DH_generate_key

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

DH_generate_key

Narayana, Sunil Kumar

Dear openssl team,

 

                While migrating from 1.0.2 to 3.0,  we found that DH_generate_key() has be deprecated. And as per the man page, it is advised to use EVP_PKEY_derive_init  & EVP_PKEY_derive

our application creates a new DH and using DH_generate_key() creates pub_key/priv_key and uses it. how can we replace this exactly with EVP.

And please suggest what EVP API’s should we use to generate pub/priv keys ?

 

Application code

 

    dh = DH_new();

    dh->p = BN_bin2bn(modSize, octet_len, NULL);

    dh->g = BN_bin2bn(H235Bits_generator, H235Bits_generator_len / 8, NULL);

 

    if ( ! DH_generate_key(dh) )

    {

        return FAILURE;

    }

    n = (unsigned) BN_num_bytes(dh->pub_key);

  

    BN_bn2bin(dh->pub_key, p);

    n = (unsigned) BN_num_bytes(dh->priv_key);

 

 

Instead above logic can we do this ? is derive generated pub/priv keys ?

 

//create ctx

Ctx = EVP_PKEY_CTX_new_from_name (NULL, “DM”, NULL);

EVP_PKEY_derive_init (ctx)

 

 

Regards,

Sunil




Notice: This e-mail together with any attachments may contain information of Ribbon Communications Inc. that is confidential and/or proprietary for the sole use of the intended recipient. Any review, disclosure, reliance or distribution by others or forwarding without express permission is strictly prohibited. If you are not the intended recipient, please notify the sender immediately and then delete all copies, including any attachments.
Reply | Threaded
Open this post in threaded view
|

RE: DH_generate_key

OpenSSL - User mailing list

Dear openssl team,

 

                While migrating from 1.0.2 to 3.0,  we found that DH_generate_key() has be deprecated. And as per the man page, it is advised to use EVP_PKEY_derive_init  & EVP_PKEY_derive

our application creates a new DH and using DH_generate_key() creates pub_key/priv_key and uses it. how can we replace this exactly with EVP.

And please suggest what EVP API’s should we use to generate pub/priv keys ?

 

Application code

 

    dh = DH_new();

    dh->p = BN_bin2bn(modSize, octet_len, NULL);

    dh->g = BN_bin2bn(H235Bits_generator, H235Bits_generator_len / 8, NULL);

 

    if ( ! DH_generate_key(dh) )

    {

        return FAILURE;

    }

    n = (unsigned) BN_num_bytes(dh->pub_key);

  

    BN_bn2bin(dh->pub_key, p);

    n = (unsigned) BN_num_bytes(dh->priv_key);

 

 

Instead above logic can we do this ? is derive generated pub/priv keys ?

 

 

 

 

The man page in section 7 (EVP_PKEY_DH) has examples for generating using safe primes or using probable primes.  Seems better since you don’t have to use the BN API anymore, but a little more complicated because you have to call OSSL_PARAM_construct_xxx for parameters and assign them to an array.

 

From there, you can use EVP_PKEY_derive_init, EVP_PKEY_derive_set_peer, and EVP_PKEY_derive to get your shared secret.  See apps/speed.c in the OSSL3 source code for an example.  Look for the text EVP_PKEY_DH

Reply | Threaded
Open this post in threaded view
|

Re: DH_generate_key

Matt Caswell-2
In reply to this post by Narayana, Sunil Kumar


On 08/12/2020 17:43, Narayana, Sunil Kumar wrote:

> Dear openssl team,
>
>  
>
>                 While migrating from 1.0.2 to 3.0,  we found that
> DH_generate_key() has be deprecated. And as per the man page, it is
> advised to use EVP_PKEY_derive_init
> <https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_derive_init.html>
>  & EVP_PKEY_derive
> <https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_derive.html>
>

The reference to EVP_PKEY_derive_init/EVP_PKEY_derive is a bit
misleading, because those are replacements for DH_compute_key() not
DH_generate_key().

The equivalents for DH_generate_key() are EVP_PKEY_keygen_init() and
EVP_PKEY_gen().

https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_gen.html



> our application creates a new DH and using DH_generate_key()

How do you set up the DH parameters? Do you load them from a file or
generate them in your application? Or some other way? Will it break your
application if you swap to using different parameters, or must you
retain support for the old ones?

The first step is to create an EVP_PKEY object containing the DH
parameters. How to do that depends on the answers to the above questions.


> creates
> pub_key/priv_key and uses it. how can we replace this exactly with EVP.
>


As noted by Daniel in this response to your question there are examples
on the EVP_PKEY-DH manual page.

https://www.openssl.org/docs/manmaster/man7/EVP_PKEY-DH.html

Assuming you have set up the parameters in an EVP_PKEY object
(param_key) then this is the relevant example:


    EVP_PKEY *key = NULL;
    EVP_PKEY_CTX *gctx = EVP_PKEY_CTX_new_from_pkey(NULL, param_key, NULL);

    EVP_PKEY_keygen_init(gctx);
    EVP_PKEY_gen(gctx, &key);
    EVP_PKEY_print_private(bio_out, key, 0, NULL);
    ...
    EVP_PKEY_free(key);
    EVP_PKEY_CTX_free(gctx);


This gives you a generated DH key in the "key" object.


Matt


> And please suggest what EVP API’s should we use to generate pub/priv keys ?
>
>  
>
> _Application code_
>
> _ _
>
>     dh = DH_new();
>
>     dh->p = BN_bin2bn(modSize, octet_len, NULL);
>
>     dh->g = BN_bin2bn(H235Bits_generator, H235Bits_generator_len / 8, NULL);
>
>  
>
>     if ( ! DH_generate_key(dh) )
>
>     {
>
>         return FAILURE;
>
>     }
>
>     n = (unsigned) BN_num_bytes(dh->pub_key);
>
>   
>
>     BN_bn2bin(dh->pub_key, p);
>
>     n = (unsigned) BN_num_bytes(dh->priv_key);
>
>  
>
>  
>
> Instead above logic can we do this ? is derive generated pub/priv keys ?
>
>  
>
> //create ctx
>
> Ctx = EVP_PKEY_CTX_new_from_name (NULL, “DM”, NULL);
>
> EVP_PKEY_derive_init (ctx)
>
>  
>
>  
>
> Regards,
>
> Sunil
>
>
>
> ------------------------------------------------------------------------
> Notice: This e-mail together with any attachments may contain
> information of Ribbon Communications Inc. that is confidential and/or
> proprietary for the sole use of the intended recipient. Any review,
> disclosure, reliance or distribution by others or forwarding without
> express permission is strictly prohibited. If you are not the intended
> recipient, please notify the sender immediately and then delete all
> copies, including any attachments.
> ------------------------------------------------------------------------
Reply | Threaded
Open this post in threaded view
|

Re: DH_generate_key

Matt Caswell-2


On 09/12/2020 15:31, Matt Caswell wrote:
>> our application creates a new DH and using DH_generate_key()
>
> How do you set up the DH parameters? Do you load them from a file or
> generate them in your application? Or some other way? Will it break your
> application if you swap to using different parameters, or must you
> retain support for the old ones?
>
> The first step is to create an EVP_PKEY object containing the DH
> parameters. How to do that depends on the answers to the above questions.

