DH_generate_key

[Sands, Daniel]

Dear openssl team,

                While migrating from 1.0.2 to 3.0,  we found that DH_generate_key() has be deprecated. And as per the man page, it is advised to use EVP_PKEY_derive_init<https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_derive_init.html>  & EVP_PKEY_derive<https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_derive.html>
our application creates a new DH and using DH_generate_key() creates pub_key/priv_key and uses it. how can we replace this exactly with EVP.
And please suggest what EVP API’s should we use to generate pub/priv keys ?

Application code

    dh = DH_new();
    dh->p = BN_bin2bn(modSize, octet_len, NULL);
    dh->g = BN_bin2bn(H235Bits_generator, H235Bits_generator_len / 8, NULL);

    if ( ! DH_generate_key(dh) )
    {
        return FAILURE;
    }
    n = (unsigned) BN_num_bytes(dh->pub_key);

    BN_bn2bin(dh->pub_key, p);
    n = (unsigned) BN_num_bytes(dh->priv_key);


Instead above logic can we do this ? is derive generated pub/priv keys ?




The man page in section 7 (EVP_PKEY_DH) has examples for generating using safe primes or using probable primes.  Seems better since you don’t have to use the BN API anymore, but a little more complicated because you have to call OSSL_PARAM_construct_xxx for parameters and assign them to an array.

From there, you can use EVP_PKEY_derive_init, EVP_PKEY_derive_set_peer, and EVP_PKEY_derive to get your shared secret.  See apps/speed.c in the OSSL3 source code for an example.  Look for the text EVP_PKEY_DH
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201208/3c2fdbaf/attachment-0001.html>