RE: Setting a group to an existing EVP_PKEY in OpenSSL 3

[Martin via openssl-users <openssl-users@xxxxxxxxxxx>]

Kory,

 

Thanks for your response. I want to preserve the rest of the EC public key params. I did this. I haven’t test yet.

 

OSSL_PARAM* extracted_params = NULL;

char curve_name[64];

OSSL_PARAM* param_ecgroup = NULL;

 

// sigkey is the EVP_PKEY ECDSA public key

 

 

if (EVP_PKEY_todata(sigkey, EVP_PKEY_PUBLIC_KEY, &extracted_params) == 0)

{

       // error

}

curve_name = OSSL_EC_curve_nid2name(nid));

if (curve_name == NULL)

{

// error

}

if ((param_ecgroup = OSSL_PARAM_locate(params, "group")) != NULL)

{

       OSSL_PARAM_set_utf8_string(param_ecgroup, curve_name);

}

else

{

       // error

}

 

Martin

 

From: Kory Hamzeh <kory@xxxxxxxxxxxx>
Sent: Monday, October 24, 2022 7:22 PM
To: amartin@xxxxxxxx
Cc: openssl-users@xxxxxxxxxxx
Subject: Re: Setting a group to an existing EVP_PKEY in OpenSSL 3

 

I haven’t done exactly what you are trying, but something similar.

 

 See EVP_PKEY_set_params:

 

https://www.openssl.org/docs/man3.0/man3/EVP_PKEY_set_params.html

 

The specific parm to set the group could be set like this:

 

 OSSL_PARAM_BLD_push_utf8_string(param_bld, "group",                      

                                            curve, 0;

 

 

 

Please note that that I have not tested the above code as my code uses key-from-data. But I think it should work.

 

On Oct 24, 2022, at 2:31 PM, Martin via openssl-users <openssl-users@xxxxxxxxxxx> wrote:

 

Hi,

 

How can I set a GROUP to an existing EC type EVP_PKEY in OpenSSL 3?

 

In 1.0.2 I was using this code having the EC_KEY:

 

EC_KEY_set_group(eckey, EC_GROUP_new_by_curve_name(nid));

 

In OpenSSL 3 still EC_GROUP_new_by_curve_name(nid) can be used, but I don’t know how to go from that to set it on the existing key.

 

 

Thanks,

 

Martin