Sunil emailed me directly (off list) and provided some code samples.

So you have some fixed "p" and "g" parameter values defined as static
unsigned char arrays, which you are currently converting to BIGNUMs
using "BN_bin2bn", and then assigning to "dh->p" and "dh->g" respectively.

The "g" value is just "2", so in the 3.0 equivalent you don't need to
convert that to a BIGNUM first. Some equivalent code to construct a DH
params object (called "param_key" in the code below) is:


    EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL);
    OSSL_PARAM_BLD *tmpl = NULL;
    OSSL_PARAM *params = NULL;
    EVP_PKEY *param_key = NULL;

    if (pctx == NULL || !EVP_PKEY_key_fromdata_init(pctx))
        goto err;

    if ((tmpl = OSSL_PARAM_BLD_new()) == NULL
            || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_P, p)
            || !OSSL_PARAM_BLD_push_uint(tmpl, OSSL_PKEY_PARAM_FFC_G, 2))
        goto err;

    params = OSSL_PARAM_BLD_to_param(tmpl);
    if (params == NULL || !EVP_PKEY_fromdata(pctx, &param_key, params))
        goto err;
 err:
    EVP_PKEY_CTX_free(pctx);
    OSSL_PARAM_BLD_free_params(params);
    OSSL_PARAM_BLD_free(tmpl);


You can then generate the key using the code sample I gave in my
previous email:

    EVP_PKEY *key = NULL;
    EVP_PKEY_CTX *gctx = EVP_PKEY_CTX_new_from_pkey(NULL, param_key, NULL);

    EVP_PKEY_keygen_init(gctx);
    EVP_PKEY_gen(gctx, &key);
    EVP_PKEY_print_private(bio_out, key, 0, NULL);
    ...
    EVP_PKEY_free(key);
    EVP_PKEY_CTX_free(gctx);



Hope that helps,

Matt
Reply | Threaded
Open this post in threaded view
|

Re: DH_generate_key

Narayana, Sunil Kumar
In reply to this post by Narayana, Sunil Kumar

Hi Matt,

                Thanks for the code sample. we understood the end to end flow to generate the DH key.

I wanted to understand one more aspect here, In our application we were obtaining two keys (pub_key/ priv_key) from the DH_generate_key() with single values of  dh->p/ dh->g.

But now in 3.0 equivalent, I guess we can get only one key from the p/g params right ? how to get equivalent pub_key / priv_key ? please suggest.

 

 

Regards,

Sunil

From: openssl-users <[hidden email]> On Behalf Of [hidden email]
Sent: 10 December 2020 17:46
To: [hidden email]
Subject: openssl-users Digest, Vol 73, Issue 9

 


NOTICE: This email was received from an EXTERNAL sender



Send openssl-users mailing list submissions to
[hidden email]

To subscribe or unsubscribe via the World Wide Web, visit
https://mta.openssl.org/mailman/listinfo/openssl-users
or, via email, send a message with subject or body 'help' to
[hidden email]

You can reach the person managing the list at
[hidden email]

When replying, please edit your Subject line so it is more specific
than "Re: Contents of openssl-users digest..."


Today's Topics:

1. Re: DH_generate_key (Matt Caswell)
2. Re: creating certificate by code / problems to load via
openssl x509 / pem format (Andreas Tengicki)
3. Re: creating certificate by code / problems to load via
openssl x509 / pem format (Tomas Mraz)
4. Re: DH_generate_key (Matt Caswell)


----------------------------------------------------------------------

Message: 1
Date: Wed, 9 Dec 2020 15:31:51 +0000
From: Matt Caswell <[hidden email]>
To: "Narayana, Sunil Kumar" <[hidden email]>,
"[hidden email]" <[hidden email]>
Subject: Re: DH_generate_key
Message-ID: <[hidden email]>
Content-Type: text/plain; charset=utf-8



On 08/12/2020 17:43, Narayana, Sunil Kumar wrote:
> Dear openssl team,
>
> ?
>
> ??????????????? While migrating from 1.0.2 to 3.0, ?we found that
> DH_generate_key() has be deprecated. And as per the man page, it is
> advised to use EVP_PKEY_derive_init
> <https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_derive_init.html>
> ?& EVP_PKEY_derive
> <https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_derive.html>
>

The reference to EVP_PKEY_derive_init/EVP_PKEY_derive is a bit
misleading, because those are replacements for DH_compute_key() not
DH_generate_key().

The equivalents for DH_generate_key() are EVP_PKEY_keygen_init() and
EVP_PKEY_gen().

https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_gen.html



> our application creates a new DH and using DH_generate_key()

How do you set up the DH parameters? Do you load them from a file or
generate them in your application? Or some other way? Will it break your
application if you swap to using different parameters, or must you
retain support for the old ones?

The first step is to create an EVP_PKEY object containing the DH
parameters. How to do that depends on the answers to the above questions.


> creates
> pub_key/priv_key and uses it. how can we replace this exactly with EVP.
>


As noted by Daniel in this response to your question there are examples
on the EVP_PKEY-DH manual page.

https://www.openssl.org/docs/manmaster/man7/EVP_PKEY-DH.html

Assuming you have set up the parameters in an EVP_PKEY object
(param_key) then this is the relevant example:


EVP_PKEY *key = NULL;
EVP_PKEY_CTX *gctx = EVP_PKEY_CTX_new_from_pkey(NULL, param_key, NULL);

EVP_PKEY_keygen_init(gctx);
EVP_PKEY_gen(gctx, &key);
EVP_PKEY_print_private(bio_out, key, 0, NULL);
...
EVP_PKEY_free(key);
EVP_PKEY_CTX_free(gctx);


This gives you a generated DH key in the "key" object.


