]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
Add checks in tests for the DHE prime and exponent size.
authorNikos Mavrogiannopoulos <nmav@redhat.com>
Wed, 26 Mar 2014 08:45:10 +0000 (09:45 +0100)
committerNikos Mavrogiannopoulos <nmav@redhat.com>
Wed, 26 Mar 2014 08:45:10 +0000 (09:45 +0100)
tests/anonself.c
tests/dhepskself.c

index ac6df9fa3e262f6a8492c2e26ddf927cc06dffa5..5749e416deba8479f19dd8753b30a561b6856ee2 100644 (file)
@@ -107,6 +107,16 @@ static void client(int sd)
                        success("client: Handshake was completed\n");
        }
 
+       ret = gnutls_dh_get_prime_bits(session);
+       if (ret < 512) {
+               fail("server: too small prime size: %d\n", ret);
+       }
+
+       ret = gnutls_dh_get_secret_bits(session);
+       if (ret < 256) {
+               fail("server: too small secret key size: %d\n", ret);
+       }
+
        if (debug)
                success("client: TLS version is: %s\n",
                        gnutls_protocol_get_name
@@ -234,6 +244,16 @@ static void server(int sd)
                        gnutls_protocol_get_name
                        (gnutls_protocol_get_version(session)));
 
+       ret = gnutls_dh_get_prime_bits(session);
+       if (ret < 512) {
+               fail("server: too small prime size: %d\n", ret);
+       }
+
+       ret = gnutls_dh_get_secret_bits(session);
+       if (ret < 256) {
+               fail("server: too small secret key size: %d\n", ret);
+       }
+
        /* see the Getting peer's information example */
        /* print_info(session); */
 
index 64db452d2600d9e652759f80656bd9f0d9304d71..db6d7b1625888fae19e77536c196cf9e1b8601d4 100644 (file)
@@ -106,6 +106,16 @@ static void client(int sd)
                        success("client: Handshake was completed\n");
        }
 
+       ret = gnutls_dh_get_prime_bits(session);
+       if (ret < 512) {
+               fail("server: too small prime size: %d\n", ret);
+       }
+
+       ret = gnutls_dh_get_secret_bits(session);
+       if (ret < 256) {
+               fail("server: too small secret key size: %d\n", ret);
+       }
+
        gnutls_record_send(session, MSG, strlen(MSG));
 
        ret = gnutls_record_recv(session, buffer, MAX_BUF);
@@ -230,6 +240,16 @@ static void server(int sd)
        if (debug)
                success("server: Handshake was completed\n");
 
+       ret = gnutls_dh_get_prime_bits(session);
+       if (ret < 512) {
+               fail("server: too small prime size: %d\n", ret);
+       }
+
+       ret = gnutls_dh_get_secret_bits(session);
+       if (ret < 256) {
+               fail("server: too small secret key size: %d\n", ret);
+       }
+
        /* see the Getting peer's information example */
        /* print_info(session); */