summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--CHANGES21
-rw-r--r--Makefile.org2
-rw-r--r--STATUS5
-rw-r--r--crypto/asn1/Makefile.ssl41
-rw-r--r--crypto/asn1/i2d_dhp.c7
-rw-r--r--crypto/dh/dh_gen.c1
-rw-r--r--crypto/dsa/Makefile.ssl62
-rw-r--r--crypto/dsa/dsa.h9
-rw-r--r--crypto/dsa/dsa_lib.c37
-rw-r--r--ssl/ssltest.c30
-rw-r--r--test/Makefile.ssl8
11 files changed, 167 insertions, 56 deletions
diff --git a/CHANGES b/CHANGES
index 05b2b681f4..07487ac2a4 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,27 @@
Changes between 0.9.3a and 0.9.4 [xx Aug 1999]
+ *) New function DSA_dup_DH, which duplicates DSA parameters/keys as
+ DH parameters/keys (q is lost during that conversion, but the resulting
+ DH parameters contain its length).
+
+ For 1024-bit p, DSA_generate_parameters followed by DSA_dup_DH is
+ much faster than DH_generate_parameters (which creates parameters
+ where p = 2*q + 1), and also the smaller q makes DH computations
+ much more efficient (160-bit exponentiation instead of 1024-bit
+ exponentiation); so this provides a convenient way to support DHE
+ ciphersuites in SSL/TLS servers (see ssl/ssltest.c). It is of
+ utter importance to use
+ SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
+ or
+ SSL_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
+ when such DH parameters are used, because otherwise small subgroup
+ attacks may become possible!
+ [Bodo Moeller]
+
+ *) Avoid memory leak in i2d_DHparams.
+ [Bodo Moeller]
+
*) Allow the -k option to be used more than once in the enc program:
this allows the same encrypted message to be read by multiple recipients.
[Steve Henson]
diff --git a/Makefile.org b/Makefile.org
index ec50e75c3a..952b88a360 100644
--- a/Makefile.org
+++ b/Makefile.org
@@ -180,7 +180,7 @@ all: Makefile.ssl
(cd $$i && echo "making all in $$i..." && \
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' SDIRS='${SDIRS}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
done;
- cd perl; $(PERL) Makefile.PL; make
+ # cd perl; $(PERL) Makefile.PL; make
sub_all:
@for i in $(DIRS) ;\
diff --git a/STATUS b/STATUS
index 13d12738b1..bf0d00b1bf 100644
--- a/STATUS
+++ b/STATUS
@@ -1,6 +1,6 @@
OpenSSL STATUS Last modified at
- ______________ $Date: 1999/08/05 00:15:15 $
+ ______________ $Date: 1999/08/05 11:50:09 $
DEVELOPMENT STATE
@@ -120,5 +120,4 @@
WISHES
- o Support optional q component in DH parameters to speed up
- SSL ciphersuites with ephemeral DH.
