On Mon, Apr 28, 2008, Larry Bugbee wrote:

> I know 0.9.9 is still in development so perhaps I'm being premature. Then
> again, perhaps I'm doing something stupid. If someone has a
> suggestion......
>
> My thanks,
>
> Larry
>
> ================================================== ====================
>
> // compile with:
> // gcc testECcert.c -L/usr/local/lib -lcrypto -o testECcert
>
> #include
> #include
> #include
> #include
> #include
>
> // not in any header file I can find
> // EC_KEY* PEM_read_bio_EC_PUBKEY(BIO* buf, ...);
>
> char *pubkeypem = "\
> -----BEGIN PUBLIC KEY-----\n\
> MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAsEnmej3TZulFo zEchUtEVradA2X\n\
> vlO3bYFlSQKk9CzK2+MBerbAU0NVSOcUycad4R8M2rAi1PCFzU Stt0QSmw==\n\
> -----END PUBLIC KEY-----\n";
>
>
> int main(int argc, char* argv[]) {
> int err;
> BIO *buf = NULL;
> EC_KEY *ecpubkey = NULL;
> X509 *cert = NULL;
> X509_NAME *name = NULL;
> int days = 365;
>
> OpenSSL_add_all_algorithms();
>
> //----------------------------------------------------------
> // load public key
> buf = BIO_new_mem_buf(pubkeypem, strlen(pubkeypem));
> ecpubkey = (EC_KEY*)PEM_read_bio_EC_PUBKEY(buf, NULL, NULL, NULL);
> EC_KEY_print_fp(stdout, ecpubkey, 2); // ignore "Private-Key"
>
> //----------------------------------------------------------
> // load cert
> cert = X509_new();
> X509_set_version(cert,2);
> // set issuer and subject here
> X509_gmtime_adj(X509_get_notBefore(cert),0);
> X509_gmtime_adj(X509_get_notAfter(cert),(long)60*6 0*24*days);
> // v---------v cast to satisify warning
> // err = X509_set_pubkey(cert, (EVP_PKEY*)ecpubkey);
> err = X509_set_pubkey(cert, ecpubkey);
> if (err) printf("set public key error: ", err);
>
> //----------------------------------------------------------
> // let's see it
> X509_print_fp(stdout, cert);
> }
>


You can't just cast and EC_KEY structure to EVP_PKEY: they are different
structures which need to be converted.

If you call PEM_read_bio_PUBKEY() instead you get an EVP_PKEY directly.

Alternatively calling:

EVP_PKEY *pk = EVP_PKEY_new();
....
EVP_PKEY_assign_EC_KEY(pk, ecpubkey;

Will work.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Homepage: http://www.drh-consultancy.demon.co.uk
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org