On 7/1/2014 2:42 AM, Jeffrey Walton wrote:
On Mon, Jun 30, 2014 at 4:32 PM, Jakob Bohm <jb-open...@wisemo.com> wrote:
Because there is no documentation for SSL_CTX_set_tmp_ecdh_callback()
in OpenSSL 1.0.1 and older, I am afraid I have to ask:
1. Is the EC_KEY* returned by the callback supposed to be allocated
for each invocation or is it supposed to be a static shared by all
invocations?
Static is fine.
If the latter (a common object), are there any threading issues when
multiple threads are running SSL connections simultaneously?
Well, there is a CRYPTO_LOCK_EC for the static lock.
Is this something that requires code outside openssl on my part, or is
it automatic on the major platforms? The locking documentation was
always a bit ambivalent about its applicability to modern library and OS
versions (as opposed to early SSLeay versions on equally old platforms).
2. What does the keylength parameter to the ECDH callback represent:
A) An RSA/DH keylength (e.g. 2048 for 128 bit security)
B) An EC keylength (e.g. 130 for 128 bit security)
C) A symmetric keylength (e.g. 128 for 128 bit security)
The keylength parameter is munged. You have to translate it from
DH/RSA bit lengths.
That is, a keylength of 1024 needs to be translated to a 160-bit curve
(both have a 80-bit security level), a keylength of 2048 needs to be
translated to a 224-bit curve (both have a 112-bit security level),
and a keylength of 3072 needs to be translated to a 256-bit curve
(both have a 128-bit security level), etc.
3. Are there particular cut-off-points for the keylength parameter
which correlates with the largest of the predefined EC groups
likely to be supported by the client (e.g. according to the
cipher suite collection offered).
I use N + 4. For example:
if(keylength <= 160 + 4)
return ECSH160(); // Returns EC_KEY*
else if(keylength <= 192 + 4)
return ECSH192(); // Returns EC_KEY*
else if(keylength <= 224 + 4)
return ECSH224(); // Returns EC_KEY*
...
This example seems to contradict your reply to #2. Should I compare
the keylength parameter received by the callback to 160+4 etc, or to
1024+24 etc.
But P-256 seems to be most popular for interop.
I am actually trying to choose between P-256 and a larger one, using the
keylength as an indication if the larger one can be expected to interop.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