Matt


> And please suggest what EVP API?s should we use to generate pub/priv keys ?
>
> ?
>
> _Application code_
>
> _?_
>
> ??? dh = DH_new();
>
> ??? dh->p = BN_bin2bn(modSize, octet_len, NULL);
>
> ??? dh->g = BN_bin2bn(H235Bits_generator, H235Bits_generator_len / 8, NULL);
>
> ?
>
> ??? if ( ! DH_generate_key(dh) )
>
> ??? {
>
> ??????? return FAILURE;
>
> ??? }
>
> ??? n = (unsigned) BN_num_bytes(dh->pub_key);
>
> ??
>
> ????BN_bn2bin(dh->pub_key, p);
>
> ??? n = (unsigned) BN_num_bytes(dh->priv_key);
>
> ?
>
> ?
>
> Instead above logic can we do this ? is derive generated pub/priv keys ?
>
> ?
>
> //create ctx
>
> Ctx = EVP_PKEY_CTX_new_from_name (NULL, ?DM?, NULL);
>
> EVP_PKEY_derive_init (ctx)
>
> ?
>
> ?
>
> Regards,
>
> Sunil
>
>
>
> ------------------------------------------------------------------------
> Notice: This e-mail together with any attachments may contain
> information of Ribbon Communications Inc. that is confidential and/or
> proprietary for the sole use of the intended recipient. Any review,
> disclosure, reliance or distribution by others or forwarding without
> express permission is strictly prohibited. If you are not the intended
> recipient, please notify the sender immediately and then delete all
> copies, including any attachments.
> ------------------------------------------------------------------------


------------------------------

Message: 2
Date: Thu, 10 Dec 2020 10:39:06 +0100
From: Andreas Tengicki <[hidden email]>
To: [hidden email]
Subject: Re: creating certificate by code / problems to load via
openssl x509 / pem format
Message-ID: <[hidden email]>
Content-Type: text/plain; charset="utf-8"; Format="flowed"

The solution was to choice a EVP by signing the certificate

i = X509_sign(x, CApkey, EVP_sha256());

Best regards

? Andreas

Am 09.07.2020 um 11:09 schrieb Andreas Tengicki:
>
> Hello,
>
> your first help in this project, helps much, but now some weeks later,
> there is a new problem, and I cannot find any tipps via google.
>
> For all the coding a have looked into the openssl examples.
>
> I create a private key per code, the "openssl rsa -in
> test_privatekey.pem -check" is fine
>
> I create a certificate request per code, "openssl req -text -noout
> -verify -in test_request.pem" is fine
>
> I create a certifcate via this reqeust and store it with
> "PEM_write_bio_X509(out, crt);" like the others. (some more code below)
>
> Perhaps there is something wrong, but to detect this, I will use the
> validation, but it cannot load the certificate to validate it:
>
> >> openssl x509 -in test_certificate.pem -text
> unable to load certificate
> 140180222239872:error:0D07209B:asn1 encoding
> routines:ASN1_get_object:too long:../crypto/asn1/asn1_lib.c:91:
> 140180222239872:error:0D068066:asn1 encoding
> routines:asn1_check_tlen:bad object header:../crypto/asn1/tasn_dec.c:1118:
> 140180222239872:error:0D07803A:asn1 encoding
> routines:asn1_item_embed_d2i:nested asn1
> error:../crypto/asn1/tasn_dec.c:190:Type=ASN1_TIME
> 140180222239872:error:0D08303A:asn1 encoding
> routines:asn1_template_noexp_d2i:nested asn1
> error:../crypto/asn1/tasn_dec.c:627:Field=notBefore, Type=X509_VAL
> 140180222239872:error:0D08303A:asn1 encoding
> routines:asn1_template_noexp_d2i:nested asn1
> error:../crypto/asn1/tasn_dec.c:627:Field=validity, Type=X509_CINF
> 140180222239872:error:0D08303A:asn1 encoding
> routines:asn1_template_noexp_d2i:nested asn1
> error:../crypto/asn1/tasn_dec.c:627:Field=cert_info, Type=X509
> 140180222239872:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1
> lib:../crypto/pem/pem_oth.c:33:
>
> Thanks for any help.
>
> Best regards
>
> ? Andreas
>
> ----
>
> ErrorHandling should be added in a second step, first debug outputs (I
> have deleted for here) says everything is created
>
> X509* certificate_create(const X509_REQ* req)
> {
> ? //openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.crt
> -CAkey ca.key -CAcreateserial -out server.crt
>
> ? if ((crt = X509_new()) == NULL);
> ? //xca = load_cert(CAfile, CAformat, "CA Certificate");
> ? BIO *bio = NULL;
> ? bio = BIO_new_file(CAfile, "r");
> ? xca = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL);
> ? BIO_free(bio);
>
> ? upkey = X509_get0_pubkey(xca);
>
> ? char CAkeyile[] = "ca.key";
> ? int CAkeyformat = 5; //FORMAT_PEM
> ? char passin[] = "xyz";
>
> ? ENGINE *e = NULL;
> ? EVP_PKEY * CApkey = NULL;
> ? //CApkey = load_key(CAkeyfile, CAkeyformat, 0, passin, e, "CA
> Private Key");
> ? bio = BIO_new_file(CAkeyile, "r");
> ? CApkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, passin);
> ? BIO_free(bio);
>
> ? EVP_PKEY_copy_parameters(upkey, CApkey);
>
> ? X509_STORE *ctx = NULL;
> ? ctx = X509_STORE_new();
>
> ? X509_STORE_CTX *xsc = NULL;
> ? xsc = X509_STORE_CTX_new();
> ? if (xsc == NULL || !X509_STORE_CTX_init(xsc, ctx, crt, NULL));
>
> ? ASN1_INTEGER *serialno = NULL;
> ? serialno = ASN1_INTEGER_new();
> ? BIGNUM *btmp = NULL;
> ? btmp = BN_new();
>
> ? # define SERIAL_RAND_BITS??????? 159
> ? if (!BN_rand(btmp, SERIAL_RAND_BITS, BN_RAND_TOP_ANY,
> BN_RAND_BOTTOM_ANY));
> ? if (!BN_to_ASN1_INTEGER(btmp, serialno));
> ? BN_free(btmp);
>
> X509_STORE_CTX_set_cert(xsc, crt);
> ? X509_STORE_CTX_set_flags(xsc, X509_V_FLAG_CHECK_SS_SIGNATURE);
>
> ? if (!X509_check_private_key(xca, CApkey)) ;
>
> ? if (!X509_set_issuer_name(crt, X509_get_subject_name(xca)));
> ? if (!X509_set_serialNumber(crt, serialno));
>
> ? int days = 365;
> ? if (X509_time_adj_ex(X509_getm_notAfter(crt), days, 0, NULL) == NULL);
>
> ? const char digestname[] = "sha256";
> ? const EVP_MD* md = EVP_get_digestbyname(digestname);
> ? EVP_MD_CTX *mctx = EVP_MD_CTX_new();
> ? EVP_PKEY_CTX *pkctx = NULL;
> ? EVP_DigestSignInit(mctx, &pkctx, md, NULL, CApkey); //ist CApkey
> hier der richtige private Key? sollte eigentlich
> ? int rv = (X509_sign_ctx(crt, mctx) > 0);
> ? EVP_MD_CTX_free(mctx);
>
> ? BIO *out = NULL;
> ? out = BIO_new_file("test_certificate.pem", "w");
> ? PEM_write_bio_X509(out, crt);
> ? BIO_free_all(out);
>
> ? ...some more frees ...
> ? return crt;
> }
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201210/897e5d1b/attachment-0001.html>

------------------------------

Message: 3
Date: Thu, 10 Dec 2020 11:42:37 +0100
From: Tomas Mraz <[hidden email]>
To: Andreas Tengicki <[hidden email]>, [hidden email]
Subject: Re: creating certificate by code / problems to load via
openssl x509 / pem format
Message-ID:
<[hidden email]>
Content-Type: text/plain; charset="UTF-8"

On Thu, 2020-12-10 at 10:39 +0100, Andreas Tengicki wrote:
> The solution was to choice a EVP by signing the certificate
>
> i = X509_sign(x, CApkey, EVP_sha256());

I do not really think this was the problem. In the code below you do
not set the notBefore time which is actually indicated by the parsing
errors when you try to load the invalid certificate.

