Always use fixed DH parameters created with 'dhparam -C',

don't dynamically create them.  This allows using ssltest
for approximate performance comparisons:
   $ time ./ssltest -num 50 -tls1 -cert ../apps/server2.pem \
     [-no_dhe|-dhe1024dsa|-dhe1024]
(server2.pem contains a 1024 bit RSA key, the default has only
512 bits.) Note that these timings contain both the server's and
the client's computations, they are not a good indicator for
server workload in different configurations.

diff --git a/ms/test.bat b/ms/test.bat
index 3506a644f5909c143c697accfb900d9258be3e7d..ef37beaa223ab4ecdf3666f55b6dbfe4d4a98cd1 100755 (executable)
--- a/ms/test.bat
+++ b/ms/test.bat
@@ -136,7 +136,7 @@ ssltest -bio_pair -ssl2
 if errorlevel 1 goto done\r
 \r
 echo test sslv2/sslv3 with 1024 bit DHE via BIO pair\r
 if errorlevel 1 goto done\r
 \r
 echo test sslv2/sslv3 with 1024 bit DHE via BIO pair\r

-ssltest -bio_pair -dhe1024 -v\r
+ssltest -bio_pair -dhe1024dsa -v\r

 if errorlevel 1 goto done\r
 \r
 echo test sslv2 with server authentication via BIO pair\r
 if errorlevel 1 goto done\r
 \r
 echo test sslv2 with server authentication via BIO pair\r

diff --git a/ssl/ssltest.c b/ssl/ssltest.c
index d655bbbd841cbfa0f6ee941ecac2492c4a583385..5eda38e676d1cdb5e0eef29c561bfba713c9b1f9 100644 (file)
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -89,9 +89,8 @@ static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export,int keylength);
 #endif
 #ifndef NO_DH
 static DH *get_dh512(void);
 #endif
 #ifndef NO_DH
 static DH *get_dh512(void);

-#endif
-#ifndef NO_DSA
-static void MS_CALLBACK dsa_cb(int p, int n, void *arg);
+static DH *get_dh1024(void);
+static DH *get_dh1024dsa(void);

 #endif
 
 static BIO *bio_err=NULL;
 #endif
 
 static BIO *bio_err=NULL;


@@ -122,10 +121,9 @@ static void sv_usage(void)
        fprintf(stderr," -reuse        - use session-id reuse\n");
        fprintf(stderr," -num <val>    - number of connections to perform\n");
        fprintf(stderr," -bytes <val>  - number of bytes to swap between client/server\n");
        fprintf(stderr," -reuse        - use session-id reuse\n");
        fprintf(stderr," -num <val>    - number of connections to perform\n");
        fprintf(stderr," -bytes <val>  - number of bytes to swap between client/server\n");

-#if !defined NO_DH && !defined NO_DSA
-       fprintf(stderr," -dhe1024      - generate 1024 bit key for DHE\n");
-#endif
-#if !defined NO_DH
+#ifndef NO_DH
+       fprintf(stderr," -dhe1024      - use 1024 bit key (safe prime) for DHE\n");
+       fprintf(stderr," -dhe1024dsa   - use 1024 bit key (with 160-bit subprime) for DHE\n");

        fprintf(stderr," -no_dhe       - disable DHE\n");
 #endif
 #ifndef NO_SSL2
        fprintf(stderr," -no_dhe       - disable DHE\n");
 #endif
 #ifndef NO_SSL2


@@ -165,10 +163,11 @@ int main(int argc, char *argv[])
        int number=1,reuse=0;
        long bytes=1L;
        SSL_CIPHER *ciph;
        int number=1,reuse=0;
        long bytes=1L;
        SSL_CIPHER *ciph;

-       int dhe1024 = 0, no_dhe = 0;

 #ifndef NO_DH
        DH *dh;
 #ifndef NO_DH
        DH *dh;

+       int dhe1024 = 0, dhe1024dsa = 0;

 #endif
 #endif

+       int no_dhe = 0;

        verbose = 0;
        debug = 0;
        cipher = 0;
        verbose = 0;
        debug = 0;
        cipher = 0;