+ o
diff --git a/crypto/asn1/Makefile.ssl b/crypto/asn1/Makefile.ssl
index 66c1136f67..541d1dac4a 100644
--- a/crypto/asn1/Makefile.ssl
+++ b/crypto/asn1/Makefile.ssl
@@ -346,9 +346,10 @@ d2i_dhp.o: ../../include/openssl/stack.h ../cryptlib.h
d2i_dsap.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
d2i_dsap.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
d2i_dsap.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-d2i_dsap.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-d2i_dsap.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-d2i_dsap.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+d2i_dsap.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+d2i_dsap.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+d2i_dsap.o: ../../include/openssl/err.h ../../include/openssl/objects.h
+d2i_dsap.o: ../../include/openssl/opensslconf.h
d2i_dsap.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
d2i_dsap.o: ../../include/openssl/stack.h ../cryptlib.h
d2i_pr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
@@ -402,17 +403,19 @@ d2i_r_pu.o: ../cryptlib.h
d2i_s_pr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
d2i_s_pr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
d2i_s_pr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-d2i_s_pr.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-d2i_s_pr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-d2i_s_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+d2i_s_pr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+d2i_s_pr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+d2i_s_pr.o: ../../include/openssl/err.h ../../include/openssl/objects.h
+d2i_s_pr.o: ../../include/openssl/opensslconf.h
d2i_s_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
d2i_s_pr.o: ../../include/openssl/stack.h ../cryptlib.h
d2i_s_pu.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
d2i_s_pu.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
d2i_s_pu.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-d2i_s_pu.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-d2i_s_pu.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-d2i_s_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+d2i_s_pu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+d2i_s_pu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+d2i_s_pu.o: ../../include/openssl/err.h ../../include/openssl/objects.h
+d2i_s_pu.o: ../../include/openssl/opensslconf.h
d2i_s_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
d2i_s_pu.o: ../../include/openssl/stack.h ../cryptlib.h
evp_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
@@ -454,9 +457,9 @@ i2d_dhp.o: ../cryptlib.h
i2d_dsap.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
i2d_dsap.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
i2d_dsap.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-i2d_dsap.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-i2d_dsap.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-i2d_dsap.o: ../../include/openssl/opensslconf.h
+i2d_dsap.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+i2d_dsap.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+i2d_dsap.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
i2d_dsap.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
i2d_dsap.o: ../../include/openssl/stack.h ../cryptlib.h
i2d_pr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
@@ -510,17 +513,19 @@ i2d_r_pu.o: ../cryptlib.h
i2d_s_pr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
i2d_s_pr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
i2d_s_pr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-i2d_s_pr.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-i2d_s_pr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-i2d_s_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+i2d_s_pr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+i2d_s_pr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+i2d_s_pr.o: ../../include/openssl/err.h ../../include/openssl/objects.h
+i2d_s_pr.o: ../../include/openssl/opensslconf.h
i2d_s_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
i2d_s_pr.o: ../../include/openssl/stack.h ../cryptlib.h
i2d_s_pu.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
i2d_s_pu.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
i2d_s_pu.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-i2d_s_pu.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-i2d_s_pu.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-i2d_s_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+i2d_s_pu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+i2d_s_pu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+i2d_s_pu.o: ../../include/openssl/err.h ../../include/openssl/objects.h
+i2d_s_pu.o: ../../include/openssl/opensslconf.h
i2d_s_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
i2d_s_pu.o: ../../include/openssl/stack.h ../cryptlib.h
n_pkey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
diff --git a/crypto/asn1/i2d_dhp.c b/crypto/asn1/i2d_dhp.c
index 1b2b4b8ebe..fdda4ec41b 100644
--- a/crypto/asn1/i2d_dhp.c
+++ b/crypto/asn1/i2d_dhp.c
@@ -94,7 +94,12 @@ int i2d_DHparams(DH *a, unsigned char **pp)
}
t=ASN1_object_size(1,tot,V_ASN1_SEQUENCE);
- if (pp == NULL) return(t);
+ if (pp == NULL)
+ {
+ if (num[2] != NULL)
+ BN_free(num[2]);
+ return(t);
+ }
p= *pp;
ASN1_put_object(&p,1,tot,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c
index 7534ec40a0..b7bcd2c7a4 100644
--- a/crypto/dh/dh_gen.c
+++ b/crypto/dh/dh_gen.c
@@ -92,6 +92,7 @@ DH *DH_generate_parameters(int prime_len, int generator,
BN_CTX *ctx=NULL;
ret=DH_new();
+ if (ret == NULL) goto err;