> Best regards
>
> Andreas
>
> Am 09.07.2020 um 11:09 schrieb Andreas Tengicki:
> > Hello,
> >
> > your first help in this project, helps much, but now some weeks
> > later, there is a new problem, and I cannot find any tipps via
> > google.
> >
> > For all the coding a have looked into the openssl examples.
> >
> > I create a private key per code, the "openssl rsa -in
> > test_privatekey.pem -check" is fine
> >
> > I create a certificate request per code, "openssl req -text -noout
> > -verify -in test_request.pem" is fine
> >
> > I create a certifcate via this reqeust and store it with
> > "PEM_write_bio_X509(out, crt);" like the others. (some more code
> > below)
> >
> > Perhaps there is something wrong, but to detect this, I will use
> > the validation, but it cannot load the certificate to validate it:
> >
> > >> openssl x509 -in test_certificate.pem -text
> > unable to load certificate
> > 140180222239872:error:0D07209B:asn1 encoding
> > routines:ASN1_get_object:too long:../crypto/asn1/asn1_lib.c:91:
> > 140180222239872:error:0D068066:asn1 encoding
> > routines:asn1_check_tlen:bad object
> > header:../crypto/asn1/tasn_dec.c:1118:
> > 140180222239872:error:0D07803A:asn1 encoding
> > routines:asn1_item_embed_d2i:nested asn1
> > error:../crypto/asn1/tasn_dec.c:190:Type=ASN1_TIME
> > 140180222239872:error:0D08303A:asn1 encoding
> > routines:asn1_template_noexp_d2i:nested asn1
> > error:../crypto/asn1/tasn_dec.c:627:Field=notBefore, Type=X509_VAL
> > 140180222239872:error:0D08303A:asn1 encoding
> > routines:asn1_template_noexp_d2i:nested asn1
> > error:../crypto/asn1/tasn_dec.c:627:Field=validity, Type=X509_CINF
> > 140180222239872:error:0D08303A:asn1 encoding
> > routines:asn1_template_noexp_d2i:nested asn1
> > error:../crypto/asn1/tasn_dec.c:627:Field=cert_info, Type=X509
> > 140180222239872:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1
> > lib:../crypto/pem/pem_oth.c:33:
> >
> >
> > Thanks for any help.
> >
> > Best regards
> >
> > Andreas
> >
> > ----
> >
> > ErrorHandling should be added in a second step, first debug outputs
> > (I have deleted for here) says everything is created
> >
> > X509* certificate_create(const X509_REQ* req)
> > {
> > //openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.crt
> > -CAkey ca.key -CAcreateserial -out server.crt
> >
> > if ((crt = X509_new()) == NULL);
> > //xca = load_cert(CAfile, CAformat, "CA Certificate");
> > BIO *bio = NULL;
> > bio = BIO_new_file(CAfile, "r");
> > xca = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL);
> > BIO_free(bio);
> >
> > upkey = X509_get0_pubkey(xca);
> >
> > char CAkeyile[] = "ca.key";
> > int CAkeyformat = 5; //FORMAT_PEM
> > char passin[] = "xyz";
> >
> > ENGINE *e = NULL;
> > EVP_PKEY * CApkey = NULL;
> > //CApkey = load_key(CAkeyfile, CAkeyformat, 0, passin, e, "CA
> > Private Key");
> > bio = BIO_new_file(CAkeyile, "r");
> > CApkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, passin);
> > BIO_free(bio);
> >
> > EVP_PKEY_copy_parameters(upkey, CApkey);
> >
> > X509_STORE *ctx = NULL;
> > ctx = X509_STORE_new();
> >
> > X509_STORE_CTX *xsc = NULL;
> > xsc = X509_STORE_CTX_new();
> > if (xsc == NULL || !X509_STORE_CTX_init(xsc, ctx, crt, NULL));
> >
> > ASN1_INTEGER *serialno = NULL;
> > serialno = ASN1_INTEGER_new();
> > BIGNUM *btmp = NULL;
> > btmp = BN_new();
> >
> > # define SERIAL_RAND_BITS 159
> > if (!BN_rand(btmp, SERIAL_RAND_BITS, BN_RAND_TOP_ANY,
> > BN_RAND_BOTTOM_ANY));
> > if (!BN_to_ASN1_INTEGER(btmp, serialno));
> > BN_free(btmp);
> >
> > X509_STORE_CTX_set_cert(xsc, crt);
> > X509_STORE_CTX_set_flags(xsc, X509_V_FLAG_CHECK_SS_SIGNATURE);
> >
> > if (!X509_check_private_key(xca, CApkey)) ;
> >
> > if (!X509_set_issuer_name(crt, X509_get_subject_name(xca)));
> > if (!X509_set_serialNumber(crt, serialno));
> >
> > int days = 365;
> > if (X509_time_adj_ex(X509_getm_notAfter(crt), days, 0, NULL) ==
> > NULL);
> >
> > const char digestname[] = "sha256";
> > const EVP_MD* md = EVP_get_digestbyname(digestname);
> > EVP_MD_CTX *mctx = EVP_MD_CTX_new();
> > EVP_PKEY_CTX *pkctx = NULL;
> > EVP_DigestSignInit(mctx, &pkctx, md, NULL, CApkey); //ist CApkey
> > hier der richtige private Key? sollte eigentlich
> > int rv = (X509_sign_ctx(crt, mctx) > 0);
> > EVP_MD_CTX_free(mctx);
> >
> > BIO *out = NULL;
> > out = BIO_new_file("test_certificate.pem", "w");
> > PEM_write_bio_X509(out, crt);
> > BIO_free_all(out);
> >
> > ...some more frees ...
> > return crt;
> > }
> >
--
Tom?? Mr?z
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
[You'll know whether the road is wrong if you carefully listen to your
conscience.]




------------------------------

Message: 4
Date: Thu, 10 Dec 2020 12:16:11 +0000
From: Matt Caswell <[hidden email]>
To: "Narayana, Sunil Kumar" <[hidden email]>,
"[hidden email]" <[hidden email]>
Subject: Re: DH_generate_key
Message-ID: <[hidden email]>
Content-Type: text/plain; charset=utf-8



On 09/12/2020 15:31, Matt Caswell wrote:
>> our application creates a new DH and using DH_generate_key()
>
> How do you set up the DH parameters? Do you load them from a file or
> generate them in your application? Or some other way? Will it break your
> application if you swap to using different parameters, or must you
> retain support for the old ones?
>
> The first step is to create an EVP_PKEY object containing the DH
> parameters. How to do that depends on the answers to the above questions.

