Topic: [SOLVED] EC private key read fails ASN1_CHECK_TLEN
Iam currently porting my application from OpenSSL to use WolfSSL.
I have generated EC private key using the new WolfSSL API's added in OpenSSL compatibility layer:
#define OPENSSL_EXTRA
#define HAVE_ECC
#include <wolfssl/openssl/sha.h>
#include <wolfssl/openssl/ssl.h>
#include <wolfssl/openssl/pem.h>
#include <wolfssl/openssl/asn1.h>
#include <wolfssl/openssl/ec.h>
EVP_PKEY *pk;
EC_KEY *key;
// Build the private key
key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
EC_KEY_set_asn1_flag(key, OPENSSL_EC_NAMED_CURVE);
EC_KEY_generate_key(key));
EVP_PKEY_assign_EC_KEY(pk, key));
and then I write the key in a file using wolfSSL_PEM_write_bio_PrivateKey()
I get a key which looks like this
-----BEGIN EC PRIVATE KEY-----
<<64 ASCII characters>>
<<60 ASCII characters>>
-----END EC PRIVATE KEY-----
I then tried to verify this key using OpenSSL command line : openssl ec -in nginx-privateKey.key -text -noout
I got the following errors:
3078384116:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1220:
3078384116:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error:tasn_dec.c:788:
3078384116:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:720:Field=version, Type=EC_PRIVATEKEY
3078384116:error:10092010:elliptic curve routines:d2i_ECPrivateKey:EC lib:ec_asn1.c:1029:
3078384116:error:100DE08E:elliptic curve routines:OLD_EC_PRIV_DECODE:decode error:ec_ameth.c:543:
3078384116:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1220:
3078384116:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error:tasn_dec.c:788:
3078384116:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:720:Field=version, Type=PKCS8_PRIV_KEY_INFO
3078384116:error:0907B00D:PEM routines:PEM_READ_BIO_PRIVATEKEY:ASN1 lib:pem_pkey.c:142:
I have checked that there are no extra spaces and line endings in private key file.
Please help me solve this issue.