ctx=BN_CTX_new();
if (ctx == NULL) goto err;
t1= &(ctx->bn[0]);
diff --git a/crypto/dsa/Makefile.ssl b/crypto/dsa/Makefile.ssl
index 1a380966cc..6d80ce77be 100644
--- a/crypto/dsa/Makefile.ssl
+++ b/crypto/dsa/Makefile.ssl
@@ -81,47 +81,53 @@ clean:
dsa_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
dsa_asn1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
dsa_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-dsa_asn1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-dsa_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-dsa_asn1.o: ../../include/openssl/opensslconf.h
+dsa_asn1.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_asn1.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+dsa_asn1.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
dsa_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
dsa_asn1.o: ../../include/openssl/stack.h ../cryptlib.h
-dsa_err.o: ../../include/openssl/bn.h ../../include/openssl/dsa.h
-dsa_err.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+dsa_err.o: ../../include/openssl/bn.h ../../include/openssl/dh.h
+dsa_err.o: ../../include/openssl/dsa.h ../../include/openssl/err.h
+dsa_err.o: ../../include/openssl/opensslconf.h
dsa_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
dsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-dsa_gen.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-dsa_gen.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-dsa_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-dsa_gen.o: ../../include/openssl/rand.h ../../include/openssl/sha.h
-dsa_gen.o: ../../include/openssl/stack.h ../cryptlib.h
+dsa_gen.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_gen.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+dsa_gen.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+dsa_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+dsa_gen.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+dsa_gen.o: ../cryptlib.h
dsa_key.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
dsa_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-dsa_key.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-dsa_key.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-dsa_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-dsa_key.o: ../../include/openssl/rand.h ../../include/openssl/sha.h
-dsa_key.o: ../../include/openssl/stack.h ../cryptlib.h
+dsa_key.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_key.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+dsa_key.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+dsa_key.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+dsa_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+dsa_key.o: ../cryptlib.h
dsa_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
dsa_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-dsa_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
-dsa_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-dsa_lib.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
-dsa_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-dsa_lib.o: ../../include/openssl/stack.h ../cryptlib.h
+dsa_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dsa_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dsa_lib.o: ../cryptlib.h
dsa_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
dsa_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-dsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
-dsa_sign.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-dsa_sign.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+dsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+dsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dsa_sign.o: ../../include/openssl/opensslconf.h
dsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
dsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
dsa_sign.o: ../cryptlib.h
dsa_vrf.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
dsa_vrf.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
dsa_vrf.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-dsa_vrf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-dsa_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-dsa_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-dsa_vrf.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
-dsa_vrf.o: ../../include/openssl/stack.h ../cryptlib.h
+dsa_vrf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_vrf.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+dsa_vrf.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+dsa_vrf.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+dsa_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dsa_vrf.o: ../cryptlib.h
diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h
index d9ff1933ee..20b3f8d90a 100644
--- a/crypto/dsa/dsa.h
+++ b/crypto/dsa/dsa.h
@@ -74,6 +74,9 @@ extern "C" {
#endif
#include <openssl/bn.h>
+#ifndef NO_DH
+# include <openssl/dh.h>
+#endif
#define DSA_FLAG_CACHE_MONT_P 0x01
@@ -162,6 +165,12 @@ int DSA_print_fp(FILE *bp, DSA *x, int off);
int DSA_is_prime(BIGNUM *q,void (*callback)(),char *cb_arg);
+#ifndef NO_DH
+/* Convert DSA structure (key or just parameters) into DH structure
+ * (be careful to avoid small subgroup attacks when using this!) */
+DH *DSA_dup_DH(DSA *r);
+#endif
+
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c
index 8923fb45f4..a5f0182101 100644
--- a/crypto/dsa/dsa_lib.c
+++ b/crypto/dsa/dsa_lib.c
@@ -145,3 +145,40 @@ int DSA_size(DSA *r)
return(ret);
}
+#ifndef NO_DH
+DH *DSA_dup_DH(DSA *r)
+ {
+ /* DSA has p, q, g, optional pub_key, optional priv_key.
+ * DH has p, optional length, g, optional pub_key, optional priv_key.
