[openssl-dev] [PATCH] Export ASN1 templates for DH and ECDH groups
Dr. Matthias St. Pierre
Matthias.St.Pierre at ncp-e.com
Wed Jan 28 08:44:10 UTC 2015
On 01/28/2015 06:02 AM, Daniel Kahn Gillmor wrote:
> On Tue 2015-01-27 11:15:37 -0500, Dr. Matthias St. Pierre wrote:
>> Add missing forward declarations and export declarations for DHparams
>> and EC[PK]PARAMETERS.
>>
>> Add public functions to convert between EC_GROUP objects and EC[PK]PARAMETERS
>> objects: EC_GROUP_new_from_ec[pk]parameters(), EC_GROUP_get_ec[pk]parameters().
>
> fwiw, the IETF TLS WG is moving away from the possibility of arbitrary
> EC groups, and toward the requirement of specified and vetted EC
> groups. I'm not sure how much extra work should be done to maintain
> that as a public-facing interface.
As for TLS, you maybe right. However, the use of Diffie-Hellman is not limited
to TLS (in my case, it's IKEv2). The proposed changes are not for libssl, but for
the 'low level' libcrypto library, which is in my opinion a general purpose crypto
library. As such, it should not make assumptions on or impose restrictions to possible
use cases of the library. Neither should it enforce standards, but provide algorithms.
My patch does not introduce new features or change existing ones. It just makes
functionality available for reuse. I needed this particular functionality and I
had the choice between 1) copy & paste the code 2) patch OpenSSL privately, or
3) submit a patch. So I chose the latter.
Regards,
Matthias
More information about the openssl-dev
mailing list