[openssl-users] RFC 7919 DH parameters and OpenSSL DH_check()
Andy Schmidt
andrewrobertschmidt at gmail.com
Thu Jan 3 23:52:45 UTC 2019
Thank you Victor and Kurt for your quick replies! They were very helpful
Best,
Andy Schmidt
On Thu, Jan 3, 2019 at 2:00 PM Kurt Roeckx <kurt at roeckx.be> wrote:
> On Thu, Jan 03, 2019 at 12:18:05PM -0800, Andy Schmidt wrote:
> > I am adding the RFC 7919 Diffie-Hellman parameters to our TLS servers,
> and
> > I've found that these parameters won't pass OpenSSL's Diffie Hellman
> > parameter check function DH_check(). The return code is
> > DH_NOT_SUITABLE_GENERATOR. Looking at the source code, it appears to fail
> > because the remainder of the prime divided by 24 is not 11. That its, p
> mod
> > 24 != 11. I have a couple of questions:
> >
> > What relationship between the prime p and the generator g is this
> checking
> > for? I thought that since p was a safe prime, as long as the generator g
> > wasn't 1 the only choice is between the full group and the subgroup of
> the
> > squares?
> >
> > I would like to use DH_check() to attempt to ensure that Diffie Hellman
> > parameters haven't been tampered on operating systems that don't have
> > digital signatures for executable binaries.
>
> See:
>
> https://crypto.stackexchange.com/questions/12961/diffie-hellman-parameter-check-when-g-2-must-p-mod-24-11
>
>
> Kurt
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190103/d03ceca2/attachment-0001.html>
More information about the openssl-users
mailing list