Version: OpenSSL 1.0.1e 11 Feb 2013 OS: Mac OS X 10.8.3 / FreeBSD 9.1-RELEASE
/* * Brokeness exhibited by libcrypto when using the DER functions to * encode/decode a Diffie Hellman private key using the PKCS8 functions. * * --- * * libcrypto's d2i_PKCS8PrivateKey_bio function is unable to read data that is * generated using it's own i2d_PKCS8PrivateKey_bio function, this also limits * functionality tremendously in that i2d_PrivateKey can not take any callbacks * or information for a password, and thus can't encrypt the end result, which * the PKCS8 functions are able to do. * * The issue is that when trying to write a library that wraps this * functionality, we don't know ahead of time whether we are going to be * working with a DH key or not ... so if we try to d2i an memory BIO we are * passed, if we use the PKCS8 functions we may fail. At that point part of the * data has already been read from the BIO, and for read/write BIO's we can't * reset it back to where it was, so we can't even attempt to fall back on the * d2i_PrivateKey function. * * The problem is that the PEM functions work without issues. So * PEM_write_bio_PKCS8PrivateKey can correctly be decoded by * PEM_read_bio_PrivateKey (there is no PKCS8 equivelant, since it handles it * behind the scenes). * * --- * * Compile using: * * clang `pkg-config libcrypto --libs --cflags` -Wall -Wextra d2i_pkcs8privatekey.c * * or for broken version: * * clang `pkg-config libcrypto --libs --cflags` -Wall -Wextra d2i_pkcs8privatekey.c -DBROKEN * * Run: * * ./a.out * echo $? * * When compiled with BROKEN, return code will be 8. * When compiled without BROKEN, return code will be 0. */ Sample code attached that showcases the issue. Thanks, Bert JW Regeer Absio Corporation
d2i_pkcs8privatekey.c
Description: Binary data