[prev in list] [next in list] [prev in thread] [next in thread] 

List:       apache-httpd-dev
Subject:    Re: invalid free in ssl
From:       Dr Stephen Henson <shenson () opensslfoundation ! com>
Date:       2012-02-27 20:37:13
Message-ID: 4F4BE979.3030002 () opensslfoundation ! com
[Download RAW message or body]

On 27/02/2012 20:05, Stefan Fritsch wrote:
> 
> I noticed that the ssl_callback_tmp* functions may return a different 
> key length than requested. Is this a problem?
> 

Well for EC the callback mechanism in OpenSSL is rather broken.

It should be using an appropriate curve which both server and client support.
Using P-256 (as the mod_ssl callback currently does) is a reasonable compromise
that most clients should support.

At some point support for Suite B modes will be included in OpenSSL and that
will mean that in some cases P-384 should be used instead.

The OpenSSL callback mechanism for EC is IMHO largely an unnecessary application
burden.

In the case of RSA and DH callbacks these involve time consuming key or
parameter generation operations which applications might specify from
pre-generated sources.

For EC the callback just sends back a static structure containing the curve to
use with minimal computational overhead. OpenSSL could just do the right thing
automatically here and send back a curve the peer is willing to use and server
applications would then automatically support EC.

Steve.
-- 
Dr Stephen Henson. OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
+1 877-673-6775
shenson@opensslfoundation.com
[prev in list] [next in list] [prev in thread] [next in thread]