Re: Setting a group to an existing EVP_PKEY in OpenSSL 3

2022-10-25 Thread Matt Caswell 




On 25/10/2022 00:21, Kory Hamzeh wrote:

I haven’t done exactly what you are trying, but something similar.

  See EVP_PKEY_set_params:

https://www.openssl.org/docs/man3.0/man3/EVP_PKEY_set_params.html 



The specific parm to set the group could be set like this:

  OSSL_PARAM_BLD_push_utf8_string(param_bld, "group",
                                             curve, 0;




"group" is not a "settable" parameter for EC keys. You can "get" it. You 
can import it (using EVP_PKEY_from_data()). You can export it (using 
EVP_PKEY_to_data()). But you can't "set" it.


The group is immutable once the key is created.

It really doesn't make sense to change the group of a key from one thing 
to another. None of the rest of the parameters would be valid if the 
group changed.



On 25/10/2022 00:35, Martin via openssl-users wrote:
> Thanks for your response. I want to preserve the rest of the EC public
> key params. I did this. I haven’t test yet.

Preserving the rest of the EC public key params doesn't make sense. If 
the group has changed the key is no longer valid. Just create a new key 
instead.


Matt

RE: Setting a group to an existing EVP_PKEY in OpenSSL 3

2022-10-24 Thread Martin via openssl-users 
Kory,

 

Thanks for your response. I want to preserve the rest of the EC public key 
params. I did this. I haven’t test yet.

 

OSSL_PARAM* extracted_params = NULL;

char curve_name[64];

OSSL_PARAM* param_ecgroup = NULL;

 

// sigkey is the EVP_PKEY ECDSA public key

 

 

if (EVP_PKEY_todata(sigkey, EVP_PKEY_PUBLIC_KEY, &extracted_params) == 0)

{

   // error 

}

curve_name = OSSL_EC_curve_nid2name(nid));

if (curve_name == NULL)

{

// error

}

if ((param_ecgroup = OSSL_PARAM_locate(params, "group")) != NULL)

{

   OSSL_PARAM_set_utf8_string(param_ecgroup, curve_name);

}

else

{

   // error

}

 

Martin

 

From: Kory Hamzeh  
Sent: Monday, October 24, 2022 7:22 PM
To: amar...@xtec.com
Cc: openssl-users@openssl.org
Subject: Re: Setting a group to an existing EVP_PKEY in OpenSSL 3

 

I haven’t done exactly what you are trying, but something similar.

 

 See EVP_PKEY_set_params:

 

https://www.openssl.org/docs/man3.0/man3/EVP_PKEY_set_params.html

 

The specific parm to set the group could be set like this:

 

 OSSL_PARAM_BLD_push_utf8_string(param_bld, "group",  

curve, 0;

 

 

 

Please note that that I have not tested the above code as my code uses 
key-from-data. But I think it should work.

 





On Oct 24, 2022, at 2:31 PM, Martin via openssl-users 
mailto:openssl-users@openssl.org> > wrote:

 

Hi,

 

How can I set a GROUP to an existing EC type EVP_PKEY in OpenSSL 3?

 

In 1.0.2 I was using this code having the EC_KEY:

 

EC_KEY_set_group(eckey, EC_GROUP_new_by_curve_name(nid));

 

In OpenSSL 3 still EC_GROUP_new_by_curve_name(nid) can be used, but I don’t 
know how to go from that to set it on the existing key.

 

 

Thanks,

 

Martin

Re: Setting a group to an existing EVP_PKEY in OpenSSL 3

2022-10-24 Thread Kory Hamzeh 
I haven’t done exactly what you are trying, but something similar.

 See EVP_PKEY_set_params:

https://www.openssl.org/docs/man3.0/man3/EVP_PKEY_set_params.html 


The specific parm to set the group could be set like this:

 OSSL_PARAM_BLD_push_utf8_string(param_bld, "group",  
curve, 0;



Please note that that I have not tested the above code as my code uses 
key-from-data. But I think it should work.


> On Oct 24, 2022, at 2:31 PM, Martin via openssl-users 
>  wrote:
> 
> Hi,
>  
> How can I set a GROUP to an existing EC type EVP_PKEY in OpenSSL 3?
>  
> In 1.0.2 I was using this code having the EC_KEY:
>  
> EC_KEY_set_group(eckey, EC_GROUP_new_by_curve_name(nid));
>  
> In OpenSSL 3 still EC_GROUP_new_by_curve_name(nid) can be used, but I don’t 
> know how to go from that to set it on the existing key.
>  
>  
> Thanks,
>  
> Martin

Setting a group to an existing EVP_PKEY in OpenSSL 3

2022-10-24 Thread Martin via openssl-users 
Hi,

 

How can I set a GROUP to an existing EC type EVP_PKEY in OpenSSL 3?

 

In 1.0.2 I was using this code having the EC_KEY:

 

EC_KEY_set_group(eckey, EC_GROUP_new_by_curve_name(nid));

 

In OpenSSL 3 still EC_GROUP_new_by_curve_name(nid) can be used, but I don't
know how to go from that to set it on the existing key.

 

 

Thanks,

 

Martin