On Fri, Nov 08, 2013 at 01:37:21PM +0200, Serhat Sevki Dincer wrote:
> On windows 7 with OpenSSL 1.0.1e, I get the following output:
>
> $ openssl.exe genpkey -out priv.pem -aes128 -algorithm EC -pkeyopt
> ec_paramgen_curve:secp224r1
>
> parameter setting error 3512:error:06089094:digital envelope
> routines:EVP_PKEY_CTX_ctrl:invalid operation:.\crypto\evp\pmeth_lib.c:404
>
> Is this a bug? what's the correct commandline?
This is a bug, it is fixed on the OpenSSL master branch. The fix for
1.0.1e is to apply the same change.
diff --git a/crypto/ec/ec.h b/crypto/ec/ec.h
index dfe8710..50cf8c1 100644
--- a/crypto/ec/ec.h
+++ b/crypto/ec/ec.h
@@ -960,7 +960,8 @@ int EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off);
#endif
#define EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid) \
- EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, EVP_PKEY_OP_PARAMGEN, \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+ EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN, \
EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, nid, NULL)
If someone on OpenSSL team adopts the above, they may as well also
apply the below fix which silences a compiler warning about a
potentially uninitialized variable 'i'
diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
index 5a421fc..f562181 100644
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -477,13 +477,12 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char
*data, long *plen,
EVP_CIPHER_CTX_cleanup(&ctx);
OPENSSL_cleanse((char *)buf,sizeof(buf));
OPENSSL_cleanse((char *)key,sizeof(key));
- j+=i;
if (!o)
{
PEMerr(PEM_F_PEM_DO_HEADER,PEM_R_BAD_DECRYPT);
return(0);
}
- *plen=j;
+ *plen=j + i;
return(1);
}
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
