From: Nikos Mavrogiannopoulos Date: Wed, 26 Mar 2014 08:45:10 +0000 (+0100) Subject: Add checks in tests for the DHE prime and exponent size. X-Git-Tag: gnutls_3_3_0pre0~14 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=71b4ae6774fc08b80e30692ccce4e1bc00c9975f;p=thirdparty%2Fgnutls.git Add checks in tests for the DHE prime and exponent size. --- diff --git a/tests/anonself.c b/tests/anonself.c index ac6df9fa3e..5749e416de 100644 --- a/tests/anonself.c +++ b/tests/anonself.c @@ -107,6 +107,16 @@ static void client(int sd) success("client: Handshake was completed\n"); } + ret = gnutls_dh_get_prime_bits(session); + if (ret < 512) { + fail("server: too small prime size: %d\n", ret); + } + + ret = gnutls_dh_get_secret_bits(session); + if (ret < 256) { + fail("server: too small secret key size: %d\n", ret); + } + if (debug) success("client: TLS version is: %s\n", gnutls_protocol_get_name @@ -234,6 +244,16 @@ static void server(int sd) gnutls_protocol_get_name (gnutls_protocol_get_version(session))); + ret = gnutls_dh_get_prime_bits(session); + if (ret < 512) { + fail("server: too small prime size: %d\n", ret); + } + + ret = gnutls_dh_get_secret_bits(session); + if (ret < 256) { + fail("server: too small secret key size: %d\n", ret); + } + /* see the Getting peer's information example */ /* print_info(session); */ diff --git a/tests/dhepskself.c b/tests/dhepskself.c index 64db452d26..db6d7b1625 100644 --- a/tests/dhepskself.c +++ b/tests/dhepskself.c @@ -106,6 +106,16 @@ static void client(int sd) success("client: Handshake was completed\n"); } + ret = gnutls_dh_get_prime_bits(session); + if (ret < 512) { + fail("server: too small prime size: %d\n", ret); + } + + ret = gnutls_dh_get_secret_bits(session); + if (ret < 256) { + fail("server: too small secret key size: %d\n", ret); + } + gnutls_record_send(session, MSG, strlen(MSG)); ret = gnutls_record_recv(session, buffer, MAX_BUF); @@ -230,6 +240,16 @@ static void server(int sd) if (debug) success("server: Handshake was completed\n"); + ret = gnutls_dh_get_prime_bits(session); + if (ret < 512) { + fail("server: too small prime size: %d\n", ret); + } + + ret = gnutls_dh_get_secret_bits(session); + if (ret < 256) { + fail("server: too small secret key size: %d\n", ret); + } + /* see the Getting peer's information example */ /* print_info(session); */