wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 10:47:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

DHE Speed Up

Browse Source 
1. Also apply the setting to the client side.
2. Updated the server and client command line options to use "-2" for disabling the DHE check.
This commit is contained in:
John Safranek
2018-12-03 13:53:44 -08:00
parent 564a1ee499
commit a55f11cdd8
3 changed files with 98 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
examples/client/client.c
View File

@ -1232,6 +1232,10 @@ static void Usage(void)
#ifdef WOLFSSL_EARLY_DATA #ifdef WOLFSSL_EARLY_DATA
printf("%s", msg[++msgid]); /* -0 */ printf("%s", msg[++msgid]); /* -0 */
#endif #endif
#if !defined(NO_DH) && !defined(HAVE_FIPS) && \
!defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK)
printf("-2 Disable DH Prime check\n");
#endif
#ifdef WOLFSSL_MULTICAST #ifdef WOLFSSL_MULTICAST
printf("%s", msg[++msgid]); /* -3 */ printf("%s", msg[++msgid]); /* -3 */
#endif #endif
@ -1351,6 +1355,10 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
#ifdef WOLFSSL_MULTICAST #ifdef WOLFSSL_MULTICAST
byte mcastID = 0; byte mcastID = 0;
#endif #endif
#if !defined(NO_DH) && !defined(HAVE_FIPS) && \
!defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK)
int doDhKeyCheck = 1;
#endif
#ifdef HAVE_OCSP #ifdef HAVE_OCSP
int useOcsp = 0; int useOcsp = 0;
@ -1428,7 +1436,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
while ((ch = mygetopt(argc, argv, "?:" while ((ch = mygetopt(argc, argv, "?:"
"ab:c:defgh:ijk:l:mnop:q:rstuv:wxyz" "ab:c:defgh:ijk:l:mnop:q:rstuv:wxyz"
"A:B:CDE:F:GH:IJKL:M:NO:PQRS:TUVW:XYZ:" "A:B:CDE:F:GH:IJKL:M:NO:PQRS:TUVW:XYZ:"
"01:3:")) != -1) { "01:23:")) != -1) {
switch (ch) { switch (ch) {
case '?' : case '?' :
if(myoptarg!=NULL) { if(myoptarg!=NULL) {
@ -1816,12 +1824,21 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
earlyData = 1; earlyData = 1;
#endif #endif
break; break;
case '1' : case '1' :
lng_index = atoi(myoptarg); lng_index = atoi(myoptarg);
if(lng_index<0||lng_index>1){ if(lng_index<0||lng_index>1){
lng_index = 0; lng_index = 0;
} }
break; break;
case '2' :
#if !defined(NO_DH) && !defined(HAVE_FIPS) && \
!defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK)
doDhKeyCheck = 0;
#endif
break;
case '3' : case '3' :
#ifdef WOLFSSL_MULTICAST #ifdef WOLFSSL_MULTICAST
doMcast = 1; doMcast = 1;
@ -2558,6 +2575,13 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
} }
#endif #endif
#if !defined(NO_DH) && !defined(WOLFSSL_OLD_PRIME_CHECK) && \
!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
if (!doDhKeyCheck)
wolfSSL_SetEnableDhKeyTest(ssl, 0);
#endif
tcp_connect(&sockfd, host, port, dtlsUDP, dtlsSCTP, ssl); tcp_connect(&sockfd, host, port, dtlsUDP, dtlsSCTP, ssl);
if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) { if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) {
wolfSSL_free(ssl); ssl = NULL; wolfSSL_free(ssl); ssl = NULL;
@ -2841,6 +2865,12 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
err_sys("unable to get SSL object"); err_sys("unable to get SSL object");
} }
#if !defined(NO_DH) && !defined(WOLFSSL_OLD_PRIME_CHECK) && \
!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
if (!doDhKeyCheck)
wolfSSL_SetEnableDhKeyTest(sslResume, 0);
#endif
if (dtlsUDP) { if (dtlsUDP) {
#ifdef USE_WINDOWS_API #ifdef USE_WINDOWS_API
Sleep(500); Sleep(500);

