X-Git-Url: https://git.openssl.org/?a=blobdiff_plain;f=ssl%2Fssltest.c;h=f9c96975d4f3586a546cef03b8af39cc3174efce;hb=29159a42d2708cb962b3fa6358f3a02ec5cf46b2;hp=26483049115c277f3599f2aa5207e3bcecf80675;hpb=777ab7e6110837ef2b1db5b5a67c754ce89e1e0b;p=openssl.git

diff --git a/ssl/ssltest.c b/ssl/ssltest.c
index 2648304911..f9c96975d4 100644
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -119,6 +119,9 @@ static void sv_usage(void)
 	fprintf(stderr," -reuse        - use session-id reuse\n");
 	fprintf(stderr," -num <val>    - number of connections to perform\n");
 	fprintf(stderr," -bytes <val>  - number of bytes to swap between client/server\n");
+#if !defined NO_DH && !defined NO_DSA
+	fprintf(stderr," -dhe1024      - generate 1024 bit key for DHE\n");
+#endif
 #ifndef NO_SSL2
 	fprintf(stderr," -ssl2         - use SSLv2\n");
 #endif
@@ -156,6 +159,7 @@ int main(int argc, char *argv[])
 	int number=1,reuse=0;
 	long bytes=1L;
 	SSL_CIPHER *ciph;
+	int dhe1024 = 0;
 #ifndef NO_DH
 	DH *dh;
 #endif
@@ -180,6 +184,8 @@ int main(int argc, char *argv[])
 			debug=1;
 		else if	(strcmp(*argv,"-reuse") == 0)
 			reuse=1;
+		else if	(strcmp(*argv,"-dhe1024") == 0)
+			dhe1024=1;
 		else if	(strcmp(*argv,"-ssl2") == 0)
 			ssl2=1;
 		else if	(strcmp(*argv,"-tls1") == 0)
@@ -305,7 +311,31 @@ bad:
 		}
 
 #ifndef NO_DH
-	dh=get_dh512();
+# ifndef NO_DSA
+	if (dhe1024) 
+		{
+		DSA *dsa;
+		unsigned char seed[20];
+
+		if (verbose)
+			{
+			fprintf(stdout, "Creating 1024 bit DHE parameters ...");
+			fflush(stdout);
+			}
+
+		memcpy(seed, "Random String no. 12", 20);
+		dsa = DSA_generate_parameters(1024, seed, 20, NULL, NULL, 0, NULL);
+		dh = DSA_dup_DH(dsa);	
+		DSA_free(dsa);
+		/* important: SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks */
+		SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
+
+		if (verbose)
+			fprintf(stdout, " done\n");
+		}
+	else
+# endif
+		dh=get_dh512();
 	SSL_CTX_set_tmp_dh(s_ctx,dh);
 	DH_free(dh);
 #endif
@@ -448,6 +478,9 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count)
 		 * BIO pairs are symmetric.  A BIO pair behaves similar
 		 * to a non-blocking socketpair (but both endpoints must
 		 * be handled by the same thread).
+		 * [Here we could connect client and server to the ends
+		 * of a single BIO pair, but then this code would be less
+		 * suitable as an example for BIO pairs in general.]
 		 *
 		 * Useful functions for querying the state of BIO pair endpoints:
 		 *
@@ -486,7 +519,7 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count)
 				else
 					i = (int)cw_num;
 				r = BIO_write(c_ssl_bio, cbuf, i);
-				if (r == -1)
+				if (r < 0)
 					{
 					if (!BIO_should_retry(c_ssl_bio))
 						{
@@ -559,7 +592,7 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count)
 				else
 					i = (int)sw_num;
 				r = BIO_write(s_ssl_bio, sbuf, i);
-				if (r == -1)
+				if (r < 0)
 					{
 					if (!BIO_should_retry(s_ssl_bio))
 						{