@@ -195,8 +194,12 @@ int main(int argc, char *argv[])
                        debug=1;
                else if (strcmp(*argv,"-reuse") == 0)
                        reuse=1;
                        debug=1;
                else if (strcmp(*argv,"-reuse") == 0)
                        reuse=1;

+#ifndef NO_DH

                else if (strcmp(*argv,"-dhe1024") == 0)
                        dhe1024=1;
                else if (strcmp(*argv,"-dhe1024") == 0)
                        dhe1024=1;

+               else if (strcmp(*argv,"-dhe1024dsa") == 0)
+                       dhe1024dsa=1;
+#endif

                else if (strcmp(*argv,"-no_dhe") == 0)
                        no_dhe=1;
                else if (strcmp(*argv,"-ssl2") == 0)
                else if (strcmp(*argv,"-no_dhe") == 0)
                        no_dhe=1;
                else if (strcmp(*argv,"-ssl2") == 0)


@@ -326,34 +329,21 @@ bad:
 #ifndef NO_DH
        if (!no_dhe)
                {
 #ifndef NO_DH
        if (!no_dhe)
                {

-# ifndef NO_DSA
-               if (dhe1024) 
+               if (dhe1024dsa)

                        {
                        {

-                       DSA *dsa;
-                       unsigned char seed[20];
-                       
-                       if (verbose)
-                               {
-                               BIO_printf(bio_err, "Creating 1024 bit DHE parameters\n");
-                               BIO_flush(bio_err);
-                               }
-                       
-                       memcpy(seed, "Random String no. 12", 20);
-                       dsa = DSA_generate_parameters(1024, seed, 20, NULL, NULL, dsa_cb, bio_err);
-                       dh = DSA_dup_DH(dsa);   
-                       DSA_free(dsa);
-                       /* important: SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks */
+                       /* use SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks */

                        SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
                        SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);

-                       
-                       if (verbose)
-                               fprintf(stdout, " done\n");
+                       dh=get_dh1024dsa();

                        }
                        }

+               else if (dhe1024)
+                       dh=get_dh1024();

                else
                else

-# endif

                        dh=get_dh512();
                SSL_CTX_set_tmp_dh(s_ctx,dh);
                DH_free(dh);
                }
                        dh=get_dh512();
                SSL_CTX_set_tmp_dh(s_ctx,dh);
                DH_free(dh);
                }

+#else
+       (void)no_dhe;

 #endif
 
 #ifndef NO_RSA
 #endif
 
 #ifndef NO_RSA


@@ -1148,32 +1138,6 @@ static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
        return(ok);
        }
 
        return(ok);
        }
 

-#ifndef NO_DH
-static unsigned char dh512_p[]={
-       0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,
-       0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
-       0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3,
-       0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,
-       0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C,
-       0x47,0x74,0xE8,0x33,
-       };
-static unsigned char dh512_g[]={
-       0x02,
-       };
-
-static DH *get_dh512(void)
-       {
-       DH *dh=NULL;
-
-       if ((dh=DH_new()) == NULL) return(NULL);
-       dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
-       dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
-       if ((dh->p == NULL) || (dh->g == NULL))
-               return(NULL);
-       return(dh);
-       }
-#endif
-

 #ifndef NO_RSA
 static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
        {
 #ifndef NO_RSA
 static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
        {


@@ -1191,23 +1155,100 @@ static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
        }
 #endif
 
