diff options
author | Bodo Möller <bodo@openssl.org> | 1999-08-05 11:50:18 +0000 |
---|---|---|
committer | Bodo Möller <bodo@openssl.org> | 1999-08-05 11:50:18 +0000 |
commit | 48c843c3672c49724b3ccb11204b7ae67b17c9cb (patch) | |
tree | 03ca1f8cbf340b0ca140c09d8dc28526f7b62fd8 /ssl/ssltest.c | |
parent | 90f14e251e2e9836a33bc7ac752abea48e3439af (diff) | |
download | openssl-48c843c3672c49724b3ccb11204b7ae67b17c9cb.zip openssl-48c843c3672c49724b3ccb11204b7ae67b17c9cb.tar.gz openssl-48c843c3672c49724b3ccb11204b7ae67b17c9cb.tar.bz2 |
New function DSA_dup_DH, and fixes for bugs that were found
while implementing and using it.
Diffstat (limited to 'ssl/ssltest.c')
-rw-r--r-- | ssl/ssltest.c | 30 |
1 files changed, 29 insertions, 1 deletions
diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 9a8f90b..90570f4 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -119,6 +119,9 @@ static void sv_usage(void) fprintf(stderr," -reuse - use session-id reuse\n"); fprintf(stderr," -num <val> - number of connections to perform\n"); fprintf(stderr," -bytes <val> - number of bytes to swap between client/server\n"); +#if !defined NO_DH && !defined NO_DSA + fprintf(stderr," -dhe1024 - generate 1024 bit key for DHE\n"); +#endif #ifndef NO_SSL2 fprintf(stderr," -ssl2 - use SSLv2\n"); #endif @@ -156,6 +159,7 @@ int main(int argc, char *argv[]) int number=1,reuse=0; long bytes=1L; SSL_CIPHER *ciph; + int dhe1024 = 0; #ifndef NO_DH DH *dh; #endif @@ -180,6 +184,8 @@ int main(int argc, char *argv[]) debug=1; else if (strcmp(*argv,"-reuse") == 0) reuse=1; + else if (strcmp(*argv,"-dhe1024") == 0) + dhe1024=1; else if (strcmp(*argv,"-ssl2") == 0) ssl2=1; else if (strcmp(*argv,"-tls1") == 0) @@ -305,7 +311,29 @@ bad: } #ifndef NO_DH - dh=get_dh512(); +# ifndef NO_DSA + if (dhe1024) + { + DSA *dsa; + + if (verbose) + { + fprintf(stdout, "Creating 1024 bit DHE parameters ..."); + fflush(stdout); + } + + dsa = DSA_generate_parameters(1024, NULL, 0, NULL, NULL, 0, NULL); + dh = DSA_dup_DH(dsa); + DSA_free(dsa); + /* important: SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks */ + SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE); + + if (verbose) + fprintf(stdout, " done\n"); + } + else +# endif + dh=get_dh512(); SSL_CTX_set_tmp_dh(s_ctx,dh); DH_free(dh); #endif |