On Thu, Jan 23, 2014 at 02:06:53PM +0100, Dr. Stephen Henson wrote:

> On Wed, Jan 22, 2014, wizzbert wrote:
> 
> You need to set the EC_KEY to use the named curve option which isn't the
> default. You can do that with:
> 
> EC_KEY_set_asn1_flag(eckey, OPENSSL_EC_NAMED_CURVE);

I think the below also works:

    EVP_PKEY *key = 0;
    EC_KEY *eckey;
    EC_GROUP *group = 0;

    if ((eckey = EC_KEY_new()) != 0
        && (group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)) != 0
        && (EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE),
            EC_KEY_set_group(eckey, group))
        && EC_KEY_generate_key(eckey)
        && (key = EVP_PKEY_new()) != 0
        && !EVP_PKEY_set1_EC_KEY(key, eckey)) {
        EVP_PKEY_free(key);
        key = 0;
    }
    if (group)
        EC_GROUP_free(group);
    if (eckey)
        EC_KEY_free(eckey);

This is currently used in Postfix DANE support, but the key is never
included in any externally visible certificate.

-- 
        Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to