Greetings,
When using 'genpkey' command to generate DH keys, the 'recommended private key size' is not honored when it is present in the DH Parameters file. I found this problem in 1.0.1c. Consider the attached parameter file, openssl_dh_params.pem $ openssl dhparam -in openssl_dh_params.pem -noout -text PKCS#3 DH Parameters: (1024 bit) prime: 00:b5:a1:cc:b0:fd:f7:59:f7:cc:b6:22:90:78:61: 60:2e:e4:bc:a1:ea:94:29:d0:74:a9:aa:27:00:91: 81:e3:98:18:1f:b8:9a:a8:fa:e6:f2:84:1e:e7:f1: f0:c7:c2:8d:47:f6:62:b7:bf:8a:07:b3:34:ab:0c: a6:a0:3e:26:38:a0:9d:97:6d:2f:1d:35:e9:af:20: d5:60:d0:09:0d:bb:30:73:ac:31:1b:91:3a:bb:57: 43:d2:22:be:d8:01:4a:27:92:10:36:4e:f7:3e:b6: 5f:82:12:35:3c:98:9c:52:3b:a2:49:0a:60:6a:aa: 44:25:65:04:c3:ed:23:3b:fb generator: 2 (0x2) recommended-private-length: 224 bits Now we generate a key pair, hoping for the private key to have the 'recommended' size: $ openssl genpkey -paramfile openssl_dh_params.pem -out alice_keys.pem $ openssl pkey -in alice_keys.pem -text -noout You will see instead that the private key size is 1024 bits. The problem appears to occur when copying the parameters in the PKEY structure. The attached patch (against 1.0.1c) causes the recommended size to be honored. The patch has the added benefit of copying the 'small prime' (q) value, should it be present in the parameters. -- * - Ron* Ronald B Harvey Senior Member of Technical Staff Security Technology Center Freescale Semiconductor, Inc.
diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c index 02ec2d4..d059fc1 100644 --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -423,6 +423,15 @@ static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) BN_free(to->pkey.dh->g); to->pkey.dh->g=a; + if ((a=BN_dup(from->pkey.dh->q)) != NULL) + { + if (to->pkey.dh->q != NULL) + BN_free(to->pkey.dh->q); + to->pkey.dh->q=a; + } + + to->pkey.dh->length = from->pkey.dh->length; + return 1; }
openssl_dh_params.pem
Description: application/x509-ca-cert