On Sat, Sep 29, 2001 at 01:22:59AM +0100, Dr S N Henson wrote:
> Well if this is the version that you modified to print out error
> messages then there's another problem. I suggest you change that part
> you mentioned earlier to:
>
> pk = PEM_read_PrivateKey(fp, NULL, NULL, (char *)passphrase);
> if (pk == NULL) {
> error("PEM_read_PrivateKey failed");
> ERR_print_errors_fp(stderr);
> } else if (pk->type == EVP_PKEY_RSA && ....
>
> then do the tests before. Also add another ERR_print_errors_fp(stderr)
> where it prints out "unable to load key".
Changed as specified, recompiled and reinstalled. No change to test
results.
> Yes that is wrong. It will read until EOF which will never happen with
> /dev/random. You shouldn't need a -rand argument under Linux anyway.
OK, that wasn't apparent from the documentation. Here's the results of
performing the same test with correct usage:
babylon5:root:~/.ssh:3 # openssl genrsa -F4 1024
warning, not much extra random data, consider using the -rand option
Generating RSA private key, 1024 bit long modulus
........................++++++
..++++++
e is 65537 (0x10001)
-----BEGIN RSA PRIVATE KEY-----
MIICWwIBAAKBgQCo2i3w3BG0smM2dWTtsRFpV77gRR6owKM7Oqbe4oLLjCvQzsZ4
99e+Qb9S2ICZ2JgnS+1FNxqBc4tBmlzGFoSM1NMz9h9Yu6lNcCV/V5JPA0QrAYFt
ERt05CteXIAm8q032srD4l4/moZsCh14hoHWWAzmAx2suHJ4FDMcFmzeRQIDAQAB
AoGARE3WDbwIUY9kAPCmPlzFjVaYeUKcr2kV3uzP+hOpE0wFoXcz5FVl6anRCmNY
SmPK0QKu3bP3vewOpiAabWtIfMOZa2nXkM3HcQeTzL4MITE2Zgv9lp4yXcAe82ja
iZj14M6E8l1gy6s9teAhH/zkRuEa00a++n9KJIE5a2yUhTUCQQDQbd4GaYXXJ/r1
1FI9QdrBh4lgBxfpSN322O4Livdr9RUbqk5MfBpTek2esnOX/1Kd5Ufb51+N5y7g
NISyz7x7AkEAz2PoC1tMe3X318raXlXAzyYOnlLhaB/hMIEX2yt9HEDS6d5Gkzxp
s8PFrdqWe2JQElH8exDIufu3j+yCJSW0PwJAAZzH+e65DVgO1fYFiNnIknS0+Fw1
sCVTKkS1WruBfIFR33vqzSasoXaxwQeKY2OjRPtwGeBpWdSvBScC28tFnwJAeoz4
BxX5WQ952IunhI059W7wvoANcOE9ydLPDRVixfpMaCSQIdtWPwMV4klEGT8cP+cw
wmxFoRls/GBu+5KPMwJAZsRa7G8IbQiAu/+X2dsP0z0/G3TwkYHU8kKjC67xtQmH
+xTzOtilPz7QozPQhUqpYbITYku+8xrRYYQDEOrjjw==
-----END RSA PRIVATE KEY-----
babylon5:root:~/.ssh:4 # openssl genrsa -F4 -out rsa.pem 1024
warning, not much extra random data, consider using the -rand option
Generating RSA private key, 1024 bit long modulus
.................++++++
.........................++++++
e is 65537 (0x10001)
babylon5:root:~/.ssh:5 # openssl genrsa -F4 -passout pass:foo -idea -out
rsa.pem 1024
warning, not much extra random data, consider using the -rand option
Generating RSA private key, 1024 bit long modulus
................................++++++
.............................................................................................++++++
e is 65537 (0x10001)
babylon5:root:~/.ssh:6 # openssl rsa -in rsa.pem -passin pass:foo -out rsa.nopass
read RSA key
unable to load key
> This is starting to look like a compiler bug.
I've been suspecting that myself. The curious thing is that OpenSSH 2.9p2
and OpenSSL 0.9.6a were working fine.
Hmmm......
It has just occurred to me that while the previous, working OpenSSH 2.9p2
was compiled with gcc-3.0, the working OpenSSL 0.9.6a was *NOT*. It was
compiled with gcc-2.95.3.
I believe some compiler investigation is in order.
--
Linux Now! .........Because friends don't let friends use Microsoft.
phil stracchino :: [EMAIL PROTECTED] :: [EMAIL PROTECTED]
unix ronin :::: renaissance man :::: mystic zen biker geek
2000 CBR929RR, 1991 VFR750F3 (foully murdered), 1986 VF500F (sold)
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
