RE: FW: DH prime over 1024 bits capped by OpenSSL?

Fri, 28 Aug 2009 00:54:37 -0700 

I ran across something similar recently.  The callback parameter list as
documented
(http://www.openssl.org/docs/ssl/SSL_CTX_set_tmp_dh_callback.html)
indicates that the key length should be passed.  To Quote: "The callback
approach has the advantage, that the callback may supply DH parameters
for different key lengths."
 
Either the current behavior is a bug or the documentation is written
incorrectly.  The callback function will never receive a key length
other than 512 or 1024.  I can submit a patch to change the
functionality but I would like to know if the callback was implemented
this way for a reason or if it has just been overlooked or not used.
 
Also note that there is no documentation written for the ecdh callback
of the same form.  Does someone on the core OpenSSL team have to write
that or can documentation be submitted via a patch?
 
--Will


________________________________

        From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Domingo Kiser
        Sent: Wednesday, June 17, 2009 11:32 PM
        To: openssl-users@openssl.org
        Subject: Re: FW: DH prime over 1024 bits capped by OpenSSL?
        
        
        Sorry for the FW subject here.  I am finally on my main machine
and not trying to send this email from my cellphone.
        
        I am looking at the source for OpenSSL 0.9.8b.
        
        Line 1207 of ./ssl/s3_srvr.c shows a call to the
SSL_C_EXPORT_PKEYLENGTH macro, which is defined on line 359 of
./ssl/ssl_locl.h.  This macro decomposes through a series of macro calls
to the macro defined on line 356 of that file.  The
SSL_EXPORT_PKEYLENGTH macro checks to see if an export flag is set, if
so it returns 512 bits, otherwise it returns 1024 bits.
        
        So from this, it looks like the Diffie-Hellman parameter size
passed to a dh callback function will always be 1024 bits per my
description below.
        
        I was using some test keys of 2048 bits and noticed that when my
callback function was called it was called with a parameter size of 1024
bits.  So all this is from my curiosity as to why this value was being
passed to my dh callback function.
        
        So am I wrong about this?  What should define the DH param
(prime number) size?
        
        Cheers,
        
        --Domingo
        
        
        On Wed, Jun 17, 2009 at 9:08 PM, Kiser, Domingo-P63246
<domingo.ki...@gdc4s.com> wrote:
        


                -----Original Message-----
                From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Kyle Hamilton
                Sent: Wednesday, June 17, 2009 11:06 AM
                To: openssl-users@openssl.org
                Subject: Re: DH prime over 1024 bits capped by OpenSSL?
                
                Which source version are you looking at?  1.0.0-beta2
does not use this as any argument to any function (in fact, the only
place it appears in the source tree is ./ssl/ssl_locl.h).
                
                -Kyle H
                
                On Mon, Jun 15, 2009 at 4:00 PM, Domingo
Kiser<domingo.ki...@gmail.com> wrote:
                > Hello,
                >
                > Does the "SSL_EXPORT_PKEYLENGTH" macro defined in
"ssl_locl.h" force
                > non-export ciphers to always use a diffie-hellman
prime parameter of
                > 1024 bits?  This seems to be the case and I've noticed
this behavior
                > in a callback function registered with
"SSL_CTX_set_tmp_dh_callback".
                > The "s3_srr.vc" file uses this macro for the third
argument to a
                > callback function if its registered and dh params are
not part of the
                > certificate stored in the ssl structure. If this is
the case, when
                > would the "dh2048.pem" provided in the distribution
ever be used?
                >
                > Is there a general rule of thumb on matching dh param
sizes with key
                > sizes?  I assumed matching the key size would work. I
am using DHE-RSA
                > 2048 bit keys with a 2048 bit dh prime.  I am failing
due to a missing
                > dh parameter, which is the correct behavior in my case
due to OpenSSL
                > asking for a 1024 bit parameter rather than a 2048 bit
one.
                >
                > I will be perusing rfc2246 (TLS 1.0 spec) and rfc2631
(diffie-hellman
                > key agreement) in the meantime for more information on
why OpenSSL
                > returns 1024 in the aforementioned macro. Could it be
as simple as
                > 1024 is could enough so don't bother?
                >
                > Any ideas or links to steer me in the right direction
would be much appreciated.
                >
                > Cheers,
                >
                > --Domingo
                >
                > --
                > Sent from my mobile device
                >
______________________________________________________________________
                > OpenSSL Project
http://www.openssl.org
                > User Support Mailing List
openssl-users@openssl.org
                > Automated List Manager
majord...@openssl.org
                >
        
______________________________________________________________________
                OpenSSL Project
http://www.openssl.org
                User Support Mailing List
openssl-users@openssl.org
                Automated List Manager
majord...@openssl.org

Reply via email to