Always use fixed DH parameters created with 'dhparam -C',

don't dynamically create them.  This allows using ssltest
for approximate performance comparisons:
   $ time ./ssltest -num 50 -tls1 -cert ../apps/server2.pem \
     [-no_dhe|-dhe1024dsa|-dhe1024]
(server2.pem contains a 1024 bit RSA key, the default has only
512 bits.) Note that these timings contain both the server's and
the client's computations, they are not a good indicator for
server workload in different configurations.

3 files changed, 112 insertions, 71 deletions

diff --git a/ms/test.bat b/ms/test.bat
index 3506a644f5..ef37beaa22 100755
--- a/ms/test.bat
+++ b/ms/test.bat
@@ -136,7 +136,7 @@ ssltest -bio_pair -ssl2
 if errorlevel 1 goto done

 

 echo test sslv2/sslv3 with 1024 bit DHE via BIO pair

-ssltest -bio_pair -dhe1024 -v

+ssltest -bio_pair -dhe1024dsa -v

 if errorlevel 1 goto done

 

 echo test sslv2 with server authentication via BIO pair

diff --git a/ssl/ssltest.c b/ssl/ssltest.c
index d655bbbd84..5eda38e676 100644
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -89,9 +89,8 @@ static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export,int keylength);
 #endif
 #ifndef NO_DH
 static DH *get_dh512(void);
-#endif
-#ifndef NO_DSA
-static void MS_CALLBACK dsa_cb(int p, int n, void *arg);
+static DH *get_dh1024(void);
+static DH *get_dh1024dsa(void);
 #endif
 
 static BIO *bio_err=NULL;
@@ -122,10 +121,9 @@ static void sv_usage(void)
 	fprintf(stderr," -reuse        - use session-id reuse\n");
 	fprintf(stderr," -num <val>    - number of connections to perform\n");
 	fprintf(stderr," -bytes <val>  - number of bytes to swap between client/server\n");
-#if !defined NO_DH && !defined NO_DSA
-	fprintf(stderr," -dhe1024      - generate 1024 bit key for DHE\n");
-#endif
-#if !defined NO_DH
+#ifndef NO_DH
+	fprintf(stderr," -dhe1024      - use 1024 bit key (safe prime) for DHE\n");
+	fprintf(stderr," -dhe1024dsa   - use 1024 bit key (with 160-bit subprime) for DHE\n");
 	fprintf(stderr," -no_dhe       - disable DHE\n");
 #endif
 #ifndef NO_SSL2
@@ -165,10 +163,11 @@ int main(int argc, char *argv[])
 	int number=1,reuse=0;
 	long bytes=1L;
 	SSL_CIPHER *ciph;
-	int dhe1024 = 0, no_dhe = 0;
 #ifndef NO_DH
 	DH *dh;
+	int dhe1024 = 0, dhe1024dsa = 0;
 #endif
+	int no_dhe = 0;
 	verbose = 0;
 	debug = 0;
 	cipher = 0;
@@ -195,8 +194,12 @@ int main(int argc, char *argv[])
 			debug=1;
 		else if	(strcmp(*argv,"-reuse") == 0)
 			reuse=1;
+#ifndef NO_DH
 		else if	(strcmp(*argv,"-dhe1024") == 0)
 			dhe1024=1;
+		else if	(strcmp(*argv,"-dhe1024dsa") == 0)
+			dhe1024dsa=1;
+#endif
 		else if	(strcmp(*argv,"-no_dhe") == 0)
 			no_dhe=1;
 		else if	(strcmp(*argv,"-ssl2") == 0)
@@ -326,34 +329,21 @@ bad:
 #ifndef NO_DH
 	if (!no_dhe)
 		{
-# ifndef NO_DSA
-		if (dhe1024) 
+		if (dhe1024dsa)
 			{
-			DSA *dsa;
-			unsigned char seed[20];
-			
-			if (verbose)
-				{
-				BIO_printf(bio_err, "Creating 1024 bit DHE parameters\n");
-				BIO_flush(bio_err);
-				}
-			
-			memcpy(seed, "Random String no. 12", 20);
-			dsa = DSA_generate_parameters(1024, seed, 20, NULL, NULL, dsa_cb, bio_err);
-			dh = DSA_dup_DH(dsa);	
-			DSA_free(dsa);
-			/* important: SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks */
+			/* use SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks */
 			SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
-			
-			if (verbose)
-				fprintf(stdout, " done\n");
+			dh=get_dh1024dsa();
 			}
+		else if (dhe1024)
+			dh=get_dh1024();
 		else
-# endif
 			dh=get_dh512();
 		SSL_CTX_set_tmp_dh(s_ctx,dh);
 		DH_free(dh);
 		}
+#else
+	(void)no_dhe;
 #endif
 
