commit 90966823524f2b229648b4464d65bca629664a96
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Thu Jun 11 17:02:29 2015 +0200
committer Manuel Pégourié-Gonnard <mpg@elzevir.fr> Wed Jun 17 11:37:04 2015 +0200
tree 658f97e68b4cca46737557ddf75e0253ffdcdc97
parent bd990d6629f48020e30c32926be7acedb6b4683b

Add dhmlen option in ssl_client2.c

programs/ssl/ssl_client2.c

diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 960412a..eabcbdc 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -95,6 +95,7 @@
 #define DFL_MFL_CODE            MBEDTLS_SSL_MAX_FRAG_LEN_NONE
 #define DFL_TRUNC_HMAC          -1
 #define DFL_RECSPLIT            -1
+#define DFL_DHMLEN              -1
 #define DFL_RECONNECT           0
 #define DFL_RECO_DELAY          0
 #define DFL_TICKETS             MBEDTLS_SSL_SESSION_TICKETS_ENABLED
@@ -164,6 +165,13 @@
 #define USAGE_RECSPLIT
 #endif
 
+#if defined(MBEDTLS_DHM_C)
+#define USAGE_DHMLEN \
+    "    dhmlen=%%d           default: (library default: 1024 bits)\n"
+#else
+#define USAGE_DHMLEN
+#endif
+
 #if defined(MBEDTLS_SSL_ALPN)
 #define USAGE_ALPN \
     "    alpn=%%s             default: \"\" (disabled)\n"   \
@@ -246,6 +254,7 @@
     USAGE_EMS                                               \
     USAGE_ETM                                               \
     USAGE_RECSPLIT                                          \
+    USAGE_DHMLEN                                            \
     "\n"                                                    \
     "    arc4=%%d             default: (library default: 0)\n" \
     "    min_version=%%s      default: (library default: tls1)\n"       \
@@ -289,6 +298,7 @@
     unsigned char mfl_code;     /* code for maximum fragment length         */
     int trunc_hmac;             /* negotiate truncated hmac or not          */
     int recsplit;               /* enable record splitting?                 */
+    int dhmlen;                 /* minimum DHM params len in bits           */
     int reconnect;              /* attempt to resume session                */
     int reco_delay;             /* delay in seconds before resuming session */
     int tickets;                /* enable / disable session tickets         */
@@ -468,6 +478,7 @@
     opt.mfl_code            = DFL_MFL_CODE;
     opt.trunc_hmac          = DFL_TRUNC_HMAC;
     opt.recsplit            = DFL_RECSPLIT;
+    opt.dhmlen              = DFL_DHMLEN;
     opt.reconnect           = DFL_RECONNECT;
     opt.reco_delay          = DFL_RECO_DELAY;
     opt.tickets             = DFL_TICKETS;
@@ -758,6 +769,12 @@
             if( opt.recsplit < 0 || opt.recsplit > 1 )
                 goto usage;
         }
+        else if( strcmp( p, "dhmlen" ) == 0 )
+        {
+            opt.dhmlen = atoi( q );
+            if( opt.dhmlen < 0 )
+                goto usage;
+        }
         else
             goto usage;
     }
@@ -1091,6 +1108,11 @@
                                     : MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED );
 #endif
 
+#if defined(MBEDTLS_DHM_C)
+    if( opt.dhmlen != DFL_DHMLEN )
+        mbedtls_ssl_conf_dhm_min_bitlen( &conf, opt.dhmlen );
+#endif
+
 #if defined(MBEDTLS_SSL_ALPN)
     if( opt.alpn_string != NULL )
         if( ( ret = mbedtls_ssl_conf_alpn_protocols( &conf, alpn_list ) ) != 0 )