[openssl-dev] [openssl.org #3676] [PATCH] Export ASN1 templates for DH and ECDH groups

Dr. Matthias St. Pierre via RT rt at openssl.org
Sat Mar 5 19:58:57 UTC 2016

> Von: Stephen Henson via RT [mailto:rt at openssl.org]
> Gesendet: Samstag, 5. März 2016 17:53
> An: Dr. Matthias St. Pierre
> Cc: openssl-dev at openssl.org
> Betreff: [openssl.org #3676] [PATCH] Export ASN1 templates for DH and ECDH groups
> ...
> The fact we don't export the DHparameters item I'd regard as a bug which should
> be fixed.
> The EC one I'm less sure about. This ends up exposing what were previously
> internal functions. I'll see if there is an alternative way to achieve the same
> result.

These functions, although internal, appear to me to be the natural way to serialize
and deserialize private ECDH groups. They are well tested and reusable and the only
reason why they are not public is probably because OpenSSL is focused on supplying
standardized named curves for TLS. Using private ECDH curves might not make much sense
for TLS, but in my case it did: I used it for a VPN client/server where the customer
requested the ability to use private ECDH groups in the IKEv2 protocol, in addition
to the official IANA groups.

With the proposed change it was easy for me to serialize the entire set of all public
and private [EC]DH-Groups in single file by creating a few ASN1 rules based on the
existing ASN1  structures (DHparameters  resp. EC[PK]PARAMETERS). So instead of
reinventing the wheel, I let OpenSSL do the main part of the serialization.

There is a thread that predates the creation of my ticket, where I discussed my motivation
with Daniel Kahn Gillmor, see below. I hope my arguments convince you that it is a good
idea to add these ASN1 structures and the related functions to the public api.

Best Regards,

Matthias St. Pierre

>>> On Tue 2015-01-27 11:15:37 -0500, Dr. Matthias St. Pierre wrote:
>>>> Add missing forward declarations and export declarations for DHparams
>>>> Add public functions to convert between EC_GROUP objects and EC[PK]PARAMETERS
>>>> objects: EC_GROUP_new_from_ec[pk]parameters(), EC_GROUP_get_ec[pk]parameters().
>>> fwiw, the IETF TLS WG is moving away from the possibility of arbitrary
>>> EC groups, and toward the requirement of specified and vetted EC
>>> groups.  I'm not sure how much extra work should be done to maintain
>>> that as a public-facing interface.
>> As for TLS, you maybe right. However, the use of Diffie-Hellman is not limited
>> to TLS (in my case, it's IKEv2). The proposed changes are not for libssl, but for
>> the 'low level' libcrypto library, which is in my opinion a general purpose crypto
>> library. As such, it should not make assumptions on or impose restrictions to possible
>> use cases of the library. Neither should it enforce standards, but provide algorithms.
>> My patch does not introduce new features or change existing ones. It just makes
>> functionality available for reuse. I needed this particular functionality and I
>> had the choice between 1) copy & paste the code 2) patch OpenSSL privately, or
>> 3) submit a patch. So I chose the latter.
>Your choice of action makes sense to me, thanks!
>     --dkg

Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3676
Please log in as guest with password guest if prompted

More information about the openssl-dev mailing list