Sunil emailed me directly (off list) and provided some code samples.

So you have some fixed "p" and "g" parameter values defined as static
unsigned char arrays, which you are currently converting to BIGNUMs
using "BN_bin2bn", and then assigning to "dh->p" and "dh->g" respectively.

The "g" value is just "2", so in the 3.0 equivalent you don't need to
convert that to a BIGNUM first. Some equivalent code to construct a DH
params object (called "param_key" in the code below) is:


EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL);
OSSL_PARAM_BLD *tmpl = NULL;
OSSL_PARAM *params = NULL;
EVP_PKEY *param_key = NULL;

if (pctx == NULL || !EVP_PKEY_key_fromdata_init(pctx))
goto err;

if ((tmpl = OSSL_PARAM_BLD_new()) == NULL
|| !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_P, p)
|| !OSSL_PARAM_BLD_push_uint(tmpl, OSSL_PKEY_PARAM_FFC_G, 2))
goto err;

params = OSSL_PARAM_BLD_to_param(tmpl);
if (params == NULL || !EVP_PKEY_fromdata(pctx, &param_key, params))
goto err;
err:
EVP_PKEY_CTX_free(pctx);
OSSL_PARAM_BLD_free_params(params);
OSSL_PARAM_BLD_free(tmpl);


You can then generate the key using the code sample I gave in my
previous email:

EVP_PKEY *key = NULL;
EVP_PKEY_CTX *gctx = EVP_PKEY_CTX_new_from_pkey(NULL, param_key, NULL);

EVP_PKEY_keygen_init(gctx);
EVP_PKEY_gen(gctx, &key);
EVP_PKEY_print_private(bio_out, key, 0, NULL);
...
EVP_PKEY_free(key);
EVP_PKEY_CTX_free(gctx);



Hope that helps,

Matt


------------------------------

Subject: Digest Footer

_______________________________________________
openssl-users mailing list
[hidden email]
https://mta.openssl.org/mailman/listinfo/openssl-users


------------------------------

End of openssl-users Digest, Vol 73, Issue 9
********************************************




Notice: This e-mail together with any attachments may contain information of Ribbon Communications Inc. that is confidential and/or proprietary for the sole use of the intended recipient. Any review, disclosure, reliance or distribution by others or forwarding without express permission is strictly prohibited. If you are not the intended recipient, please notify the sender immediately and then delete all copies, including any attachments.
Reply | Threaded
Open this post in threaded view
|

Re: DH_generate_key

Matt Caswell-2


On 10/12/2020 16:14, Narayana, Sunil Kumar wrote:

> Hi Matt,
>
>                 Thanks for the code sample. we understood the end to end
> flow to generate the DH key.
>
> I wanted to understand one more aspect here, In our application we were
> obtaining two keys (pub_key/ priv_key) from the DH_generate_key() with
> single values of  dh->p/ dh->g.
>
> But now in 3.0 equivalent, I guess we can get only one key from the p/g
> params right ? how to get equivalent pub_key / priv_key ? please suggest.


An EVP_PKEY can hold either a priv/public key pair, or just a public key
(or just parameters) depending on the context.

In this case, after a successful call to EVP_PKEY_gen() it will hold the
priv/public key pair.

In many cases you don't need to get the private key out. Often DH keys
are "ephemeral", i.e. they are only ever used for one key exchange, and
are only ever held in memory. If you are doing a "non-ephemeral" key
exchange then you may still need to get it out.

There are a number of ways to do this depending on what you want to achieve.

You can write the whole DH priv/pub key pair out to a PEM file to later
load back in again using the OSSL_ENCODER API, e.g.

OSSL_ENCODER_CTX *ectx
    = OSSL_ENCODER_CTX_new_by_EVP_PKEY(pkey, OSSL_KEYMGMT_SELECT_ALL,
                                       "PEM", NULL, NULL);
OSSL_ENCODER_to_bio(ectx, out);

Alternatively if you want the "raw" octet bytes for the public key you
can use

size_t len = 0;
unsigned char *pub;

EVP_PKEY_get_raw_public_key(pkey, NULL, &len);
pub = OPENSSL_malloc(len);
EVP_PKEY_get_raw_public_key(pkey, pub, &len);

Similarly you can use EVP_PKEY_get_raw_private_key() to get the raw
private key.

Finally, if you just want to get the public key out to send to the peer
you can use EVP_PKEY_get1_encoded_public_key():

unsigned char *buf = NULL;

EVP_PKEY_get1_encoded_public_key(pkey, &buf);
/* Do stuff with buf */
OPENSSL_free(buf);

For DH this works in a similar way to EVP_PKEY_get_raw_public_key(). It
produces a format suitable for use in TLSv1.2 and CMS...which is
actually just the raw public key. For key types other than DH it may not be.

Note: for brevity above I've omitted error handling from the code
samples. You should be sure to add that.

