[openssl-dev] [PATCH] Export ASN1 templates for DH and ECDH groups
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Jan 28 17:16:05 UTC 2015
On Wed 2015-01-28 03:44:10 -0500, Dr. Matthias St. Pierre wrote:
> On 01/28/2015 06:02 AM, Daniel Kahn Gillmor wrote:
>> On Tue 2015-01-27 11:15:37 -0500, Dr. Matthias St. Pierre wrote:
>>> Add missing forward declarations and export declarations for DHparams
>>> and EC[PK]PARAMETERS.
>>>
>>> Add public functions to convert between EC_GROUP objects and EC[PK]PARAMETERS
>>> objects: EC_GROUP_new_from_ec[pk]parameters(), EC_GROUP_get_ec[pk]parameters().
>>
>> fwiw, the IETF TLS WG is moving away from the possibility of arbitrary
>> EC groups, and toward the requirement of specified and vetted EC
>> groups. I'm not sure how much extra work should be done to maintain
>> that as a public-facing interface.
>
> As for TLS, you maybe right. However, the use of Diffie-Hellman is not limited
> to TLS (in my case, it's IKEv2). The proposed changes are not for libssl, but for
> the 'low level' libcrypto library, which is in my opinion a general purpose crypto
> library. As such, it should not make assumptions on or impose restrictions to possible
> use cases of the library. Neither should it enforce standards, but provide algorithms.
>
> My patch does not introduce new features or change existing ones. It just makes
> functionality available for reuse. I needed this particular functionality and I
> had the choice between 1) copy & paste the code 2) patch OpenSSL privately, or
> 3) submit a patch. So I chose the latter.
Your choice of action makes sense to me, thanks!
--dkg
More information about the openssl-dev
mailing list