2023年7月4日 20:11:32go评论77阅读模式

英文:

Migrating from OpenSSL 1.0.2 to 3.0.8: i2d_ECPKParameters returns no parameters except curve name

问题

在将我的代码从openssl 1.0.1迁移到3.0.8时，我遇到了这个问题。
当我通过曲线名称创建一个EC_GROUP时，如果我链接openssl 3.0.8，得到的数据基本上是空的。
如果使用openssl 1.0.2，EC_GROUP将填充以下值。
对于所有曲线，都是相同的行为。

从1.0.2迁移代码时，我是否漏掉了什么？
谢谢！

#include <iostream>
#include <vector>
#include <openssl/bio.h>
#include <openssl/dh.h>
#include <openssl/ec.h>
#include <openssl/obj_mac.h>
#include <openssl/evp.h>

int main(int /*argc*/, char* /*argv*/[])
{
    OpenSSL_add_all_digests();
    OpenSSL_add_all_algorithms();

    std::vector<unsigned char> oArr;
    oArr.resize(1000);
    unsigned char* out1 = &oArr[0];
    int size = i2d_ECPKParameters(group, &out1);
    oArr.resize(size);

    BIO* bio = BIO_new(BIO_s_mem());
    ECPKParameters_print(bio, group, 0);
    char buffer[1024];
    memset(buffer, 0, 1024);
    BIO_read(bio, buffer, 1024 - 1);
    std::string sBio(buffer);
    std::cout << sBio << std::endl;
    BIO_free(bio);
}

Output on openssl 3.0.8:
'ASN1 OID: secp112r1'

Output on openssl 1.0.2:
'Field Type: prime-field
Prime:
    00:db:7c:2a:bf:62:e3:5e:66:80:76:be:ad:20:8b
A:
    61:27:c2:4c:05:f3:8a:0a:aa:f6:5c:0e:f0:2c
B:
    51:de:f1:81:5d:b5:ed:74:fc:c3:4c:85:d7:09
Generator (uncompressed):
    04:4b:a3:0a:b5:e8:92:b4:e1:64:9d:d0:92:86:43:
    ad:cd:46:f5:88:2e:37:47:de:f3:6e:95:6e:97
Order:'

英文:

While migrating my code from openssl 1.0.1 to 3.0.8 I came across this issue.
When I create an EC_GROUP by the curve name, the resulting data is basically empty if I link openssl 3.0.8.
If openssl 1.0.2 is used, the EC_GROUP is filled with the values below.
This the same behaviour for all curves.

Is there anything I am missing when migrating the code from 1.0.2?
Thank you!

#include &lt;iostream&gt;
#include &lt;vector&gt;
#include &lt;openssl/bio.h&gt;
#include &lt;openssl/dh.h&gt;
#include &lt;openssl/ec.h&gt;
#include &lt;openssl/obj_mac.h&gt;
#include &lt;openssl/evp.h&gt;

int main(int /*argc*/, char* /*argv*/[])
{
	OpenSSL_add_all_digests();
	OpenSSL_add_all_algorithms();

    std::vector&lt;unsigned char&gt; oArr;
	oArr.resize(1000);
	unsigned char* out1 = &amp;oArr[0];
	int size = i2d_ECPKParameters(group, &amp;out1);
	oArr.resize(size);

	BIO* bio = BIO_new(BIO_s_mem());
	ECPKParameters_print(bio, group, 0);
	char buffer[1024];
	memset(buffer, 0, 1024);
	BIO_read(bio, buffer, 1024 - 1);
	std::string sBio(buffer);
	std::cout &lt;&lt; sBio &lt;&lt; std::endl;
	BIO_free(bio); 
}

Output on openssl 3.0.8:
&#39;ASN1 OID: secp112r1&#39;

Output on openssl 1.0.2:
&#39;Field Type: prime-field
Prime:
    00:db:7c:2a:bf:62:e3:5e:66:80:76:be:ad:20:8b
A:
    61:27:c2:4c:05:f3:8a:0a:aa:f6:5c:0e:f0:2c
B:
    51:de:f1:81:5d:b5:ed:74:fc:c3:4c:85:d7:09
Generator (uncompressed):
    04:4b:a3:0a:b5:e8:92:b4:e1:64:9d:d0:92:86:43:
    ad:cd:46:f5:88:2e:37:47:de:f3:6e:95:6e:97
Order:&#39;

答案1

得分: 2

"When I create an EC_GROUP by the curve name, the resulting data is basically empty"
当我使用曲线名称创建EC_GROUP时，生成的数据基本上是空的

"It's not empty - its using the 'named curve' form of parameters as opposed to explicit parameters. This is just an alternative format."
它不是空的 - 它使用的是“命名曲线”参数形式，而不是显式参数。这只是一种替代格式。

"This behaviour is controlled by the 'asn1_flag' setting on the group. See the functions EC_GROUP_set_asn1_flag() and EC_GROUP_get_asn1_flag()."
这种行为由组上的'asn1_flag'设置控制。请参阅函数EC_GROUP_set_asn1_flag()和EC_GROUP_get_asn1_flag()。