Matt



>
>  
>
>  
>
> Regards,
>
> Sunil
>
> *From:*openssl-users <[hidden email]> *On Behalf Of
> *[hidden email]
> *Sent:* 10 December 2020 17:46
> *To:* [hidden email]
> *Subject:* openssl-users Digest, Vol 73, Issue 9
>
>  
>
> ------------------------------------------------------------------------
>
> NOTICE: This email was received from an EXTERNAL sender
>
> ------------------------------------------------------------------------
>
>
> Send openssl-users mailing list submissions to
> [hidden email] <mailto:[hidden email]>
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://mta.openssl.org/mailman/listinfo/openssl-users
> or, via email, send a message with subject or body 'help' to
> [hidden email] <mailto:[hidden email]>
>
> You can reach the person managing the list at
> [hidden email] <mailto:[hidden email]>
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of openssl-users digest..."
>
>
> Today's Topics:
>
> 1. Re: DH_generate_key (Matt Caswell)
> 2. Re: creating certificate by code / problems to load via
> openssl x509 / pem format (Andreas Tengicki)
> 3. Re: creating certificate by code / problems to load via
> openssl x509 / pem format (Tomas Mraz)
> 4. Re: DH_generate_key (Matt Caswell)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 9 Dec 2020 15:31:51 +0000
> From: Matt Caswell <[hidden email] <mailto:[hidden email]>>
> To: "Narayana, Sunil Kumar" <[hidden email]
> <mailto:[hidden email]>>,
> "[hidden email] <mailto:[hidden email]>"
> <[hidden email] <mailto:[hidden email]>>
> Subject: Re: DH_generate_key
> Message-ID: <[hidden email]
> <mailto:[hidden email]>>
> Content-Type: text/plain; charset=utf-8
>
>
>
> On 08/12/2020 17:43, Narayana, Sunil Kumar wrote:
>> Dear openssl team,
>>
>> ?
>>
>> ??????????????? While migrating from 1.0.2 to 3.0, ?we found that
>> DH_generate_key() has be deprecated. And as per the man page, it is
>> advised to use EVP_PKEY_derive_init
>> <https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_derive_init.html>
>> ?& EVP_PKEY_derive
>> <https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_derive.html>
>>
>
> The reference to EVP_PKEY_derive_init/EVP_PKEY_derive is a bit
> misleading, because those are replacements for DH_compute_key() not
> DH_generate_key().
>
> The equivalents for DH_generate_key() are EVP_PKEY_keygen_init() and
> EVP_PKEY_gen().
>
> https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_gen.html
>
>
>
>> our application creates a new DH and using DH_generate_key()
>
> How do you set up the DH parameters? Do you load them from a file or
> generate them in your application? Or some other way? Will it break your
> application if you swap to using different parameters, or must you
> retain support for the old ones?
>
> The first step is to create an EVP_PKEY object containing the DH
> parameters. How to do that depends on the answers to the above questions.
>
>
>> creates
>> pub_key/priv_key and uses it. how can we replace this exactly with EVP.
>>
>
>
> As noted by Daniel in this response to your question there are examples
> on the EVP_PKEY-DH manual page.
>
> https://www.openssl.org/docs/manmaster/man7/EVP_PKEY-DH.html
>
> Assuming you have set up the parameters in an EVP_PKEY object
> (param_key) then this is the relevant example:
>
>
> EVP_PKEY *key = NULL;
> EVP_PKEY_CTX *gctx = EVP_PKEY_CTX_new_from_pkey(NULL, param_key, NULL);
>
> EVP_PKEY_keygen_init(gctx);
> EVP_PKEY_gen(gctx, &key);
> EVP_PKEY_print_private(bio_out, key, 0, NULL);
> ...
> EVP_PKEY_free(key);
> EVP_PKEY_CTX_free(gctx);
>
>
> This gives you a generated DH key in the "key" object.
>
>
> Matt
>
>
>> And please suggest what EVP API?s should we use to generate pub/priv
> keys ?
>>
>> ?
>>
>> _Application code_
>>
>> _?_
>>
>> ??? dh = DH_new();
>>
>> ??? dh->p = BN_bin2bn(modSize, octet_len, NULL);
>>
>> ??? dh->g = BN_bin2bn(H235Bits_generator, H235Bits_generator_len / 8,
> NULL);
>>
>> ?
>>
>> ??? if ( ! DH_generate_key(dh) )
>>
>> ??? {
>>
>> ??????? return FAILURE;
>>
>> ??? }
>>
>> ??? n = (unsigned) BN_num_bytes(dh->pub_key);
>>
>> ??
>>
>> ????BN_bn2bin(dh->pub_key, p);
>>
>> ??? n = (unsigned) BN_num_bytes(dh->priv_key);
>>
>> ?
>>
>> ?
>>
>> Instead above logic can we do this ? is derive generated pub/priv keys ?
>>
>> ?
>>
>> //create ctx
>>
>> Ctx = EVP_PKEY_CTX_new_from_name (NULL, ?DM?, NULL);
>>
>> EVP_PKEY_derive_init (ctx)
>>
>> ?
>>
>> ?
>>
>> Regards,
>>
>> Sunil
>>
>>
>>
>> ------------------------------------------------------------------------
>> Notice: This e-mail together with any attachments may contain
>> information of Ribbon Communications Inc. that is confidential and/or
>> proprietary for the sole use of the intended recipient. Any review,
>> disclosure, reliance or distribution by others or forwarding without
>> express permission is strictly prohibited. If you are not the intended
>> recipient, please notify the sender immediately and then delete all
>> copies, including any attachments.
>> ------------------------------------------------------------------------
>
>
> ------------------------------
>
> Message: 2
> Date: Thu, 10 Dec 2020 10:39:06 +0100
> From: Andreas Tengicki <[hidden email] <mailto:[hidden email]>>
> To: [hidden email] <mailto:[hidden email]>
> Subject: Re: creating certificate by code / problems to load via
> openssl x509 / pem format
> Message-ID: <[hidden email]
> <mailto:[hidden email]>>
> Content-Type: text/plain; charset="utf-8"; Format="flowed"
>
> The solution was to choice a EVP by signing the certificate
>
> i = X509_sign(x, CApkey, EVP_sha256());
>
> Best regards
>
> ? Andreas
>
> Am 09.07.2020 um 11:09 schrieb Andreas Tengicki:
>>
>> Hello,
>>
>> your first help in this project, helps much, but now some weeks later,
>> there is a new problem, and I cannot find any tipps via google.
>>
>> For all the coding a have looked into the openssl examples.
>>
>> I create a private key per code, the "openssl rsa -in
>> test_privatekey.pem -check" is fine
>>
>> I create a certificate request per code, "openssl req -text -noout
>> -verify -in test_request.pem" is fine
>>
>> I create a certifcate via this reqeust and store it with
>> "PEM_write_bio_X509(out, crt);" like the others. (some more code below)
>>
>> Perhaps there is something wrong, but to detect this, I will use the
>> validation, but it cannot load the certificate to validate it:
>>
