EVP_PKEY_get_int_param is not getting degree from EC key

Wolf <wolf@xxxxxxxxxxx> · Mon, 3 Jan 2022 01:51:02 +0100

Greetings,

I'm trying to port my program to openssl 3.0 and in the process I need
to replace EC_GROUP_get_degree(EC_KEY_get0_group(ec)) with something
that is not deprecated. I'm trying to use EVP_PKEY_get_int_param with
OSSL_PKEY_PARAM_EC_CHAR2_M, however it does not work. I'm assuming I'm
just doing something wrong, but have no idea what. Would there be any
kind soul willing to point me in the right direction?

I've managed to boil my issue down to this pretty simple reproduction:

#include <stdio.h>
#include <string.h>
#include <err.h>

#include <openssl/core_names.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
#include <openssl/rand.h>
#include <openssl/rsa.h>

#define ECCTYPE NID_secp384r1

#define ERR(...) do { warnx(__VA_ARGS__); exit(1); } while(0)

int
main(void)
{
	int degree = 0;
	const char *curve_name;
	EVP_PKEY *pkey = 0;
	const OSSL_PARAM *params = 0;

	if (!(curve_name = OSSL_EC_curve_nid2name(ECCTYPE)))
		ERR("OSSL_EC_curve_nid2name");

	if (!(pkey = EVP_EC_gen(curve_name)))
		ERR("EVP_EC_gen");

	if (!(params = EVP_PKEY_gettable_params(pkey)))
		ERR("EVP_PKEY_gettable_params");

	for (; params->key; params++)
		fprintf(stderr, "Param: `%s'\n", params->key);

	if (!EVP_PKEY_get_int_param(pkey, OSSL_PKEY_PARAM_EC_CHAR2_M, &degree))
		ERR("EVP_PKEY_get_int_param");

	return 0;
}

Compiled with:

	$ gcc -L/tmp/openssl-3.0/install/lib \
		-Wl,-rpath /tmp/openssl-3.0/install/lib \
		-I/tmp/openssl-3.0/install/include /x/repro.c -lssl -lcrypto

Output is:

	$ ./a.out
	Param: `bits'
	Param: `security-bits'
	Param: `max-size'
	Param: `default-digest'
	Param: `encoded-pub-key'
	Param: `decoded-from-explicit'
	Param: `group'
	Param: `encoding'
	Param: `point-format'
	Param: `field-type'
	Param: `p'
	Param: `a'
	Param: `b'
	Param: `generator'
	Param: `order'
	Param: `cofactor'
	Param: `seed'
	Param: `m'
	Param: `basis-type'
	Param: `tp'
	Param: `k1'
	Param: `k2'
	Param: `k3'
	Param: `pub'
	Param: `qx'
	Param: `qy'
	Param: `priv'
	Param: `use-cofactor-flag'
	Param: `include-public'
	a.out: EVP_PKEY_get_int_param

I see that the `m' is present in the parameters, and I've verified that
params->data_type matches OSSL_PARAM_INTEGER, so I'm out of idea why
EVP_PKEY_get_int_param fails to retrieve the value.

Thanks for any help,

W.

-- 
There are only two hard things in Computer Science:
cache invalidation, naming things and off-by-one errors.
Attachment:
signature.asc

Description: PGP signature