I have found a reliably reproducible timing-related bug in openssl pkcs when both the key to be processed and the passphrase to use in encryption are passed through stdin. The problem can be reliably reproduced thusly:
[ron@mighty:~]$ cat foo password -----BEGIN RSA PRIVATE KEY----- MGICAQACEQDLgOOobAfwVuluHL95o8J9AgMBAAECEHRc9NA/RaLU6bTVVqUDLLkC CQD3O4+36RUBGwIJANK4V/d+rJxHAghLpuglaKdKvQIJALsHpgRlad2XAgg4NETh hIrziw== -----END RSA PRIVATE KEY----- [ron@mighty:~]$ openssl pkcs8 -topk8 -v2 aes128 -passout stdin < foo unable to load key 33421:error:0906D06C:PEM routines:PEM_read_bio:no start line:/SourceCache/OpenSSL098/OpenSSL098-35.1/src/crypto/pem/pem_lib.c:648:Expecting: ANY PRIVATE KEY That it's a timing bug can be demonstrated by manually presenting the input at the console instead of piping from a file: [ron@mighty:~]$ openssl pkcs8 -topk8 -v2 aes128 -passout stdin password -----BEGIN RSA PRIVATE KEY----- MGICAQACEQDLgOOobAfwVuluHL95o8J9AgMBAAECEHRc9NA/RaLU6bTVVqUDLLkC CQD3O4+36RUBGwIJANK4V/d+rJxHAghLpuglaKdKvQIJALsHpgRlad2XAgg4NETh hIrziw== -----END RSA PRIVATE KEY----- -----BEGIN ENCRYPTED PRIVATE KEY----- MIHOMEkGCSqGSIb3DQEFDTA8MBsGCSqGSIb3DQEFDDAOBAhGNFyxGCmA4QICCAAw HQYJYIZIAWUDBAECBBCGjO1xrm5T4V6ufB8gaPIvBIGAGTrnjU2NQT6MSOMREEQF 3UUufb6w9mIk3jU8PdL7q0zGXaHrpgFgt3GTHYG1ruoO8eM8q2r+YrEVggxzKyob iCJxHfMqkZzBhAUzigxLaTG+dPrqVmY5o/4W2cuE7MkVDiEEqtQmsIGOnaU2wo8w vOQgz7Xp4RRiSK/N1uzmZXs= -----END ENCRYPTED PRIVATE KEY----- As long as there is a slight delay between the entry of the password and the entry of the key, it works. rg ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
