Great! Please clarify this for me, can I say F-secure is not compatible
with standards or has the vendor possibility to choose the key format?
Thanks for quick resolve.
Regards,
Jarmo
Richard Levitte via RT wrote:
>
> OK, there are several issues here.
>
> First of all, your private key is broken, or rather the structure it
> has been packed into. "BEGIN PRIVATE KEY" indicates that the key is
> wrapped in a PKCS8 structure. That structure should start with an
> integer indicating the version number of the structure (for now,
> it'll always be 0). That integer is missing, meaning the structure
> can't be correctly parsed.
>
> Second, it seems like OpenSSL lacks error control during the parsing
> of this particular type of structure, leading to the coredump you
> experienced. The following patch (which I shall commit promptly)
> fixes the problem (instead of a coredump, you'll get a few lines of
> error messages):
>
> --- crypto/pem/pem_lib.c 2002/02/20 17:55:34 1.30.2.1
> +++ crypto/pem/pem_lib.c 2002/06/05 11:52:06
> @@ -258,6 +258,7 @@
> PKCS8_PRIV_KEY_INFO *p8inf;
> p8inf=d2i_PKCS8_PRIV_KEY_INFO(
> (PKCS8_PRIV_KEY_INFO **) x,
> &p, len);
> + if(!p8inf) goto p8err;
> ret = (char *)EVP_PKCS82PKEY(p8inf);
> PKCS8_PRIV_KEY_INFO_free(p8inf);
> } else if (strcmp(nm,PEM_STRING_PKCS8) == 0) {
>
> For everyones info, the same error exists in 0.9.7 beta 1 as well.
> Beta 2 will be corrected appropriately.
>
> [[EMAIL PROTECTED] - Tue Jun 4 19:49:46 2002]:
>
> > Hi all,
> >
> > I've tried to use the following certificate and private key to
> sign my
> > own requested certificate but for some reason, openssl coredumps.
> >
> > Coredumps occur also when trying to obtain information from private
> > key
> > (with commands like pkcs8, rsa).
> > Any idea why this is happening? (I can provide the coredump file if
> > necessary)
> >
> >
> > -----BEGIN PRIVATE KEY-----
> >
> MIIB5DANBgkqhkiG9w0BAQEFADCCAdECgYBTAI9HrMBfEfuTiT9NyUD2jGsWIi1YKqsLt3SdTwi
> >
> 9Bh/k7/x68GpTRcAzDpklvs4ZaJBXwiJxs6cLJabV+dCHZnH9X3SSrn8Hz1zYrcNgkHqm3Jx6jE
> >
> aZxjN4MwRQd3KOjwmdZAvHd3+5IXRZPbmYdM1gC0QMiQpCP8rXXJzkZwIBIwKBgANzDplBB1Roe
> >
> ioJsYI8Oo3nP6ErT66NaNqV65QrLj5hVcWw30WbnLBYAqsD7m1JwhUBBVVvIgNlOM/sSW1MNeGs
> >
> RTOxpo6hbqe6WRqqtTEIopyOx/RUNM33NQ6Rfvo27/Sop4/xUe8DUQsnYJ0pJ5QStwOjlSXo9KV
> >
> mT3nkuQYLAkEAgwz57Wdk9dGOxyYKHsWTk2Y4NlV87/+/QNRO5Wfl/YNKIDuHxLFTin7netad7X
> >
> MFp43TPtBaNceNzx1UmctmuwJBAKIj149VZaw21RQ2vONV4R1Ll3qblnIQPnjyesCdBbABVVSOH
> >
> gCW7K0ytUMY9aH+N8rrxTw+0h3D6ILVHbMtXEUCQCwSZx1ZSpxyRU6/6SWMZDibdjxd5Zh03GZh
> > XxLSxzoiRyMygmB65OS5wFncscrd9CYmlpMpAKmatE7G0p+IrVE=
> > -----END PRIVATE KEY-----
> >
> > The matching public key: (this seems to work)
> >
> > -----BEGIN CERTIFICATE-----
> >
> MIICRzCCAbCgAwIBAgIEATEF8TANBgkqhkiG9w0BAQQFADBVMQswCQYDVQQGEwJGSTEoMCYGA1U
> >
> EChMfVGhlIEZpbm5pc2ggQmFua2VycyBBc3NvY2lhdGlvbjEcMBoGA1UECxMTQ2xpZW50IENBIF
> >
> VudHJ1c3RlZDAeFw0wMDA2MTQwNjMwMDBaFw0yNzEwMzEwODMwMDBaMFUxCzAJBgNVBAYTAkZJM
> >
> SgwJgYDVQQKEx9UaGUgRmlubmlzaCBCYW5rZXJzIEFzc29jaWF0aW9uMRwwGgYDVQQLExNDbGll
> >
> bnQgQ0EgVW50cnVzdGVkMIGcMA0GCSqGSIb3DQEBAQUAA4GKADCBhgKBgFMAj0eswF8R+5OJP03
> >
> JQPaMaxYiLVgqqwu3dJ1PCL0GH+Tv/HrwalNFwDMOmSW+zhlokFfCInGzpwslptX50Idmcf1fdJ
> >
> KufwfPXNitw2CQeqbcnHqMRpnGM3gzBFB3co6PCZ1kC8d3f7khdFk9uZh0zWALRAyJCkI/ytdcn
> >
> ORnAgEjoycwJTAPBgNVHQ8BAf8EBQMDB4AAMBIGA1UdEwEB/wQIMAYBAf8CAQIwDQYJKoZIhvcN
> >
> AQEEBQADgYEAUQu1peUXTmTBcNvNXAc8bQ5TDW8vL5Sl9zPNJsWD99pAqjIyMXLx02+96g46fUA
> >
> ujxTzsVFNlnJ+tbejvTDZcWqSc6r/H1TeGOc14HAAFIRGV3ifI65Kj3XAHYRAuaVQtb69DAvWxM
> > 7VINWzZp1Ip3kM1MC1J7GjlbW5yyxDiGM=
> > -----END CERTIFICATE-----
> >
> > Regards,
> > Jarmo
> >
> ______________________________________________________________________
> > OpenSSL Project
> http://www.openssl.org
> > User Support Mailing List
> [EMAIL PROTECTED]
> > Automated List Manager
> [EMAIL PROTECTED]
>
> --
> Richard Levitte
> [EMAIL PROTECTED]
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> Development Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