        }
 #endif
 

-#ifndef NO_DSA
-static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
+#ifndef NO_DH
+/* These DH parameters have been generated as follows:
+ *    $ openssl dhparam -C -noout 512
+ *    $ openssl dhparam -C -noout 1024
+ *    $ openssl dhparam -C -noout -dsaparam 1024
+ * (The third function has been renamed to avoid name conflicts.)
+ */
+DH *get_dh512()
+       {
+       static unsigned char dh512_p[]={
+               0xCB,0xC8,0xE1,0x86,0xD0,0x1F,0x94,0x17,0xA6,0x99,0xF0,0xC6,
+               0x1F,0x0D,0xAC,0xB6,0x25,0x3E,0x06,0x39,0xCA,0x72,0x04,0xB0,
+               0x6E,0xDA,0xC0,0x61,0xE6,0x7A,0x77,0x25,0xE8,0x3B,0xB9,0x5F,
+               0x9A,0xB6,0xB5,0xFE,0x99,0x0B,0xA1,0x93,0x4E,0x35,0x33,0xB8,
+               0xE1,0xF1,0x13,0x4F,0x59,0x1A,0xD2,0x57,0xC0,0x26,0x21,0x33,
+               0x02,0xC5,0xAE,0x23,
+               };
+       static unsigned char dh512_g[]={
+               0x02,
+               };
+       DH *dh;
+
+       if ((dh=DH_new()) == NULL) return(NULL);
+       dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
+       dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
+       if ((dh->p == NULL) || (dh->g == NULL))
+               { DH_free(dh); return(NULL); }
+       return(dh);
+       }
+
+DH *get_dh1024()

        {
        {

-       char c='*';
-       static int ok=0,num=0;
+       static unsigned char dh1024_p[]={
+               0xF8,0x81,0x89,0x7D,0x14,0x24,0xC5,0xD1,0xE6,0xF7,0xBF,0x3A,
+               0xE4,0x90,0xF4,0xFC,0x73,0xFB,0x34,0xB5,0xFA,0x4C,0x56,0xA2,
+               0xEA,0xA7,0xE9,0xC0,0xC0,0xCE,0x89,0xE1,0xFA,0x63,0x3F,0xB0,
+               0x6B,0x32,0x66,0xF1,0xD1,0x7B,0xB0,0x00,0x8F,0xCA,0x87,0xC2,
+               0xAE,0x98,0x89,0x26,0x17,0xC2,0x05,0xD2,0xEC,0x08,0xD0,0x8C,
+               0xFF,0x17,0x52,0x8C,0xC5,0x07,0x93,0x03,0xB1,0xF6,0x2F,0xB8,
+               0x1C,0x52,0x47,0x27,0x1B,0xDB,0xD1,0x8D,0x9D,0x69,0x1D,0x52,
+               0x4B,0x32,0x81,0xAA,0x7F,0x00,0xC8,0xDC,0xE6,0xD9,0xCC,0xC1,
+               0x11,0x2D,0x37,0x34,0x6C,0xEA,0x02,0x97,0x4B,0x0E,0xBB,0xB1,
+               0x71,0x33,0x09,0x15,0xFD,0xDD,0x23,0x87,0x07,0x5E,0x89,0xAB,
+               0x6B,0x7C,0x5F,0xEC,0xA6,0x24,0xDC,0x53,
+               };
+       static unsigned char dh1024_g[]={
+               0x02,
+               };
+       DH *dh;
+
+       if ((dh=DH_new()) == NULL) return(NULL);
+       dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
+       dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
+       if ((dh->p == NULL) || (dh->g == NULL))
+               { DH_free(dh); return(NULL); }
+       return(dh);
+       }

 
 

