Need Help to check DH_generate_key() functionality

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Dear OpenSSL Team,

 

While migrating to OpenSSL 3.0 we are facing issue with use of DH_generate_key(). Getting dh->pub_key NULL.

Logic used is as given below, I have omitted the error handling code.

 

  • p and g buffer is of type unsigned char *
  • p_len is 128 and g_len is 1.

 

              DH *dh;

dh = DH_new();

dh->params.p = BN_bin2bn(p, p_len, NULL);

dh->params.g = BN_bin2bn(g, g_len, NULL);

DH_generate_key(dh);

 

I have checked openssl man pages (https://www.openssl.org/docs/manmaster/man3/DH_generate_key.html).

According to which DH_generate_key() expects dh to contain the shared parameters p and g only, still not able to generate pub_key.

 

Tried solutions given on following links:

Approach 1:

https://github.com/openssl/openssl/issues/11108

              Used DH_new_by_nid() instead of DH_new() .

 

Approach 2:

We were skeptical about the values of p and g so tried setting valid values for p q and g using DH_set0_pqg().

 

BIGNUM *a = BN_bin2bn(p, p_len, NULL);

BIGNUM *b = BN_bin2bn(g, g_len, NULL);

DH_set0_pqg(dh, a, NULL, b);

 

But this did not help, as this set function does not change q value if NULL is passed.

We don’t have idea about what can be a valid value for q which we can set.

 

Approach 3:

Currently working on the solution given on this link, using EVP wrappers for DH key generation.  

https://www.mail-archive.com/openssl-users@xxxxxxxxxxx/msg88906.html

 

Please help to look into this and guide with possible solutions.

 

Thanks,

Priyanka

 

************* MEDIATEK Confidentiality Notice
 ********************
The information contained in this e-mail message (including any 
attachments) may be confidential, proprietary, privileged, or otherwise
exempt from disclosure under applicable laws. It is intended to be 
conveyed only to the designated recipient(s). Any use, dissemination, 
distribution, printing, retaining or copying of this e-mail (including its 
attachments) by unintended recipient(s) is strictly prohibited and may 
be unlawful. If you are not an intended recipient of this e-mail, or believe
 
that you have received this e-mail in error, please notify the sender 
immediately (by replying to this e-mail), delete any and all copies of 
this e-mail (including any attachments) from your system, and do not
disclose the content of this e-mail to any other person. Thank you!
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux