Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
EC_KEY_new_by_curve_name returns NULL
548 views
Skip to first unread message
Khuc, Chuong D.
May 22, 2012, 11:07:31 AM5/22/12
to
Hi,
I got a problem with
EC_KEY_new_by_curve_name: it always return NULL. Here is how I used it:
EC_KEY *eckey = EC_KEY_new_by_curve_name(NID_ecdsa_with_SHA256);
If(eckey == NULL)
{
printf("ERROR: NULL ECKEY!\r\n");
}
Do you happen to know the reason?
I got a problem with
EC_KEY_new_by_curve_name: it always return NULL. Here is how I used it:
EC_KEY *eckey = EC_KEY_new_by_curve_name(NID_ecdsa_with_SHA256);
If(eckey == NULL)
{
printf("ERROR: NULL ECKEY!\r\n");
}
Do you happen to know the reason?
Rick Lopes de Souza
May 22, 2012, 11:41:27 AM5/22/12
to
Well, acording to the method EC_GROUP_new_by_curve_name that is referenced by EC_KEY_new_by_curve_name():
"EC_GROUP* EC_GROUP_new_by_curve_name (int nid)
--
Rick Lopes de Souza
Mestrando em Ciências da Computação
LabSEC - UFSC
Gerente projeto ASI-HSM
"EC_GROUP* EC_GROUP_new_by_curve_name (int nid)
{
size_t i;
EC_GROUP *ret = NULL;
if (nid <= 0)
return NULL;
for (i=0; i<curve_list_length; i++)
if (curve_list[i].nid == nid)
{
ret = ec_group_new_from_data(curve_list[i].data);
break;
}
if (ret == NULL)
{
ECerr(EC_F_EC_GROUP_NEW_BY_CURVE_NAME, EC_R_UNKNOWN_GROUP);
return NULL;
}
EC_GROUP_set_curve_name(ret, nid);
return ret;
}
"
Your curve must be in the curve list, but the NID_ecdsa_with_SHA256 is not. You must use one of curves listed in the array curve_list in the file crypto/ec/ec_curve.c.
For example: NID_secp112r1
Att,
Rick Lopes de Souza
Mestrando em Ciências da Computação
LabSEC - UFSC
Gerente projeto ASI-HSM
Matt Caswell (frodo@baggins.org)
May 22, 2012, 12:04:32 PM5/22/12
to
NID_ecdsa_with_SHA256 is not the name of a curve.
NID_secp256k1 is probably a good choice. Refer to the following
document for a discussion on recommended curves (appendix d), and then
find the related NID name for the curve you want in OpenSSL:
http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf
Matt
On 22 May 2012 16:07, Khuc, Chuong D. <ck...@swri.org> wrote:
> Hi,
> I got a problem with
> EC_KEY_new_by_curve_name: it always return NULL. Here is how I used it:
> EC_KEY *eckey = EC_KEY_new_by_curve_name(NID_ecdsa_with_SHA256);
> If(eckey == NULL)
> {
> printf("ERROR: NULL ECKEY!\r\n");
> }
> Do you happen to know the reason?
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org
NID_secp256k1 is probably a good choice. Refer to the following
document for a discussion on recommended curves (appendix d), and then
find the related NID name for the curve you want in OpenSSL:
http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf
Matt
On 22 May 2012 16:07, Khuc, Chuong D. <ck...@swri.org> wrote:
> Hi,
> I got a problem with
> EC_KEY_new_by_curve_name: it always return NULL. Here is how I used it:
> EC_KEY *eckey = EC_KEY_new_by_curve_name(NID_ecdsa_with_SHA256);
> If(eckey == NULL)
> {
> printf("ERROR: NULL ECKEY!\r\n");
> }
> Do you happen to know the reason?
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org
Matt Caswell (frodo@baggins.org)
May 22, 2012, 12:08:18 PM5/22/12
to
Sorry one other point. Just noticed that in one of your other posts,
you have been provided with a previously existing private key. In that
case you need to find out what curve that private key was associated
with.
Matt
On 22 May 2012 17:04, Matt Caswell (fr...@baggins.org)
you have been provided with a previously existing private key. In that
case you need to find out what curve that private key was associated
with.
Matt
On 22 May 2012 17:04, Matt Caswell (fr...@baggins.org)
Khuc, Chuong D.
May 22, 2012, 12:35:54 PM5/22/12
to
Hello,
Thank you so much for your response. I already sent an email to ask my colleague to find out what curve I should use. However, when I tried using either NID_secp256k1 or NID_X9_62_prime256v1 (because they are the only two curves of 256 bit). I keep getting segmentation fault, so I never saw the print out of "Got here 2" from my code:
Thank you so much for your response. I already sent an email to ask my colleague to find out what curve I should use. However, when I tried using either NID_secp256k1 or NID_X9_62_prime256v1 (because they are the only two curves of 256 bit). I keep getting segmentation fault, so I never saw the print out of "Got here 2" from my code:
printf("Got here 1!\r\n");
EC_KEY *eckey; = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); // or NID_secp256k1
printf("Got here 2!\r\n");
if(eckey == NULL)
{
printf("ERROR: NULL EC_KEY!\r\n");
return 0;
}
I know it's very likely to be user's error again (sorry I'm new at openssl). But do you guys know the cause of this seg fault? Thank you very much.
________________________________________
From: owner-ope...@openssl.org [owner-ope...@openssl.org] on behalf of Matt Caswell (fr...@baggins.org) [fr...@baggins.org]
Sent: Tuesday, May 22, 2012 11:08 AM
To: openss...@openssl.org
Subject: Re: EC_KEY_new_by_curve_name returns NULL
Matt Caswell (frodo@baggins.org)
May 23, 2012, 8:06:46 AM5/23/12
to
On 22/05/12 17:35, Khuc, Chuong D. wrote:
> Hello,
> Thank you so much for your response. I already sent an email to ask my colleague to find out what curve I should use. However, when I tried using either NID_secp256k1 or NID_X9_62_prime256v1 (because they are the only two curves of 256 bit). I keep getting segmentation fault, so I never saw the print out of "Got here 2" from my code:
>
> printf("Got here 1!\r\n");
> EC_KEY *eckey; = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); // or NID_secp256k1
> printf("Got here 2!\r\n");
> if(eckey == NULL)
> {
> printf("ERROR: NULL EC_KEY!\r\n");
> return 0;
> }
> I know it's very likely to be user's error again (sorry I'm new at openssl). But do you guys know the cause of this seg fault? Thank you very much.
Hmmm....odd.
> Hello,
> Thank you so much for your response. I already sent an email to ask my colleague to find out what curve I should use. However, when I tried using either NID_secp256k1 or NID_X9_62_prime256v1 (because they are the only two curves of 256 bit). I keep getting segmentation fault, so I never saw the print out of "Got here 2" from my code:
>
> printf("Got here 1!\r\n");
> EC_KEY *eckey; = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); // or NID_secp256k1
> printf("Got here 2!\r\n");
> if(eckey == NULL)
> {
> printf("ERROR: NULL EC_KEY!\r\n");
> return 0;
> }
> I know it's very likely to be user's error again (sorry I'm new at openssl). But do you guys know the cause of this seg fault? Thank you very much.
Your code looks ok - apart from there appears to be a spurious ; in this
line:
EC_KEY *eckey; = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); // or NID_secp256k1
a seg fault!
The following code compiled and worked as expected on my machine:
#include <openssl/ssl.h>
int main (int argc, char *argv[])
{
/* one-time initialization */
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
printf("Got here 1!\r\n");
EC_KEY *eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
// or NID_secp256k1
printf("Got here 2!\r\n");
if(eckey == NULL)
{
printf("ERROR: NULL EC_KEY!\r\n");
return 0;
}
}
Output was:
Got here 1!
Got here 2!
Matt
0 new messages