27
examples/server/server.c
View File

@ -670,7 +670,10 @@ static void Usage(void)
#ifdef WOLFSSL_EARLY_DATA #ifdef WOLFSSL_EARLY_DATA
printf("%s", msg[++msgId]); /* -0 */ printf("%s", msg[++msgId]); /* -0 */
#endif #endif
printf("-X Disable DH Prime check\n"); #if !defined(NO_DH) && !defined(HAVE_FIPS) && \
!defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK)
printf("-2 Disable DH Prime check\n");
#endif
#ifdef WOLFSSL_MULTICAST #ifdef WOLFSSL_MULTICAST
printf("%s", msg[++msgId]); /* -3 */ printf("%s", msg[++msgId]); /* -3 */
#endif #endif
@ -848,11 +851,11 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
#ifdef WOLFSSL_VXWORKS #ifdef WOLFSSL_VXWORKS
useAnyAddr = 1; useAnyAddr = 1;
#else #else
/* Not Used: h, m, z, F, M, T, V, W */ /* Not Used: h, m, z, F, M, T, V, W, X */
while ((ch = mygetopt(argc, argv, "?:" while ((ch = mygetopt(argc, argv, "?:"
"abc:defgijk:l:nop:q:rstuv:wxy" "abc:defgijk:l:nop:q:rstuv:wxy"
"A:B:C:D:E:GH:IJKL:NO:PQR:S:TUVXYZ:" "A:B:C:D:E:GH:IJKL:NO:PQR:S:TUVYZ:"
"01:3:")) != -1) { "01:23:")) != -1) {
switch (ch) { switch (ch) {
case '?' : case '?' :
if(myoptarg!=NULL) { if(myoptarg!=NULL) {
@ -1158,24 +1161,26 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
#endif #endif
break; break;
case 'X' :
#if !defined(NO_DH) && !defined(HAVE_FIPS) && \
!defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK)
doDhKeyCheck = 0;
#endif
break;
case '0' : case '0' :
#ifdef WOLFSSL_EARLY_DATA #ifdef WOLFSSL_EARLY_DATA
earlyData = 1; earlyData = 1;
#endif #endif
break; break;
case '1' : case '1' :
lng_index = atoi(myoptarg); lng_index = atoi(myoptarg);
if(lng_index<0||lng_index>1){ if(lng_index<0||lng_index>1){
lng_index = 0; lng_index = 0;
} }
break; break;
case '2' :
#if !defined(NO_DH) && !defined(HAVE_FIPS) && \
!defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK)
doDhKeyCheck = 0;
#endif
break;
case '3' : case '3' :
#ifdef WOLFSSL_MULTICAST #ifdef WOLFSSL_MULTICAST
doMcast = 1; doMcast = 1;

82
src/internal.c
View File

@ -19600,21 +19600,31 @@ int SendClientKeyExchange(WOLFSSL* ssl)
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
!defined(WOLFSSL_OLD_PRIME_CHECK) !defined(WOLFSSL_OLD_PRIME_CHECK)
ret = wc_DhSetCheckKey(ssl->buffers.serverDH_Key, if (ssl->options.dhDoKeyTest &&
ssl->buffers.serverDH_P.buffer, !ssl->options.dhKeyTested)
ssl->buffers.serverDH_P.length, {
ssl->buffers.serverDH_G.buffer, ret = wc_DhSetCheckKey(ssl->buffers.serverDH_Key,
ssl->buffers.serverDH_G.length, ssl->buffers.serverDH_P.buffer,
NULL, 0, 0, ssl->rng); ssl->buffers.serverDH_P.length,
#else ssl->buffers.serverDH_G.buffer,
ret = wc_DhSetKey(ssl->buffers.serverDH_Key, ssl->buffers.serverDH_G.length,
ssl->buffers.serverDH_P.buffer, NULL, 0, 0, ssl->rng);
ssl->buffers.serverDH_P.length, if (ret != 0) {
ssl->buffers.serverDH_G.buffer, goto exit_scke;
ssl->buffers.serverDH_G.length); }
ssl->options.dhKeyTested = 1;
}
else
#endif #endif
if (ret != 0) { {
goto exit_scke; ret = wc_DhSetKey(ssl->buffers.serverDH_Key,
ssl->buffers.serverDH_P.buffer,
ssl->buffers.serverDH_P.length,
ssl->buffers.serverDH_G.buffer,
ssl->buffers.serverDH_G.length);
if (ret != 0) {
goto exit_scke;
}
} }
/* for DH, encSecret is Yc, agree is pre-master */ /* for DH, encSecret is Yc, agree is pre-master */
@ -19703,23 +19713,33 @@ int SendClientKeyExchange(WOLFSSL* ssl)
goto exit_scke; goto exit_scke;
} }
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
!defined(WOLFSSL_OLD_PRIME_CHECK) !defined(WOLFSSL_OLD_PRIME_CHECK)
ret = wc_DhSetCheckKey(ssl->buffers.serverDH_Key, if (ssl->options.dhDoKeyTest &&
ssl->buffers.serverDH_P.buffer, !ssl->options.dhKeyTested)
ssl->buffers.serverDH_P.length, {
ssl->buffers.serverDH_G.buffer, ret = wc_DhSetCheckKey(ssl->buffers.serverDH_Key,
ssl->buffers.serverDH_G.length, ssl->buffers.serverDH_P.buffer,
NULL, 0, 0, ssl->rng); ssl->buffers.serverDH_P.length,
#else ssl->buffers.serverDH_G.buffer,
ret = wc_DhSetKey(ssl->buffers.serverDH_Key, ssl->buffers.serverDH_G.length,
ssl->buffers.serverDH_P.buffer, NULL, 0, 0, ssl->rng);
ssl->buffers.serverDH_P.length, if (ret != 0) {
ssl->buffers.serverDH_G.buffer, goto exit_scke;
ssl->buffers.serverDH_G.length); }
#endif ssl->options.dhKeyTested = 1;
if (ret != 0) { }
goto exit_scke; else
#endif
{
ret = wc_DhSetKey(ssl->buffers.serverDH_Key,
ssl->buffers.serverDH_P.buffer,
ssl->buffers.serverDH_P.length,
ssl->buffers.serverDH_G.buffer,
ssl->buffers.serverDH_G.length);
if (ret != 0) {
goto exit_scke;
}
} }
/* for DH, encSecret is Yc, agree is pre-master */ /* for DH, encSecret is Yc, agree is pre-master */