On Mon, Jun 30, 2014 at 4:32 PM, Jakob Bohm <jb-open...@wisemo.com> wrote: > Because there is no documentation for SSL_CTX_set_tmp_ecdh_callback() > in OpenSSL 1.0.1 and older, I am afraid I have to ask: > > 1. Is the EC_KEY* returned by the callback supposed to be allocated > for each invocation or is it supposed to be a static shared by all > invocations? Static is fine.
> If the latter (a common object), are there any threading issues when > multiple threads are running SSL connections simultaneously? Well, there is a CRYPTO_LOCK_EC for the static lock. > 2. What does the keylength parameter to the ECDH callback represent: > A) An RSA/DH keylength (e.g. 2048 for 128 bit security) > B) An EC keylength (e.g. 130 for 128 bit security) > C) A symmetric keylength (e.g. 128 for 128 bit security) The keylength parameter is munged. You have to translate it from DH/RSA bit lengths. That is, a keylength of 1024 needs to be translated to a 160-bit curve (both have a 80-bit security level), a keylength of 2048 needs to be translated to a 224-bit curve (both have a 112-bit security level), and a keylength of 3072 needs to be translated to a 256-bit curve (both have a 128-bit security level), etc. > 3. Are there particular cut-off-points for the keylength parameter > which correlates with the largest of the predefined EC groups > likely to be supported by the client (e.g. according to the > cipher suite collection offered). I use N + 4. For example: if(keylength <= 160 + 4) return ECSH160(); // Returns EC_KEY* else if(keylength <= 192 + 4) return ECSH192(); // Returns EC_KEY* else if(keylength <= 224 + 4) return ECSH224(); // Returns EC_KEY* ... But P-256 seems to be most popular for interop. Jeff ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org