On Jan. 9 I reported an error in the PEM_write_PKCS8PrivateKey() function and followed it up with a "solution" (copied below). Ivan Nestlerode kindly pointed out that my solution was bogus, and he was quite right.
I've since done a great deal of experimenting and head scratching, trying to figure out what my original problem was and why my "fix" seemed to solve it. It seems that when I experienced the problem I was calling the PEM_write_PKCS8PrivateKey() function with a symmetric cipher that wasn't supported. At any rate, that's what I discovered this morning; using RC5-OFB results in a private key file that contains only headers plus and error condition, while IDEA-CBC does the Right Thing. Randomly choosing symmetric ciphers for testing is, obviously, not a smart thing to do. Slowly but surely, I'm learning something. I apologize for wasting the bandwidth on the original error report. DSC > Platform > ======== > RedHat Linux 6.2 (i386) > gcc 2.95.3 > > OpenSSL Version > =============== > 0.9.6c > > Problem Description > =================== > Calls to PEM_write_PKCS8PrivateKey() using a custom password collecting > function fail, in that subsequent calls to PEM_read_PrivateKey() using the > correct password cannot read the key. > > Solution > ======== > Function do_pk8pkey() within pem_lib.c appears to invoke the custom callback > incorrectly. The original if-then statement, starting on line 847, is: > > if(!cb) klen = def_callback(buf, PEM_BUFSIZE, 1, u); > else klen = cb(buf, PEM_BUFSIZE, 1, u); > > The fix is on the second line -- dereference the callback function pointer: > > if(!cb) klen = def_callback(buf, PEM_BUFSIZE, 1, u); > else klen = (*cb)(buf, PEM_BUFSIZE, 1, u); ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