>> >> openssl x509 -in test_certificate.pem -text
>> unable to load certificate
>> 140180222239872:error:0D07209B:asn1 encoding
>> routines:ASN1_get_object:too long:../crypto/asn1/asn1_lib.c:91:
>> 140180222239872:error:0D068066:asn1 encoding
>> routines:asn1_check_tlen:bad object header:../crypto/asn1/tasn_dec.c:1118:
>> 140180222239872:error:0D07803A:asn1 encoding
>> routines:asn1_item_embed_d2i:nested asn1
>> error:../crypto/asn1/tasn_dec.c:190:Type=ASN1_TIME
>> 140180222239872:error:0D08303A:asn1 encoding
>> routines:asn1_template_noexp_d2i:nested asn1
>> error:../crypto/asn1/tasn_dec.c:627:Field=notBefore, Type=X509_VAL
>> 140180222239872:error:0D08303A:asn1 encoding
>> routines:asn1_template_noexp_d2i:nested asn1
>> error:../crypto/asn1/tasn_dec.c:627:Field=validity, Type=X509_CINF
>> 140180222239872:error:0D08303A:asn1 encoding
>> routines:asn1_template_noexp_d2i:nested asn1
>> error:../crypto/asn1/tasn_dec.c:627:Field=cert_info, Type=X509
>> 140180222239872:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1
>> lib:../crypto/pem/pem_oth.c:33:
>>
>> Thanks for any help.
>>
>> Best regards
>>
>> ? Andreas
>>
>> ----
>>
>> ErrorHandling should be added in a second step, first debug outputs (I
>> have deleted for here) says everything is created
>>
>> X509* certificate_create(const X509_REQ* req)
>> {
>> ? //openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.crt
>> -CAkey ca.key -CAcreateserial -out server.crt
>>
>> ? if ((crt = X509_new()) == NULL);
>> ? //xca = load_cert(CAfile, CAformat, "CA Certificate");
>> ? BIO *bio = NULL;
>> ? bio = BIO_new_file(CAfile, "r");
>> ? xca = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL);
>> ? BIO_free(bio);
>>
>> ? upkey = X509_get0_pubkey(xca);
>>
>> ? char CAkeyile[] = "ca.key";
>> ? int CAkeyformat = 5; //FORMAT_PEM
>> ? char passin[] = "xyz";
>>
>> ? ENGINE *e = NULL;
>> ? EVP_PKEY * CApkey = NULL;
>> ? //CApkey = load_key(CAkeyfile, CAkeyformat, 0, passin, e, "CA
>> Private Key");
>> ? bio = BIO_new_file(CAkeyile, "r");
>> ? CApkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, passin);
>> ? BIO_free(bio);
>>
>> ? EVP_PKEY_copy_parameters(upkey, CApkey);
>>
>> ? X509_STORE *ctx = NULL;
>> ? ctx = X509_STORE_new();
>>
>> ? X509_STORE_CTX *xsc = NULL;
>> ? xsc = X509_STORE_CTX_new();
>> ? if (xsc == NULL || !X509_STORE_CTX_init(xsc, ctx, crt, NULL));
>>
>> ? ASN1_INTEGER *serialno = NULL;
>> ? serialno = ASN1_INTEGER_new();
>> ? BIGNUM *btmp = NULL;
>> ? btmp = BN_new();
>>
>> ? # define SERIAL_RAND_BITS??????? 159
>> ? if (!BN_rand(btmp, SERIAL_RAND_BITS, BN_RAND_TOP_ANY,
>> BN_RAND_BOTTOM_ANY));
>> ? if (!BN_to_ASN1_INTEGER(btmp, serialno));
>> ? BN_free(btmp);
>>
>> X509_STORE_CTX_set_cert(xsc, crt);
>> ? X509_STORE_CTX_set_flags(xsc, X509_V_FLAG_CHECK_SS_SIGNATURE);
>>
>> ? if (!X509_check_private_key(xca, CApkey)) ;
>>
>> ? if (!X509_set_issuer_name(crt, X509_get_subject_name(xca)));
>> ? if (!X509_set_serialNumber(crt, serialno));
>>
>> ? int days = 365;
>> ? if (X509_time_adj_ex(X509_getm_notAfter(crt), days, 0, NULL) == NULL);
>>
>> ? const char digestname[] = "sha256";
>> ? const EVP_MD* md = EVP_get_digestbyname(digestname);
>> ? EVP_MD_CTX *mctx = EVP_MD_CTX_new();
>> ? EVP_PKEY_CTX *pkctx = NULL;
>> ? EVP_DigestSignInit(mctx, &pkctx, md, NULL, CApkey); //ist CApkey
>> hier der richtige private Key? sollte eigentlich
>> ? int rv = (X509_sign_ctx(crt, mctx) > 0);
>> ? EVP_MD_CTX_free(mctx);
>>
>> ? BIO *out = NULL;
>> ? out = BIO_new_file("test_certificate.pem", "w");
>> ? PEM_write_bio_X509(out, crt);
>> ? BIO_free_all(out);
>>
>> ? ...some more frees ...
>> ? return crt;
>> }
>>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> <https://mta.openssl.org/pipermail/openssl-users/attachments/20201210/897e5d1b/attachment-0001.html>
>
> ------------------------------
>
> Message: 3
> Date: Thu, 10 Dec 2020 11:42:37 +0100
> From: Tomas Mraz <[hidden email] <mailto:[hidden email]>>
> To: Andreas Tengicki <[hidden email]
> <mailto:[hidden email]>>, [hidden email]
> <mailto:[hidden email]>
> Subject: Re: creating certificate by code / problems to load via
> openssl x509 / pem format
> Message-ID:
> <[hidden email]
> <mailto:[hidden email]>>
> Content-Type: text/plain; charset="UTF-8"
>
> On Thu, 2020-12-10 at 10:39 +0100, Andreas Tengicki wrote:
>> The solution was to choice a EVP by signing the certificate
>>
>> i = X509_sign(x, CApkey, EVP_sha256());
>
> I do not really think this was the problem. In the code below you do
> not set the notBefore time which is actually indicated by the parsing
> errors when you try to load the invalid certificate.
>
>> Best regards
>>
>> Andreas
>>
>> Am 09.07.2020 um 11:09 schrieb Andreas Tengicki:
>> > Hello,
>> >
>> > your first help in this project, helps much, but now some weeks
>> > later, there is a new problem, and I cannot find any tipps via
>> > google.
>> >
>> > For all the coding a have looked into the openssl examples.
>> >
>> > I create a private key per code, the "openssl rsa -in
>> > test_privatekey.pem -check" is fine
>> >
>> > I create a certificate request per code, "openssl req -text -noout
>> > -verify -in test_request.pem" is fine
>> >
>> > I create a certifcate via this reqeust and store it with
>> > "PEM_write_bio_X509(out, crt);" like the others. (some more code
>> > below)
>> >
>> > Perhaps there is something wrong, but to detect this, I will use
>> > the validation, but it cannot load the certificate to validate it:
>> >
>> > >> openssl x509 -in test_certificate.pem -text
>> > unable to load certificate
>> > 140180222239872:error:0D07209B:asn1 encoding
>> > routines:ASN1_get_object:too long:../crypto/asn1/asn1_lib.c:91:
>> > 140180222239872:error:0D068066:asn1 encoding
>> > routines:asn1_check_tlen:bad object
>> > header:../crypto/asn1/tasn_dec.c:1118:
>> > 140180222239872:error:0D07803A:asn1 encoding
>> > routines:asn1_item_embed_d2i:nested asn1
>> > error:../crypto/asn1/tasn_dec.c:190:Type=ASN1_TIME
>> > 140180222239872:error:0D08303A:asn1 encoding
>> > routines:asn1_template_noexp_d2i:nested asn1
>> > error:../crypto/asn1/tasn_dec.c:627:Field=notBefore, Type=X509_VAL
>> > 140180222239872:error:0D08303A:asn1 encoding
>> > routines:asn1_template_noexp_d2i:nested asn1
>> > error:../crypto/asn1/tasn_dec.c:627:Field=validity, Type=X509_CINF
>> > 140180222239872:error:0D08303A:asn1 encoding
>> > routines:asn1_template_noexp_d2i:nested asn1
