More precise testing of dhm_min_len

An SSL client can be configured to insist on a minimum size for the Diffie-Hellman (DHM) parameters sent by the server. Add several test cases where the server sends parameters with exactly the minimum size (must be accepted) or parameters that are one bit too short (must be rejected). Make sure that there are test cases both where the boundary is byte-aligned and where it isn't. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2026-03-09 13:46:27 +00:00 · 2020-12-08 22:31:52 +01:00
parent 384a0880c4
commit 3e7b61c42b
4 changed files with 79 additions and 0 deletions
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile
@@ -1052,6 +1052,16 @@ cert_md5.crt: cert_md5.csr
 	$(MBEDTLS_CERT_WRITE) request_file=$< serial=6 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=MD5 version=3 output_file=$@
 all_final += cert_md5.crt

+################################################################
+#### Diffie-Hellman parameters
+################################################################
+
+dh.998.pem:
+	$(OPENSSL) dhparam -out $@ -text 998
+
+dh.999.pem:
+	$(OPENSSL) dhparam -out $@ -text 999
+
 ################################################################
 #### Meta targets
 ################################################################