Add warning on the use of RFC 5114 primes

commit: 469e93c0f621321636b565489292baa0cf4c2738 [log] [tgz]
author: Hanno Becker <hanno.becker@arm.com> Mon Oct 16 09:21:33 2017 +0100
committer: Hanno Becker <hanno.becker@arm.com> Mon Oct 16 09:21:33 2017 +0100
tree: af609e3ea6b48f6f3ab60be65b34772c128b88d9
parent: e27543dee11a9f38a41568fa663a384896568e15 [diff]
diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h
index cd056d1..433d612 100644
--- a/include/mbedtls/dhm.h
+++ b/include/mbedtls/dhm.h

@@ -51,6 +51,12 @@
  *  RFC 3526 4.    3072-bit MODP Group
  *  RFC 3526 5.    4096-bit MODP Group
  *  RFC 5114 2.2.  2048-bit MODP Group with 224-bit Prime Order Subgroup
+ *
+ * \warning The primes from RFC 5114 do not come together with information
+ *          on how they were generated and are therefore not considered
+ *          trustworthy. It is recommended to avoid them and to use the
+ *          nothing-up-my-sleeve primes from RFC 3526 instead.
+ *
  */
 #define MBEDTLS_DHM_RFC3526_MODP_2048_P               \
     "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \
commit	469e93c0f621321636b565489292baa0cf4c2738	[log] [tgz]
author	Hanno Becker <hanno.becker@arm.com>	Mon Oct 16 09:21:33 2017 +0100
committer	Hanno Becker <hanno.becker@arm.com>	Mon Oct 16 09:21:33 2017 +0100
tree	af609e3ea6b48f6f3ab60be65b34772c128b88d9
parent	e27543dee11a9f38a41568fa663a384896568e15 [diff]