>> > error:../crypto/asn1/tasn_dec.c:627:Field=cert_info, Type=X509
>> > 140180222239872:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1
>> > lib:../crypto/pem/pem_oth.c:33:
>> >
>> >
>> > Thanks for any help.
>> >
>> > Best regards
>> >
>> > Andreas
>> >
>> > ----
>> >
>> > ErrorHandling should be added in a second step, first debug outputs
>> > (I have deleted for here) says everything is created
>> >
>> > X509* certificate_create(const X509_REQ* req)
>> > {
>> > //openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.crt
>> > -CAkey ca.key -CAcreateserial -out server.crt
>> >
>> > if ((crt = X509_new()) == NULL);
>> > //xca = load_cert(CAfile, CAformat, "CA Certificate");
>> > BIO *bio = NULL;
>> > bio = BIO_new_file(CAfile, "r");
>> > xca = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL);
>> > BIO_free(bio);
>> >
>> > upkey = X509_get0_pubkey(xca);
>> >
>> > char CAkeyile[] = "ca.key";
>> > int CAkeyformat = 5; //FORMAT_PEM
>> > char passin[] = "xyz";
>> >
>> > ENGINE *e = NULL;
>> > EVP_PKEY * CApkey = NULL;
>> > //CApkey = load_key(CAkeyfile, CAkeyformat, 0, passin, e, "CA
>> > Private Key");
>> > bio = BIO_new_file(CAkeyile, "r");
>> > CApkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, passin);
>> > BIO_free(bio);
>> >
>> > EVP_PKEY_copy_parameters(upkey, CApkey);
>> >
>> > X509_STORE *ctx = NULL;
>> > ctx = X509_STORE_new();
>> >
>> > X509_STORE_CTX *xsc = NULL;
>> > xsc = X509_STORE_CTX_new();
>> > if (xsc == NULL || !X509_STORE_CTX_init(xsc, ctx, crt, NULL));
>> >
>> > ASN1_INTEGER *serialno = NULL;
>> > serialno = ASN1_INTEGER_new();
>> > BIGNUM *btmp = NULL;
>> > btmp = BN_new();
>> >
>> > # define SERIAL_RAND_BITS 159
>> > if (!BN_rand(btmp, SERIAL_RAND_BITS, BN_RAND_TOP_ANY,
>> > BN_RAND_BOTTOM_ANY));
>> > if (!BN_to_ASN1_INTEGER(btmp, serialno));
>> > BN_free(btmp);
>> >
>> > X509_STORE_CTX_set_cert(xsc, crt);
>> > X509_STORE_CTX_set_flags(xsc, X509_V_FLAG_CHECK_SS_SIGNATURE);
>> >
>> > if (!X509_check_private_key(xca, CApkey)) ;
>> >
>> > if (!X509_set_issuer_name(crt, X509_get_subject_name(xca)));
>> > if (!X509_set_serialNumber(crt, serialno));
>> >
>> > int days = 365;
>> > if (X509_time_adj_ex(X509_getm_notAfter(crt), days, 0, NULL) ==
>> > NULL);
>> >
>> > const char digestname[] = "sha256";
>> > const EVP_MD* md = EVP_get_digestbyname(digestname);
>> > EVP_MD_CTX *mctx = EVP_MD_CTX_new();
>> > EVP_PKEY_CTX *pkctx = NULL;
>> > EVP_DigestSignInit(mctx, &pkctx, md, NULL, CApkey); //ist CApkey
>> > hier der richtige private Key? sollte eigentlich
>> > int rv = (X509_sign_ctx(crt, mctx) > 0);
>> > EVP_MD_CTX_free(mctx);
>> >
>> > BIO *out = NULL;
>> > out = BIO_new_file("test_certificate.pem", "w");
>> > PEM_write_bio_X509(out, crt);
>> > BIO_free_all(out);
>> >
>> > ...some more frees ...
>> > return crt;
>> > }
>> >
> --
> Tom?? Mr?z
> No matter how far down the wrong road you've gone, turn back.
> Turkish proverb
> [You'll know whether the road is wrong if you carefully listen to your
> conscience.]
>
>
>
>
> ------------------------------
>
> Message: 4
> Date: Thu, 10 Dec 2020 12:16:11 +0000
> From: Matt Caswell <[hidden email] <mailto:[hidden email]>>
> To: "Narayana, Sunil Kumar" <[hidden email]
> <mailto:[hidden email]>>,
> "[hidden email] <mailto:[hidden email]>"
> <[hidden email] <mailto:[hidden email]>>
> Subject: Re: DH_generate_key
> Message-ID: <[hidden email]
> <mailto:[hidden email]>>
> Content-Type: text/plain; charset=utf-8
>
>
>
> On 09/12/2020 15:31, Matt Caswell wrote:
>>> our application creates a new DH and using DH_generate_key()
>>
>> How do you set up the DH parameters? Do you load them from a file or
>> generate them in your application? Or some other way? Will it break your
>> application if you swap to using different parameters, or must you
>> retain support for the old ones?
>>
>> The first step is to create an EVP_PKEY object containing the DH
>> parameters. How to do that depends on the answers to the above questions.
>
> Sunil emailed me directly (off list) and provided some code samples.
>
> So you have some fixed "p" and "g" parameter values defined as static
> unsigned char arrays, which you are currently converting to BIGNUMs
> using "BN_bin2bn", and then assigning to "dh->p" and "dh->g" respectively.
>
> The "g" value is just "2", so in the 3.0 equivalent you don't need to
> convert that to a BIGNUM first. Some equivalent code to construct a DH
> params object (called "param_key" in the code below) is:
>
>
> EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL);
> OSSL_PARAM_BLD *tmpl = NULL;
> OSSL_PARAM *params = NULL;
> EVP_PKEY *param_key = NULL;
>
> if (pctx == NULL || !EVP_PKEY_key_fromdata_init(pctx))
> goto err;
>
> if ((tmpl = OSSL_PARAM_BLD_new()) == NULL
> || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_P, p)
> || !OSSL_PARAM_BLD_push_uint(tmpl, OSSL_PKEY_PARAM_FFC_G, 2))
> goto err;
>
> params = OSSL_PARAM_BLD_to_param(tmpl);
> if (params == NULL || !EVP_PKEY_fromdata(pctx, &param_key, params))
> goto err;
> err:
> EVP_PKEY_CTX_free(pctx);
> OSSL_PARAM_BLD_free_params(params);
> OSSL_PARAM_BLD_free(tmpl);
>
>
> You can then generate the key using the code sample I gave in my
> previous email:
>
> EVP_PKEY *key = NULL;
> EVP_PKEY_CTX *gctx = EVP_PKEY_CTX_new_from_pkey(NULL, param_key, NULL);
>
> EVP_PKEY_keygen_init(gctx);
> EVP_PKEY_gen(gctx, &key);
> EVP_PKEY_print_private(bio_out, key, 0, NULL);
> ...
> EVP_PKEY_free(key);
> EVP_PKEY_CTX_free(gctx);
>
>
>
> Hope that helps,
>
> Matt
>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> openssl-users mailing list
> [hidden email] <mailto:[hidden email]>
> https://mta.openssl.org/mailman/listinfo/openssl-users
>
>
> ------------------------------
>
> End of openssl-users Digest, Vol 73, Issue 9
> ********************************************
>
>
>
> ------------------------------------------------------------------------
> Notice: This e-mail together with any attachments may contain
> information of Ribbon Communications Inc. that is confidential and/or
> proprietary for the sole use of the intended recipient. Any review,
> disclosure, reliance or distribution by others or forwarding without
> express permission is strictly prohibited. If you are not the intended
> recipient, please notify the sender immediately and then delete all
> copies, including any attachments.
> ------------------------------------------------------------------------