On Mon Jun 29 14:27:18 2015, [email protected] wrote: > Hi, > > I am debugging a testsuite error in the perl Net-SSLeay module, which > got introduced between 1.0.2a > and 1.0.2c. > > The test code looks like this: > > ... private key in $pk ... > > ok(my $alg2 = Net::SSLeay::EVP_get_cipherbyname("DES-EDE3-OFB"), > "EVP_get_cipherbyname"); > like(my $key_pem4 = > Net::SSLeay::PEM_get_string_PrivateKey($pk,"password",$alg2), qr/----- > BEGIN (ENCRYPTED|RSA) PRIVATE KEY-----/, > "PEM_get_string_PrivateKey+passwd+enc_alg"); > > Previously it returned a encrypted key, now it does not. > > The error stack has: > 0:error:0D0A706C:asn1 encoding > routines:PKCS5_pbe2_set_iv:cipher has no object > identifier:p5_pbev2.c:104: > 0:error:2307D00D:PKCS12 routines:PKCS8_encrypt:ASN1 > lib:p12_p8e.c:86: > [snip] > > which comes from the objects entry: > obj_dat.h:{"DES-EDE3-CBC","des-ede3- > cbc",NID_des_ede3_cbc,8,&(lvalues[235]),0}, > obj_dat.h:{"DES-EDE3-OFB","des-ede3-ofb",NID_des_ede3_ofb64,0,NULL,0}, > > I was not able to find out why des-ede3-cbc does have length 8, but > ofb does not? > > How to fix this? Should it have length 8 too? >
That should never have worked in the first place. It has a length 0 because the NID has no corresponding object identifier and such NIDs cannot be properly encoded in PKCS#8 format. The fact that OpenSSL let you do that previously (with a garbage OID) is the bug. The fix is to use a cipher mode which is properly supported for PKCS#8 format such as CBC mode. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
