-no_dhe option for ssltest.c

[openssl.git] / ssl / ssltest.c
diff --git a/ssl/ssltest.c b/ssl/ssltest.c

index 90570f4bee7df5b23ad41213bfb8539fa9cf9e26..53a6570df6665fbcf376005c6615373bbfbb4528 100644 (file)
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -122,6 +122,9 @@ static void sv_usage(void)
  #if !defined NO_DH && !defined NO_DSA
         fprintf(stderr," -dhe1024      - generate 1024 bit key for DHE\n");
  #endif
+#if !defined NO_DH
+       fprintf(stderr," -no_dhe       - disable DHE\n");
+#endif
  #ifndef NO_SSL2
         fprintf(stderr," -ssl2         - use SSLv2\n");
  #endif
@@ -159,7 +162,7 @@ int main(int argc, char *argv[])
         int number=1,reuse=0;
         long bytes=1L;
         SSL_CIPHER *ciph;
-       int dhe1024 = 0;
+       int dhe1024 = 0, no_dhe = 0;
  #ifndef NO_DH
         DH *dh;
  #endif
@@ -186,6 +189,8 @@ int main(int argc, char *argv[])
                         reuse=1;
                 else if (strcmp(*argv,"-dhe1024") == 0)
                         dhe1024=1;
+               else if (strcmp(*argv,"-no_dhe") == 0)
+                       no_dhe=1;
                 else if (strcmp(*argv,"-ssl2") == 0)
                         ssl2=1;
                 else if (strcmp(*argv,"-tls1") == 0)
@@ -311,31 +316,36 @@ bad:
                 }
  
  #ifndef NO_DH
-# ifndef NO_DSA
-       if (dhe1024) 
+       if (!no_dhe)
                 {
-               DSA *dsa;
-
-               if (verbose)
+# ifndef NO_DSA
+               if (dhe1024) 
                         {
-                       fprintf(stdout, "Creating 1024 bit DHE parameters ...");
-                       fflush(stdout);
+                       DSA *dsa;
+                       unsigned char seed[20];
+                       
+                       if (verbose)
+                               {
+                               fprintf(stdout, "Creating 1024 bit DHE parameters ...");
+                               fflush(stdout);
+                               }
+                       
+                       memcpy(seed, "Random String no. 12", 20);
+                       dsa = DSA_generate_parameters(1024, seed, 20, NULL, NULL, 0, NULL);
+                       dh = DSA_dup_DH(dsa);   
+                       DSA_free(dsa);
+                       /* important: SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks */
+                       SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
+                       
+                       if (verbose)
+                               fprintf(stdout, " done\n");
                         }
-
-               dsa = DSA_generate_parameters(1024, NULL, 0, NULL, NULL, 0, NULL);
-               dh = DSA_dup_DH(dsa);   
-               DSA_free(dsa);
-               /* important: SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks */
-               SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
-
-               if (verbose)
-                       fprintf(stdout, " done\n");
-               }
-       else
+               else
  # endif
-               dh=get_dh512();
-       SSL_CTX_set_tmp_dh(s_ctx,dh);
-       DH_free(dh);
+                       dh=get_dh512();
+               SSL_CTX_set_tmp_dh(s_ctx,dh);
+               DH_free(dh);
+               }
  #endif
  
  #ifndef NO_RSA
@@ -517,7 +527,7 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count)
                                 else
                                         i = (int)cw_num;
                                 r = BIO_write(c_ssl_bio, cbuf, i);
-                               if (r == -1)
+                               if (r < 0)
                                         {
                                         if (!BIO_should_retry(c_ssl_bio))
                                                 {
@@ -590,7 +600,7 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count)
                                 else
                                         i = (int)sw_num;
                                 r = BIO_write(s_ssl_bio, sbuf, i);
-                               if (r == -1)
+                               if (r < 0)
                                         {
                                         if (!BIO_should_retry(s_ssl_bio))
                                                 {