Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Gimme Dat Diffie Hellman #6

Merged
merged 1 commit into from

2 participants

@ice799

Gimme Dat Diffie Hellman

@jamwt jamwt merged commit 620e2d4 into from
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Jul 14, 2011
  1. @ice799

    Gimme Dat Diffie Hellman

    ice799 authored
This page is out of date. Refresh to see the latest.
Showing with 45 additions and 1 deletion.
  1. +9 −0 README.md
  2. +36 −1 stud.c
View
9 README.md
@@ -88,6 +88,15 @@ The entire set of arguments can be invoked with `stud -h`:
`stud` uses no configuration file.
+Diffie–Hellman
+--------------
+
+To use DH with stud, you will need to add some bytes to your pem file:
+
+% openssl dhparam -rand - 1024 >> PEMFILE
+
+Be sure to set your cipher suite appropriately: -c DHE-RSA-AES256-SHA
+
Authors
-------
View
37 stud.c
@@ -161,6 +161,37 @@ static void fail(char* s) {
exit(1);
}
+#ifndef OPENSSL_NO_DH
+static int init_dh(SSL_CTX *ctx, const char *cert) {
+ DH *dh;
+ BIO *bio;
+
+ if (!cert) {
+ fprintf(stderr, "No certificate available to load DH parameters\n");
+ return -1;
+ }
+
+ bio = BIO_new_file(cert, "r");
+ if (!bio) {
+ ERR_print_errors_fp(stderr);
+ return -1;
+ }
+
+ dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
+ BIO_free(bio);
+ if (!dh) {
+ fprintf(stderr, "Could not load DH parameters from %s\n", cert);
+ return -1;
+ }
+
+ fprintf(stderr, "Using DH parameters from %s\n", cert);
+ SSL_CTX_set_tmp_dh(ctx, dh);
+ fprintf(stderr, "DH initialized with %d bit key\n", 8*DH_size(dh));
+ DH_free(dh);
+
+ return 0;
+}
+#endif /* OPENSSL_NO_DH */
/* Init library and load specified certificate.
* Establishes a SSL_ctx, to act as a template for
@@ -188,7 +219,11 @@ static SSL_CTX * init_openssl() {
ERR_print_errors_fp(stderr);
exit(1);
}
-
+
+#ifndef OPENSSL_NO_DH
+ init_dh(ctx, OPTIONS.CERT_FILE);
+#endif /* OPENSSL_NO_DH */
+
if (OPTIONS.CIPHER_SUITE)
if (SSL_CTX_set_cipher_list(ctx, OPTIONS.CIPHER_SUITE) != 1)
ERR_print_errors_fp(stderr);
Something went wrong with that request. Please try again.