On Thu, Jan 23, 2014, Viktor Dukhovni wrote:
> On Thu, Jan 23, 2014 at 02:06:53PM +0100, Dr. Stephen Henson wrote:
>
> > On Wed, Jan 22, 2014, wizzbert wrote:
> >
> > You need to set the EC_KEY to use the named curve option which isn't the
> > default. You can do that with:
> >
> > EC_KEY_set_asn1_flag(eckey, OPENSSL_EC_NAMED_CURVE);
>
> I think the below also works:
>
> if ((eckey = EC_KEY_new()) != 0
> && (group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)) != 0
> && (EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE),
> EC_KEY_set_group(eckey, group))
> && EC_KEY_generate_key(eckey)
> && (key = EVP_PKEY_new()) != 0
> && !EVP_PKEY_set1_EC_KEY(key, eckey)) {
> EVP_PKEY_free(key);
> key = 0;
> }
> if (group)
> EC_GROUP_free(group);
> if (eckey)
> EC_KEY_free(eckey);
>
> This is currently used in Postfix DANE support, but the key is never
> included in any externally visible certificate.
>
Yes that also works. You can set the flag in the EC_GROUP or the EC_KEY
structure.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