+ */
+
+ DH *ret;
+
+ if (r == NULL)
+ goto err;
+ ret = DH_new();
+ if (ret == NULL)
+ goto err;
+ if (r->p != NULL)
+ if ((ret->p = BN_dup(r->p)) == NULL)
+ goto err;
+ if (r->q != NULL)
+ ret->length = BN_num_bits(r->q);
+ if (r->g != NULL)
+ if ((ret->g = BN_dup(r->g)) == NULL)
+ goto err;
+ if (r->pub_key != NULL)
+ if ((ret->pub_key = BN_dup(r->pub_key)) == NULL)
+ goto err;
+ if (r->priv_key != NULL)
+ if ((ret->priv_key = BN_dup(r->priv_key)) == NULL)
+ goto err;
+
+ return ret;
+
+ err:
+ if (ret != NULL)
+ DH_free(ret);
+ return NULL;
+ }
+#endif
diff --git a/ssl/ssltest.c b/ssl/ssltest.c
index 9a8f90bb8e..90570f4bee 100644
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -119,6 +119,9 @@ static void sv_usage(void)
fprintf(stderr," -reuse - use session-id reuse\n");
fprintf(stderr," -num <val> - number of connections to perform\n");
fprintf(stderr," -bytes <val> - number of bytes to swap between client/server\n");
+#if !defined NO_DH && !defined NO_DSA
+ fprintf(stderr," -dhe1024 - generate 1024 bit key for DHE\n");
+#endif
#ifndef NO_SSL2
fprintf(stderr," -ssl2 - use SSLv2\n");
#endif
@@ -156,6 +159,7 @@ int main(int argc, char *argv[])
int number=1,reuse=0;
long bytes=1L;
SSL_CIPHER *ciph;
+ int dhe1024 = 0;
#ifndef NO_DH
DH *dh;
#endif
@@ -180,6 +184,8 @@ int main(int argc, char *argv[])
debug=1;
else if (strcmp(*argv,"-reuse") == 0)
reuse=1;
+ else if (strcmp(*argv,"-dhe1024") == 0)
+ dhe1024=1;
else if (strcmp(*argv,"-ssl2") == 0)
ssl2=1;
else if (strcmp(*argv,"-tls1") == 0)
@@ -305,7 +311,29 @@ bad:
}
#ifndef NO_DH
- dh=get_dh512();
+# ifndef NO_DSA
+ if (dhe1024)
+ {
+ DSA *dsa;
+
+ if (verbose)
+ {
+ fprintf(stdout, "Creating 1024 bit DHE parameters ...");
+ fflush(stdout);
+ }
+
+ dsa = DSA_generate_parameters(1024, NULL, 0, NULL, NULL, 0, NULL);
+ dh = DSA_dup_DH(dsa);
+ DSA_free(dsa);
+ /* important: SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks */
+ SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
+
+ if (verbose)
+ fprintf(stdout, " done\n");
+ }
+ else
+# endif
+ dh=get_dh512();
SSL_CTX_set_tmp_dh(s_ctx,dh);
DH_free(dh);
#endif
diff --git a/test/Makefile.ssl b/test/Makefile.ssl
index 3c75e13c37..2133ff1575 100644
--- a/test/Makefile.ssl
+++ b/test/Makefile.ssl
@@ -327,10 +327,10 @@ dhtest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
dhtest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
dhtest.o: ../include/openssl/stack.h
dsatest.o: ../include/openssl/bio.h ../include/openssl/bn.h
-dsatest.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-dsatest.o: ../include/openssl/err.h ../include/openssl/opensslconf.h
-dsatest.o: ../include/openssl/opensslv.h ../include/openssl/rand.h
-dsatest.o: ../include/openssl/stack.h
+dsatest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+dsatest.o: ../include/openssl/dsa.h ../include/openssl/err.h
+dsatest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+dsatest.o: ../include/openssl/rand.h ../include/openssl/stack.h
exptest.o: ../include/openssl/bio.h ../include/openssl/bn.h
exptest.o: ../include/openssl/crypto.h ../include/openssl/err.h
exptest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-26 05:35:20 +0000