> From: owner-openssl-...@openssl.org On Behalf Of redpath
> Sent: Tuesday, 04 September, 2012 09:27
> Testing the i2d_ECPrivateKey to buffer and then back d2i_ECPrivateKey
> and it fails. I checked the forum and one guy was passing NULL at least I
> missed that mistake but thats not my issue.
>
> Since I want to save the random generated key to use for private and
> also I will do this for public. The public works though back
> and forth. So where em I going wrong?
>
>
> int main(int argc, char **args){
> long avail;
> FILE *fp;
> EC_KEY *eckey = EC_KEY_new(); //allocate a EC_KEY for private
> signing and public verify
>
> int ret=
> EC_KEY_set_group(eckey,EC_GROUP_new_by_curve_name(NID_secp192k1) );
> //Select the curve name
> if (!ret){
> printf("error set group\n");
> return 1;
> }
>
Whenever an OpenSSL routine returns an error indication (0 for boolean,
<0 for count-like, and null for pointer) you should look at the error
queue: http://www.openssl.org/support/faq.html#PROG6
(Although this particular call shouldn't fail.)
> if (!EC_KEY_generate_key(eckey)){ //Pick some random private and
> public keys
> printf("error generate key\n");
> return 1;
> }
>
> /**
> Okay now get that private key bytes
> ***/
>
> len= i2d_ECPrivateKey(eckey,NULL);
> printf("PRIVATE KEY LENGTH is %d \n",len);
> buf = OPENSSL_malloc(len); // malloc(len);
> memset(buf,0, len);
> ret= i2d_ECPrivateKey(eckey,&buf);
> if (!ret){
> printf("Private key to DER failed now WHAT?\n");
> return 1;
> }
>
Aside: memset isn't needed.
> //dumpy them let see what it is out of curiosity
>
> printf("PRIVATE KEY is success\n");
> for (int i=0; i<len; i++)
> printf("%X ",buf[i]);
> printf("\n\n");
>
Aside: fixed-width %02X (or %02x) is more usual.
But buf is wrong at this point, see below.
> //Now lets see if this is valid and convert it back
> //
> eckey = d2i_ECPrivateKey(&eckey, (const unsigned char
> **)&buf, len);
> if (eckey==NULL){
> printf("going back failed DER to i \n");
> return 1;
> }
>
i2d_anything(,&ptr) moves the pointer past the output data,
so at this point buf is pointing at garbage. To do d2i,i2d
in the same stretch of code (which is unusual) you need to
save the original pointer value and (re)use that.
> return 0;
> }
>
There are no i2d/d2i for ECPublicKey, but the similar i2o/o2i
behave in the same fashion and should have given you the same
problem. Although there is less redundancy in the publickey
encoded value (only a few bits in the flag byte, everything else
is just a bignum and any value appears valid) so maybe you just
didn't notice the error. If the output and input are in different
routines, or different programs, as is their normal use, you will
use different pointer variable and they work.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
