On Fri, Nov 08, 2013 at 01:37:21PM +0200, Serhat Sevki Dincer wrote: > On windows 7 with OpenSSL 1.0.1e, I get the following output: > > $ openssl.exe genpkey -out priv.pem -aes128 -algorithm EC -pkeyopt > ec_paramgen_curve:secp224r1 > > parameter setting error 3512:error:06089094:digital envelope > routines:EVP_PKEY_CTX_ctrl:invalid operation:.\crypto\evp\pmeth_lib.c:404 > > Is this a bug? what's the correct commandline?
This is a bug, it is fixed on the OpenSSL master branch. The fix for 1.0.1e is to apply the same change. diff --git a/crypto/ec/ec.h b/crypto/ec/ec.h index dfe8710..50cf8c1 100644 --- a/crypto/ec/ec.h +++ b/crypto/ec/ec.h @@ -960,7 +960,8 @@ int EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off); #endif #define EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid) \ - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN, \ EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, nid, NULL) If someone on OpenSSL team adopts the above, they may as well also apply the below fix which silences a compiler warning about a potentially uninitialized variable 'i' diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index 5a421fc..f562181 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -477,13 +477,12 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen, EVP_CIPHER_CTX_cleanup(&ctx); OPENSSL_cleanse((char *)buf,sizeof(buf)); OPENSSL_cleanse((char *)key,sizeof(key)); - j+=i; if (!o) { PEMerr(PEM_F_PEM_DO_HEADER,PEM_R_BAD_DECRYPT); return(0); } - *plen=j; + *plen=j + i; return(1); } -- Viktor. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org