Hi,
I did not run this in the debugger, but one issue is that you are not initializing `pub` before calling EC_POINT_mul : try adding
pub = EC_POINT_new(curve);
(and check for errors making sure pub is not null afterwards).
Hope this helps!
Best regards,
Nicola
On Mon, Oct 8, 2018, 00:31 John Hughes <john.hughes@xxxxxxxxxxx> wrote:
I'm trying to generate a public key from a private key generated on a HSM
(and obtained by calling PKCS#11). Everything works fine until I call
EC_POINT_mul - at which point I get the error message:
error:100BB065:elliptic curve routines:ec_wNAF_mul:incompatible
objects
I have checked the BIGNUM conversion - and that seems to be fine. The key
pair on the HSM is also generated using brainpoolP256r1.
The basis of the code can be found at the end of the email. I'm basically
trying to follow the example provided in:
https://wiki.openssl.org/index.php/Elliptic_Curve_Cryptography.
I'm using openssl 1.10h
Any pointers or help would be appreciated.
John
---------------------------------------------------------------
BN_CTX *ctx;
ctx = BN_CTX_new();
if(!ctx) {
outputInfo("unable to create openssl BN_CTX");
return;
}
EC_GROUP *curve;
outputInfo("about to create EC_GROUP_new_by_curve_name");
if(NULL == (curve =
EC_GROUP_new_by_curve_name(NID_brainpoolP256r1))) {
outputERRORmess("unable to setup curve");
}
outputInfo("about to create EC_KEY_new_by_curve_name");
EC_KEY *key;
if(NULL == (key = EC_KEY_new_by_curve_name(NID_brainpoolP256r1))) {
outputERRORmess("unable to setup EC_KEY");
}
// now get the private key contained in CKA_VALUE via PKCS#111 and
place in *attrPrivate.pValue
.......... (handle error)
EC_POINT *pub;
BIGNUM *prv = BN_bin2bn((unsigned char*)attrPrivate.pValue,
attrPrivate.ulValueLen, NULL);
if (prv == NULL) {
...... (handle error)
}
if (1 != EC_KEY_set_private_key(key, prv)) {
........ (handle error)
}
if (1 != EC_POINT_mul(curve, pub, prv, NULL, NULL, ctx)) {
outputInfo("unable to calculate the public key from the
HSM's private key using EC_POINT_mul");
(handle error)
}
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users