Greetings,
When using 'genpkey' command to generate DH keys, the 'recommended
private key size' is not honored when it is present in
the DH Parameters file. I found this problem in 1.0.1c.
Consider the attached parameter file, openssl_dh_params.pem
$ openssl dhparam -in openssl_dh_params.pem -noout -text
PKCS#3 DH Parameters: (1024 bit)
prime:
00:b5:a1:cc:b0:fd:f7:59:f7:cc:b6:22:90:78:61:
60:2e:e4:bc:a1:ea:94:29:d0:74:a9:aa:27:00:91:
81:e3:98:18:1f:b8:9a:a8:fa:e6:f2:84:1e:e7:f1:
f0:c7:c2:8d:47:f6:62:b7:bf:8a:07:b3:34:ab:0c:
a6:a0:3e:26:38:a0:9d:97:6d:2f:1d:35:e9:af:20:
d5:60:d0:09:0d:bb:30:73:ac:31:1b:91:3a:bb:57:
43:d2:22:be:d8:01:4a:27:92:10:36:4e:f7:3e:b6:
5f:82:12:35:3c:98:9c:52:3b:a2:49:0a:60:6a:aa:
44:25:65:04:c3:ed:23:3b:fb
generator: 2 (0x2)
recommended-private-length: 224 bits
Now we generate a key pair, hoping for the private key to have the
'recommended' size:
$ openssl genpkey -paramfile openssl_dh_params.pem -out alice_keys.pem
$ openssl pkey -in alice_keys.pem -text -noout
You will see instead that the private key size is 1024 bits.
The problem appears to occur when copying the parameters in the PKEY
structure. The attached patch (against 1.0.1c) causes the recommended
size to be honored.
The patch has the added benefit of copying the 'small prime' (q) value,
should it be present in the parameters.
--
* - Ron*
Ronald B Harvey
Senior Member of Technical Staff
Security Technology Center
Freescale Semiconductor, Inc.
diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
index 02ec2d4..d059fc1 100644
--- a/crypto/dh/dh_ameth.c
+++ b/crypto/dh/dh_ameth.c
@@ -423,6 +423,15 @@ static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
BN_free(to->pkey.dh->g);
to->pkey.dh->g=a;
+ if ((a=BN_dup(from->pkey.dh->q)) != NULL)
+ {
+ if (to->pkey.dh->q != NULL)
+ BN_free(to->pkey.dh->q);
+ to->pkey.dh->q=a;
+ }
+
+ to->pkey.dh->length = from->pkey.dh->length;
+
return 1;
}
openssl_dh_params.pem
Description: application/x509-ca-cert
