Add dhmlen option in ssl_client2.c

2015-06-11 17:02:29 +02:00 · 2015-06-11 17:02:29 +02:00 · 9096682352
commit 9096682352
parent bd990d6629
1 changed files with 22 additions and 0 deletions
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@ -95,6 +95,7 @@ int main( void )
 #define DFL_MFL_CODE            MBEDTLS_SSL_MAX_FRAG_LEN_NONE
 #define DFL_TRUNC_HMAC          -1
 #define DFL_RECSPLIT            -1
+#define DFL_DHMLEN              -1
 #define DFL_RECONNECT           0
 #define DFL_RECO_DELAY          0
 #define DFL_TICKETS             MBEDTLS_SSL_SESSION_TICKETS_ENABLED
@ -164,6 +165,13 @@ int main( void )
 #define USAGE_RECSPLIT
 #endif

+#if defined(MBEDTLS_DHM_C)
+#define USAGE_DHMLEN \
+    "    dhmlen=%%d           default: (library default: 1024 bits)\n"
+#else
+#define USAGE_DHMLEN
+#endif
+
 #if defined(MBEDTLS_SSL_ALPN)
 #define USAGE_ALPN \
    "    alpn=%%s             default: \"\" (disabled)\n"   \
@ -246,6 +254,7 @@ int main( void )
    USAGE_EMS                                               \
    USAGE_ETM                                               \
    USAGE_RECSPLIT                                          \
+    USAGE_DHMLEN                                            \
    "\n"                                                    \
    "    arc4=%%d             default: (library default: 0)\n" \
    "    min_version=%%s      default: (library default: tls1)\n"       \
@ -289,6 +298,7 @@ struct options
    unsigned char mfl_code;     /* code for maximum fragment length         */
    int trunc_hmac;             /* negotiate truncated hmac or not          */
    int recsplit;               /* enable record splitting?                 */
+    int dhmlen;                 /* minimum DHM params len in bits           */
    int reconnect;              /* attempt to resume session                */
    int reco_delay;             /* delay in seconds before resuming session */
    int tickets;                /* enable / disable session tickets         */
@ -468,6 +478,7 @@ int main( int argc, char *argv[] )
    opt.mfl_code            = DFL_MFL_CODE;
    opt.trunc_hmac          = DFL_TRUNC_HMAC;
    opt.recsplit            = DFL_RECSPLIT;
+    opt.dhmlen              = DFL_DHMLEN;
    opt.reconnect           = DFL_RECONNECT;
    opt.reco_delay          = DFL_RECO_DELAY;
    opt.tickets             = DFL_TICKETS;
@ -758,6 +769,12 @@ int main( int argc, char *argv[] )
            if( opt.recsplit < 0 || opt.recsplit > 1 )
                goto usage;
        }
+        else if( strcmp( p, "dhmlen" ) == 0 )
+        {
+            opt.dhmlen = atoi( q );
+            if( opt.dhmlen < 0 )
+                goto usage;
+        }
        else
            goto usage;
    }
@ -1091,6 +1108,11 @@ int main( int argc, char *argv[] )
                                    : MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED );
 #endif

+#if defined(MBEDTLS_DHM_C)
+    if( opt.dhmlen != DFL_DHMLEN )
+        mbedtls_ssl_conf_dhm_min_bitlen( &conf, opt.dhmlen );
+#endif
+
 #if defined(MBEDTLS_SSL_ALPN)
    if( opt.alpn_string != NULL )
        if( ( ret = mbedtls_ssl_conf_alpn_protocols( &conf, alpn_list ) ) != 0 )