 #ifndef NO_RSA
@@ -1148,32 +1138,6 @@ static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
 	return(ok);
 	}
 
-#ifndef NO_DH
-static unsigned char dh512_p[]={
-	0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,
-	0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
-	0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3,
-	0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,
-	0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C,
-	0x47,0x74,0xE8,0x33,
-	};
-static unsigned char dh512_g[]={
-	0x02,
-	};
-
-static DH *get_dh512(void)
-	{
-	DH *dh=NULL;
-
-	if ((dh=DH_new()) == NULL) return(NULL);
-	dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
-	dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
-	if ((dh->p == NULL) || (dh->g == NULL))
-		return(NULL);
-	return(dh);
-	}
-#endif
-
 #ifndef NO_RSA
 static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
 	{
@@ -1191,23 +1155,100 @@ static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
 	}
 #endif
 
-#ifndef NO_DSA
-static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
+#ifndef NO_DH
+/* These DH parameters have been generated as follows:
+ *    $ openssl dhparam -C -noout 512
+ *    $ openssl dhparam -C -noout 1024
+ *    $ openssl dhparam -C -noout -dsaparam 1024
+ * (The third function has been renamed to avoid name conflicts.)
+ */
+DH *get_dh512()
+	{
+	static unsigned char dh512_p[]={
+		0xCB,0xC8,0xE1,0x86,0xD0,0x1F,0x94,0x17,0xA6,0x99,0xF0,0xC6,
+		0x1F,0x0D,0xAC,0xB6,0x25,0x3E,0x06,0x39,0xCA,0x72,0x04,0xB0,
+		0x6E,0xDA,0xC0,0x61,0xE6,0x7A,0x77,0x25,0xE8,0x3B,0xB9,0x5F,
+		0x9A,0xB6,0xB5,0xFE,0x99,0x0B,0xA1,0x93,0x4E,0x35,0x33,0xB8,
+		0xE1,0xF1,0x13,0x4F,0x59,0x1A,0xD2,0x57,0xC0,0x26,0x21,0x33,
+		0x02,0xC5,0xAE,0x23,
+		};
+	static unsigned char dh512_g[]={
+		0x02,
+		};
+	DH *dh;
+
+	if ((dh=DH_new()) == NULL) return(NULL);
+	dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
+	dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
+	if ((dh->p == NULL) || (dh->g == NULL))
+		{ DH_free(dh); return(NULL); }
+	return(dh);
+	}
+
+DH *get_dh1024()
 	{
-	char c='*';
-	static int ok=0,num=0;
+	static unsigned char dh1024_p[]={
+		0xF8,0x81,0x89,0x7D,0x14,0x24,0xC5,0xD1,0xE6,0xF7,0xBF,0x3A,
+		0xE4,0x90,0xF4,0xFC,0x73,0xFB,0x34,0xB5,0xFA,0x4C,0x56,0xA2,
+		0xEA,0xA7,0xE9,0xC0,0xC0,0xCE,0x89,0xE1,0xFA,0x63,0x3F,0xB0,
+		0x6B,0x32,0x66,0xF1,0xD1,0x7B,0xB0,0x00,0x8F,0xCA,0x87,0xC2,
+		0xAE,0x98,0x89,0x26,0x17,0xC2,0x05,0xD2,0xEC,0x08,0xD0,0x8C,
+		0xFF,0x17,0x52,0x8C,0xC5,0x07,0x93,0x03,0xB1,0xF6,0x2F,0xB8,
+		0x1C,0x52,0x47,0x27,0x1B,0xDB,0xD1,0x8D,0x9D,0x69,0x1D,0x52,
+		0x4B,0x32,0x81,0xAA,0x7F,0x00,0xC8,0xDC,0xE6,0xD9,0xCC,0xC1,
+		0x11,0x2D,0x37,0x34,0x6C,0xEA,0x02,0x97,0x4B,0x0E,0xBB,0xB1,
+		0x71,0x33,0x09,0x15,0xFD,0xDD,0x23,0x87,0x07,0x5E,0x89,0xAB,
+		0x6B,0x7C,0x5F,0xEC,0xA6,0x24,0xDC,0x53,
+		};
+	static unsigned char dh1024_g[]={
+		0x02,
+		};
+	DH *dh;
+
+	if ((dh=DH_new()) == NULL) return(NULL);
+	dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
+	dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
+	if ((dh->p == NULL) || (dh->g == NULL))
+		{ DH_free(dh); return(NULL); }
+	return(dh);
+	}
 
