purely security perspective, 2048 bits would be better.
+ */
+#define SSL_MIN_DHM_BYTES             128   /**< Min size of the Diffie-Hellman prime */
 /* \} name SECTION: Module settings */
 
 /*

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index caeb6f3..0c62c34 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c

@@ -1445,7 +1445,7 @@
         return( ret );
     }
 
-    if( ssl->handshake->dhm_ctx.len < 64  ||
+    if( ssl->handshake->dhm_ctx.len < SSL_MIN_DHM_BYTES ||
         ssl->handshake->dhm_ctx.len > 512 )
     {
         SSL_DEBUG_MSG( 1, ( "bad server key exchange message (DHM length)" ) );