From 77fa04a9bca6686b7123bdbe80c4dd4c2a3cc8cb Mon Sep 17 00:00:00 2001
From: =?utf8?q?Bodo=20M=C3=B6ller?= <bodo@openssl.org>
Date: Fri, 3 Sep 1999 16:31:36 +0000
Subject: [PATCH] -no_dhe option for ssltest.c

---
 ssl/ssltest.c | 56 +++++++++++++++++++++++++++++----------------------
 test/testssl  |  3 +++
 2 files changed, 35 insertions(+), 24 deletions(-)

diff --git a/ssl/ssltest.c b/ssl/ssltest.c
index f9c96975d4..53a6570df6 100644
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -122,6 +122,9 @@ static void sv_usage(void)
 #if !defined NO_DH && !defined NO_DSA
 	fprintf(stderr," -dhe1024      - generate 1024 bit key for DHE\n");
 #endif
+#if !defined NO_DH
+	fprintf(stderr," -no_dhe       - disable DHE\n");
+#endif
 #ifndef NO_SSL2
 	fprintf(stderr," -ssl2         - use SSLv2\n");
 #endif
@@ -159,7 +162,7 @@ int main(int argc, char *argv[])
 	int number=1,reuse=0;
 	long bytes=1L;
 	SSL_CIPHER *ciph;
-	int dhe1024 = 0;
+	int dhe1024 = 0, no_dhe = 0;
 #ifndef NO_DH
 	DH *dh;
 #endif
@@ -186,6 +189,8 @@ int main(int argc, char *argv[])
 			reuse=1;
 		else if	(strcmp(*argv,"-dhe1024") == 0)
 			dhe1024=1;
+		else if	(strcmp(*argv,"-no_dhe") == 0)
+			no_dhe=1;
 		else if	(strcmp(*argv,"-ssl2") == 0)
 			ssl2=1;
 		else if	(strcmp(*argv,"-tls1") == 0)
@@ -311,33 +316,36 @@ bad:
 		}
 
 #ifndef NO_DH
-# ifndef NO_DSA
-	if (dhe1024) 
+	if (!no_dhe)
 		{
-		DSA *dsa;
-		unsigned char seed[20];
-
-		if (verbose)
+# ifndef NO_DSA
+		if (dhe1024) 
 			{
-			fprintf(stdout, "Creating 1024 bit DHE parameters ...");
-			fflush(stdout);
+			DSA *dsa;
+			unsigned char seed[20];
+			
+			if (verbose)
+				{
+				fprintf(stdout, "Creating 1024 bit DHE parameters ...");
+				fflush(stdout);
+				}
+			
+			memcpy(seed, "Random String no. 12", 20);
+			dsa = DSA_generate_parameters(1024, seed, 20, NULL, NULL, 0, NULL);
+			dh = DSA_dup_DH(dsa);	
+			DSA_free(dsa);
+			/* important: SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks */
+			SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
+			
+			if (verbose)
+				fprintf(stdout, " done\n");
 			}
-
-		memcpy(seed, "Random String no. 12", 20);
-		dsa = DSA_generate_parameters(1024, seed, 20, NULL, NULL, 0, NULL);
-		dh = DSA_dup_DH(dsa);	
-		DSA_free(dsa);
-		/* important: SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks */
-		SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
-
-		if (verbose)
-			fprintf(stdout, " done\n");
-		}
-	else
+		else
 # endif
-		dh=get_dh512();
-	SSL_CTX_set_tmp_dh(s_ctx,dh);
-	DH_free(dh);
+			dh=get_dh512();
+		SSL_CTX_set_tmp_dh(s_ctx,dh);
+		DH_free(dh);
+		}
 #endif
 
 #ifndef NO_RSA
diff --git a/test/testssl b/test/testssl
index 255ae5e976..5a76bdf778 100644
--- a/test/testssl
+++ b/test/testssl
@@ -63,6 +63,9 @@ echo test sslv3 with both client and server authentication via BIO pair
 echo test sslv2/sslv3 via BIO pair
 ./ssltest || exit 1
 
+echo test sslv2/sslv3 w/o DHE via BIO pair
+./ssltest -no_dhe || exit 1
+
 echo test sslv2/sslv3 with server authentication
 ./ssltest -bio_pair -server_auth -CApath ../certs || exit 1
 
-- 
2.25.1