-       if (p == 0) { c='.'; num++; };
-       if (p == 1) c='+';
-       if (p == 2) { c='*'; ok++; }
-       if (p == 3) c='\n';
-       BIO_write(arg,&c,1);
-       (void)BIO_flush(arg);
+DH *get_dh1024dsa()
+       {
+       static unsigned char dh1024_p[]={
+               0xC8,0x00,0xF7,0x08,0x07,0x89,0x4D,0x90,0x53,0xF3,0xD5,0x00,
+               0x21,0x1B,0xF7,0x31,0xA6,0xA2,0xDA,0x23,0x9A,0xC7,0x87,0x19,
+               0x3B,0x47,0xB6,0x8C,0x04,0x6F,0xFF,0xC6,0x9B,0xB8,0x65,0xD2,
+               0xC2,0x5F,0x31,0x83,0x4A,0xA7,0x5F,0x2F,0x88,0x38,0xB6,0x55,
+               0xCF,0xD9,0x87,0x6D,0x6F,0x9F,0xDA,0xAC,0xA6,0x48,0xAF,0xFC,
+               0x33,0x84,0x37,0x5B,0x82,0x4A,0x31,0x5D,0xE7,0xBD,0x52,0x97,
+               0xA1,0x77,0xBF,0x10,0x9E,0x37,0xEA,0x64,0xFA,0xCA,0x28,0x8D,
+               0x9D,0x3B,0xD2,0x6E,0x09,0x5C,0x68,0xC7,0x45,0x90,0xFD,0xBB,
+               0x70,0xC9,0x3A,0xBB,0xDF,0xD4,0x21,0x0F,0xC4,0x6A,0x3C,0xF6,
+               0x61,0xCF,0x3F,0xD6,0x13,0xF1,0x5F,0xBC,0xCF,0xBC,0x26,0x9E,
+               0xBC,0x0B,0xBD,0xAB,0x5D,0xC9,0x54,0x39,
+               };
+       static unsigned char dh1024_g[]={
+               0x3B,0x40,0x86,0xE7,0xF3,0x6C,0xDE,0x67,0x1C,0xCC,0x80,0x05,
+               0x5A,0xDF,0xFE,0xBD,0x20,0x27,0x74,0x6C,0x24,0xC9,0x03,0xF3,
+               0xE1,0x8D,0xC3,0x7D,0x98,0x27,0x40,0x08,0xB8,0x8C,0x6A,0xE9,
+               0xBB,0x1A,0x3A,0xD6,0x86,0x83,0x5E,0x72,0x41,0xCE,0x85,0x3C,
+               0xD2,0xB3,0xFC,0x13,0xCE,0x37,0x81,0x9E,0x4C,0x1C,0x7B,0x65,
+               0xD3,0xE6,0xA6,0x00,0xF5,0x5A,0x95,0x43,0x5E,0x81,0xCF,0x60,
+               0xA2,0x23,0xFC,0x36,0xA7,0x5D,0x7A,0x4C,0x06,0x91,0x6E,0xF6,
+               0x57,0xEE,0x36,0xCB,0x06,0xEA,0xF5,0x3D,0x95,0x49,0xCB,0xA7,
+               0xDD,0x81,0xDF,0x80,0x09,0x4A,0x97,0x4D,0xA8,0x22,0x72,0xA1,
+               0x7F,0xC4,0x70,0x56,0x70,0xE8,0x20,0x10,0x18,0x8F,0x2E,0x60,
+               0x07,0xE7,0x68,0x1A,0x82,0x5D,0x32,0xA2,
+               };
+       DH *dh;

 
 

-       if (!ok && (p == 0) && (num > 1))
-               {
-               BIO_printf((BIO *)arg,"error in dsatest\n");
-               exit(1);
-               }
+       if ((dh=DH_new()) == NULL) return(NULL);
+       dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
+       dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
+       if ((dh->p == NULL) || (dh->g == NULL))
+               { DH_free(dh); return(NULL); }
+       dh->length = 160;
+       return(dh);

        }
 #endif
        }
 #endif

diff --git a/test/testssl b/test/testssl
index a88e290c577da301b278f9bb6cd2f33c29a3440a..3db89bdf53f5875ac8b0d1ba63913e945c24df08 100644 (file)
--- a/test/testssl
+++ b/test/testssl
@@ -67,7 +67,7 @@ echo test sslv2/sslv3 w/o DHE via BIO pair
 ./ssltest -bio_pair -no_dhe || exit 1
 
 echo test sslv2/sslv3 with 1024bit DHE
 ./ssltest -bio_pair -no_dhe || exit 1
 
 echo test sslv2/sslv3 with 1024bit DHE

-./ssltest -bio_pair -dhe1024 -v || exit 1
+./ssltest -bio_pair -dhe1024dsa -v || exit 1

 
 echo test sslv2/sslv3 with server authentication
 ./ssltest -bio_pair -server_auth -CApath ../certs || exit 1
 
 echo test sslv2/sslv3 with server authentication
 ./ssltest -bio_pair -server_auth -CApath ../certs || exit 1