DH_compute_key () - replacement in 3.0

Mon, 14 Dec 2020 07:49:14 -0800 

Hi ,
While migrating from 1.0.2 to 3.0, we found that DH_compute_key () has be 
deprecated.
In the current  we are using the compute API as below

    dh->priv_key = BN_bin2bn(privateKey, octet_len, NULL);
    bn_publicKey = BN_bin2bn(publicKey, octet_len, NULL);
    rv = DH_compute_key(sharedSecret, bn_publicKey, dh);

to exactly replace this we are generating "pubparam_key/priparam_key"  using   
bn_publicKey/dh->priv_key  as below

OSSL_PARAM_BLD *pubparamsbld = NULL, priparamsbld = NULL;
OSSL_PARAM *pubparams = NULL, priparams = NULL;
EVP_PKEY *pubparam_key = NULL, *priparam_key = NULL;
EVP_PKEY_CTX *pubctx = NULL, *prictx = NULL;


pubparamsbld = OSSL_PARAM_BLD_new()
priparamsbld = OSSL_PARAM_BLD_new()

OSSL_PARAM_BLD_push_BN(pubparamsbld, OSSL_PKEY_PARAM_PUB_KEY, bn_publicKey)
OSSL_PARAM_BLD_push_BN(priparamsbld, OSSL_PKEY_PARAM_PRIV_KEY,bn_privateKey)

//build context
pubctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL);
prictx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL);

EVP_PKEY_key_fromdata_init(pubctx)
EVP_PKEY_key_fromdata_init(prictx)

pubparams = OSSL_PARAM_BLD_to_param(pubparamsbld);
EVP_PKEY_fromdata(pubctx, &pubparam_key, pubparams))

priparams = OSSL_PARAM_BLD_to_param(priparamsbld);
EVP_PKEY_fromdata(prictx, &priparam_key, priparams))

>From there, we are planning to use EVP_PKEY_derive_init, 
>EVP_PKEY_derive_set_peer, and EVP_PKEY_derive to get shared secret

Please suggest if any step is invalid or not necessary

Regards,
Sunil


-----------------------------------------------------------------------------------------------------------------------
Notice: This e-mail together with any attachments may contain information of 
Ribbon Communications Inc. that
is confidential and/or proprietary for the sole use of the intended recipient.  
Any review, disclosure, reliance or
distribution by others or forwarding without express permission is strictly 
prohibited.  If you are not the intended
recipient, please notify the sender immediately and then delete all copies, 
including any attachments.
-----------------------------------------------------------------------------------------------------------------------

Reply via email to