"From the man page:"
来自手册页：

"The asn1_flag value is used to determine whether the curve encoding uses explicit parameters or a named curve using an ASN1 OID: many applications only support the latter form. If asn1_flag is OPENSSL_EC_NAMED_CURVE then the named curve form is used and the parameters must have a corresponding named curve NID set. If asn1_flags is OPENSSL_EC_EXPLICIT_CURVE the parameters are explicitly encoded. The functions EC_GROUP_get_asn1_flag() and EC_GROUP_set_asn1_flag() get and set the status of the asn1_flag for the curve. Note: OPENSSL_EC_EXPLICIT_CURVE was added in OpenSSL 1.1.0, for previous versions of OpenSSL the value 0 must be used instead. Before OpenSSL 1.1.0 the default form was to use explicit parameters (meaning that applications would have to explicitly set the named curve form) in OpenSSL 1.1.0 and later the named curve form is the default."
asn1_flag值用于确定曲线编码是否使用显式参数还是使用ASN1 OID的命名曲线：许多应用程序只支持后者的形式。如果asn1_flag是OPENSSL_EC_NAMED_CURVE，那么将使用命名曲线形式，并且参数必须设置相应的命名曲线NID。如果asn1_flags是OPENSSL_EC_EXPLICIT_CURVE，则参数是显式编码的。函数EC_GROUP_get_asn1_flag()和EC_GROUP_set_asn1_flag()用于获取和设置曲线的asn1_flag状态。注意：OPENSSL_EC_EXPLICIT_CURVE在OpenSSL 1.1.0中添加，对于早期版本的OpenSSL，必须使用值0。在OpenSSL 1.1.0及以后的版本中，命名曲线形式是默认形式。

"So, 1.0.2, is defaulting to use explicit parameters and later versions default to the named curve form."
因此，1.0.2版本默认使用显式参数，而较新版本默认使用命名曲线形式。

"Note that you rarely want to use explicit parameters. In most cases named curve parameters are the right answer."
请注意，您很少希望使用显式参数。在大多数情况下，命名曲线参数是正确的答案。

英文:

> When I create an EC_GROUP by the curve name, the resulting data is basically empty

It's not empty - its using the "named curve" form of parameters as opposed to explicit parameters. This is just an alternative format.

This behaviour is controlled by the "asn1_flag" setting on the group. See the functions EC_GROUP_set_asn1_flag() and EC_GROUP_get_asn1_flag().

https://www.openssl.org/docs/man3.0/man3/EC_GROUP_set_asn1_flag.html

From the man page:

> The asn1_flag value is used to determine whether the curve encoding uses
explicit parameters or a named curve using an ASN1 OID: many applications only
support the latter form. If asn1_flag is OPENSSL_EC_NAMED_CURVE then the
named curve form is used and the parameters must have a corresponding
named curve NID set. If asn1_flags is OPENSSL_EC_EXPLICIT_CURVE the
parameters are explicitly encoded. The functions EC_GROUP_get_asn1_flag() and
EC_GROUP_set_asn1_flag() get and set the status of the asn1_flag for the curve.
Note: OPENSSL_EC_EXPLICIT_CURVE was added in OpenSSL 1.1.0, for
previous versions of OpenSSL the value 0 must be used instead. Before OpenSSL
1.1.0 the default form was to use explicit parameters (meaning that
applications would have to explicitly set the named curve form) in OpenSSL
1.1.0 and later the named curve form is the default.

So, 1.0.2, is defaulting to use explicit parameters and later versions default to the name curve form.

Note that you rarely want to use explicit parameters. In most cases named curve parameters is the right answer.

通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库，让每个人都能够通过互相帮助和分享经验来进步。

Migrating from OpenSSL 1.0.2 to 3.0.8: i2d_ECPKParameters returns no parameters except curve name.

问题

答案1

如何在全局范围内在C++中存储线程特定数据？

Save data from HANDLE to a file and load data from file to a HANDLE without data loss

Blowfish在OpenSSL和Golang之间的结果不同。

除了 `std::vector` 之外，是否有一种不复制和销毁类元素的标准容器？

What's the correct way to type hint an empty list as a literal in python?

如何在Highcharts Gantt中更改本地化的星期名称

如何在同一个流中使用多个过滤器和映射函数？

如何使用Map/Set来将代码优化到O(n)？

.NET MAUI Android在GitHub Actions上构建失败，错误代码为1。

如何在Playwright视觉比较中屏蔽多个定位器？

在C++中，可以使用可变模板参数来检索类型的内部类型。

selenium.common.exceptions.StaleElementReferenceException: Message: stale element reference: stale element not found

Creating and opening a URL to log in to Website via Basic Auth with Robot Framework/Selenium (Python)

AG Grid 在上下文菜单中以大文本形式打开

发表评论