-	if (p == 0) { c='.'; num++; };
-	if (p == 1) c='+';
-	if (p == 2) { c='*'; ok++; }
-	if (p == 3) c='\n';
-	BIO_write(arg,&c,1);
-	(void)BIO_flush(arg);
+DH *get_dh1024dsa()
+	{
+	static unsigned char dh1024_p[]={
+		0xC8,0x00,0xF7,0x08,0x07,0x89,0x4D,0x90,0x53,0xF3,0xD5,0x00,
+		0x21,0x1B,0xF7,0x31,0xA6,0xA2,0xDA,0x23,0x9A,0xC7,0x87,0x19,
+		0x3B,0x47,0xB6,0x8C,0x04,0x6F,0xFF,0xC6,0x9B,0xB8,0x65,0xD2,
+		0xC2,0x5F,0x31,0x83,0x4A,0xA7,0x5F,0x2F,0x88,0x38,0xB6,0x55,
+		0xCF,0xD9,0x87,0x6D,0x6F,0x9F,0xDA,0xAC,0xA6,0x48,0xAF,0xFC,
+		0x33,0x84,0x37,0x5B,0x82,0x4A,0x31,0x5D,0xE7,0xBD,0x52,0x97,
+		0xA1,0x77,0xBF,0x10,0x9E,0x37,0xEA,0x64,0xFA,0xCA,0x28,0x8D,
+		0x9D,0x3B,0xD2,0x6E,0x09,0x5C,0x68,0xC7,0x45,0x90,0xFD,0xBB,
+		0x70,0xC9,0x3A,0xBB,0xDF,0xD4,0x21,0x0F,0xC4,0x6A,0x3C,0xF6,
+		0x61,0xCF,0x3F,0xD6,0x13,0xF1,0x5F,0xBC,0xCF,0xBC,0x26,0x9E,
+		0xBC,0x0B,0xBD,0xAB,0x5D,0xC9,0x54,0x39,
+		};
+	static unsigned char dh1024_g[]={
+		0x3B,0x40,0x86,0xE7,0xF3,0x6C,0xDE,0x67,0x1C,0xCC,0x80,0x05,
+		0x5A,0xDF,0xFE,0xBD,0x20,0x27,0x74,0x6C,0x24,0xC9,0x03,0xF3,
+		0xE1,0x8D,0xC3,0x7D,0x98,0x27,0x40,0x08,0xB8,0x8C,0x6A,0xE9,
+		0xBB,0x1A,0x3A,0xD6,0x86,0x83,0x5E,0x72,0x41,0xCE,0x85,0x3C,
+		0xD2,0xB3,0xFC,0x13,0xCE,0x37,0x81,0x9E,0x4C,0x1C,0x7B,0x65,
+		0xD3,0xE6,0xA6,0x00,0xF5,0x5A,0x95,0x43,0x5E,0x81,0xCF,0x60,
+		0xA2,0x23,0xFC,0x36,0xA7,0x5D,0x7A,0x4C,0x06,0x91,0x6E,0xF6,
+		0x57,0xEE,0x36,0xCB,0x06,0xEA,0xF5,0x3D,0x95,0x49,0xCB,0xA7,
+		0xDD,0x81,0xDF,0x80,0x09,0x4A,0x97,0x4D,0xA8,0x22,0x72,0xA1,
+		0x7F,0xC4,0x70,0x56,0x70,0xE8,0x20,0x10,0x18,0x8F,0x2E,0x60,
+		0x07,0xE7,0x68,0x1A,0x82,0x5D,0x32,0xA2,
+		};
+	DH *dh;
 
-	if (!ok && (p == 0) && (num > 1))
-		{
-		BIO_printf((BIO *)arg,"error in dsatest\n");
-		exit(1);
-		}
+	if ((dh=DH_new()) == NULL) return(NULL);
+	dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
+	dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
+	if ((dh->p == NULL) || (dh->g == NULL))
+		{ DH_free(dh); return(NULL); }
+	dh->length = 160;
+	return(dh);
 	}
 #endif
diff --git a/test/testssl b/test/testssl
index a88e290c57..3db89bdf53 100644
--- a/test/testssl
+++ b/test/testssl
@@ -67,7 +67,7 @@ echo test sslv2/sslv3 w/o DHE via BIO pair
 ./ssltest -bio_pair -no_dhe || exit 1
 
 echo test sslv2/sslv3 with 1024bit DHE
-./ssltest -bio_pair -dhe1024 -v || exit 1
+./ssltest -bio_pair -dhe1024dsa -v || exit 1
 
 echo test sslv2/sslv3 with server authentication
 ./ssltest -bio_pair -server_auth -CApath ../certs || exit 1