Hi,
I am using openssl-0.9.5a(13th May snapshot). I am using
callbacks for temp key generation. In the callback, I check the
if isExport flag and if true, I return a key of length specified
by the keylength parameter.
Now my question. Here is some code from s3_srvr.c that is
used in the key exchange.
File s3_srvr.c, Function ssl3_send_server_key_exchange, Line 955:
rsa=s->cert->rsa_tmp_cb(s,
SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
....
File s3_srvr.c, Function ssl3_send_server_key_exchange, Line 984:
dhp=s->cert->dh_tmp_cb(s,
!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
....
The interesting thing is the negation of SSL_C_IS_EXPORT when using
temp DH callback. So in my temp DH callback, when I am expecting the
key to be exportable, it is not and vice versa. I had to then change
my callback so that if isExport flag is true, I actually return a
non-export key and if false, I return an export key.
Is there some logic behind negating the SSL_C_IS_EXPORT return value
for the DH callback?
Thanks,
Amit.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
