Hi Matt,
your suggestion was very helpful, with your help I moved little forward and
blocked again.
Below code snippet I'm working on,
PEM_read_bio_DHparams and PEM_read_bio_DSAparams reading DH params and DSA
params separately, how do I read separately with PEM_read_bio_Parameters_ex.
or
Can I modify the code to read bio in one Strech using
PEM_read_bio_Parameters_ex and update SSL_set_tmp_dh directly.
Please let me know your views.
Thanks,
Shivakumar
////////////////////////////////////////////////////////////////
#ifdef OPENSSL_NO_DH
if (dh_file == NULL)
return 0;
wpa_printf(MSG_ERROR, "TLS: openssl does not include DH support, but "
"dh_file specified");
return -1;
#else /* OPENSSL_NO_DH */
DH *dh;
BIO *bio;
/* TODO: add support for dh_blob */
if (dh_file == NULL)
return 0;
if (conn == NULL)
return -1;
bio = BIO_new_file(dh_file, "r");
if (bio == NULL) {
wpa_printf(MSG_INFO, "TLS: Failed to open DH file '%s': %s",
dh_file, ERR_error_string(ERR_get_error(), NULL));
return -1;
}
dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
BIO_free(bio);
#ifndef OPENSSL_NO_DSA
while (dh == NULL) {
DSA *dsa;
wpa_printf(MSG_DEBUG, "TLS: Failed to parse DH file '%s': %s -"
" trying to parse as DSA params", dh_file,
ERR_error_string(ERR_get_error(), NULL));
bio = BIO_new_file(dh_file, "r");
if (bio == NULL)
break;
dsa = PEM_read_bio_DSAparams(bio, NULL, NULL, NULL);
BIO_free(bio);
if (!dsa) {
wpa_printf(MSG_DEBUG, "TLS: Failed to parse DSA file "
"'%s': %s", dh_file,
ERR_error_string(ERR_get_error(), NULL));
break;
}
wpa_printf(MSG_DEBUG, "TLS: DH file in DSA param format");
dh = DSA_dup_DH(dsa);
DSA_free(dsa);
if (dh == NULL) {
wpa_printf(MSG_INFO, "TLS: Failed to convert DSA "
"params into DH params");
break;
}
break;
}
#endif /* !OPENSSL_NO_DSA */
if (dh == NULL) {
wpa_printf(MSG_INFO, "TLS: Failed to read/parse DH/DSA file "
"'%s'", dh_file);
return -1;
////////////////////////////////////////////////////////////////
________________________________
From: openssl-users <openssl-users-boun...@openssl.org> on behalf of Matt
Caswell <m...@openssl.org>
Sent: Monday, November 29, 2021 8:40 PM
To: openssl-users@openssl.org <openssl-users@openssl.org>
Subject: [EXTERNAL] Re: Need Replacement for Deprecated function.
On 29/11/2021 12:35, Shivakumar Poojari wrote:
> Hi All,
>
> We are upgrading our code to openssl 3.0.
>
> Need Replacement for below Deprecated function.
>
> SSL_use_RSAPrivateKey_ASN1();
Use SSL_use_PrivateKey_ASN1();
> PEM_read_bio_DHparams();
> PEM_read_bio_DSAparams();
Use PEM_read_bio_Parameters_ex() for these two.
> DSA_dup_DH();
There is no replacement for this. Why do you need it? Generally this is
a bad idea.
If you really need to do it there is a workaround:
https://clicktime.symantec.com/3RFqPpzm8EUTsqiRi1524Xo6H2?u=https%3A%2F%2Fgithub.com%2Fopenssl%2Fopenssl%2Fblob%2Fbc42cf51c8b2a22282bb3cdf6303e230dc7b7873%2Fapps%2Fdhparam.c%23L352-L400
> DSA_free();
You shouldn't need to call this anymore because you shouldn't have any
DSA objects anymore. Instead you should only be using EVP_PKEY objects.
To free those you use EVP_PKEY_free();
> SSL_set_tmp_dh();
SSL_set0_tmp_dh_pkey(). Although you might be able to just remove it
completely. These functions set the DH parameters to a specific set of
values. Mostly you can instead just use the default built-in ones.
> DH_free();
As per DSA_free();
> SSL_CTX_set_tmp_dh();
SSL_CTX_set0_tmp_dh_pkey() - but same comments as for SSL_set_tmp_dh()
apply.
Matt
>
> I'm not able to find proper replacement, Please help me out
>
> Thanks,
> Shiva Kumar
>
>
>
>
> Notice: This e-mail together with any attachments may contain
> information of Ribbon Communications Inc. and its Affiliates that is
> confidential and/or proprietary for the sole use of the intended
> recipient. Any review, disclosure, reliance or distribution by others or
> forwarding without express permission is strictly prohibited. If you are
> not the intended recipient, please notify the sender immediately and
> then delete all copies, including any attachments.
Notice: This e-mail together with any attachments may contain information of
Ribbon Communications Inc. and its Affiliates that is confidential and/or
proprietary for the sole use of the intended recipient. Any review, disclosure,
reliance or distribution by others or forwarding without express permission is
strictly prohibited. If you are not the intended recipient, please notify the
sender immediately and then delete all copies, including any attachments.#ifdef OPENSSL_NO_DH
if (dh_file == NULL)
return 0;
wpa_printf(MSG_ERROR, "TLS: openssl does not include DH support, but "
"dh_file specified");
return -1;
#else /* OPENSSL_NO_DH */
DH *dh;
BIO *bio;
/* TODO: add support for dh_blob */
if (dh_file == NULL)
return 0;
if (conn == NULL)
return -1;
bio = BIO_new_file(dh_file, "r");
if (bio == NULL) {
wpa_printf(MSG_INFO, "TLS: Failed to open DH file '%s': %s",
dh_file, ERR_error_string(ERR_get_error(), NULL));
return -1;
}
dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
BIO_free(bio);
#ifndef OPENSSL_NO_DSA
while (dh == NULL) {
DSA *dsa;
wpa_printf(MSG_DEBUG, "TLS: Failed to parse DH file '%s': %s -"
" trying to parse as DSA params", dh_file,
ERR_error_string(ERR_get_error(), NULL));
bio = BIO_new_file(dh_file, "r");
if (bio == NULL)
break;
dsa = PEM_read_bio_DSAparams(bio, NULL, NULL, NULL);
BIO_free(bio);
if (!dsa) {
wpa_printf(MSG_DEBUG, "TLS: Failed to parse DSA file "
"'%s': %s", dh_file,
ERR_error_string(ERR_get_error(), NULL));
break;
}
wpa_printf(MSG_DEBUG, "TLS: DH file in DSA param format");
dh = DSA_dup_DH(dsa);
DSA_free(dsa);
if (dh == NULL) {
wpa_printf(MSG_INFO, "TLS: Failed to convert DSA "
"params into DH params");
break;
}
break;
}
#endif /* !OPENSSL_NO_DSA */
if (dh == NULL) {
wpa_printf(MSG_INFO, "TLS: Failed to read/parse DH/DSA file "
"'%s'", dh_file);
return -1;
