Enforce dhm_min_bitlen exactly, not just the byte size In a TLS client, enforce the Diffie-Hellman minimum parameter size set with mbedtls_ssl_conf_dhm_min_bitlen() precisely. Before, the minimum size was rounded down to the nearest multiple of 8. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

commit: e8a2fc8461adf2349a2bed4453561038c2b476dd [log] [tgz]
author: Gilles Peskine <Gilles.Peskine@arm.com> Tue Dec 08 22:46:11 2020 +0100
committer: Gilles Peskine <Gilles.Peskine@arm.com> Thu Apr 01 14:20:03 2021 +0200
tree: 53d9a3adcad9960fd4b0b9aff44e502aa69ad0e6
parent: c6b0d96c31ce7989d5a30ac9f490544561d2bb48 [diff] [blame]
diff --git a/ChangeLog.d/dhm_min_bitlen.txt b/ChangeLog.d/dhm_min_bitlen.txt
new file mode 100644
index 0000000..e7ea827
--- /dev/null
+++ b/ChangeLog.d/dhm_min_bitlen.txt

@@ -0,0 +1,4 @@
+Bugfix
+   * In a TLS client, enforce the Diffie-Hellman minimum parameter size
+     set with mbedtls_ssl_conf_dhm_min_bitlen() precisely. Before, the
+     minimum size was rounded down to the nearest multiple of 8.
commit	e8a2fc8461adf2349a2bed4453561038c2b476dd	[log] [tgz]
author	Gilles Peskine <Gilles.Peskine@arm.com>	Tue Dec 08 22:46:11 2020 +0100
committer	Gilles Peskine <Gilles.Peskine@arm.com>	Thu Apr 01 14:20:03 2021 +0200
tree	53d9a3adcad9960fd4b0b9aff44e502aa69ad0e6
parent	c6b0d96c31ce7989d5a30ac9f490544561d2bb48 [diff] [blame]