Hi All, I'm working on upgrade openssl version from 0.9.8y to 1.0.1e in our product. To import PEM certificates we use use high-level OpenSSL API:
BIO *key=BIO_new(BIO_s_file()); int res = BIO_read_filename(key,filename); EVP_PKEY* pkey = PEM_read_bio_PrivateKey(key,NULL, NULL, password); There were not any problem with the 0.9.8y version. The problem is that if PEM was encrypted in ECB mode - PEM_read_bio_PrivateKey returns NULL. I checked how this func works with certificates encrypted by the following algorithms: aes-192 in ecb mode aes-192 in cbc mode des-ede in ecb mode des-ede in cbc mode PEM_read_bio_PrivateKey returns not null value for certificates, encrypted using des-ede and aes-192 in cbc mode. For ecb mode it returns NULL. Here is the openssl error stack: OpenSSL error stack: 906A065 : error:0906A065:PEM routines:PEM_do_header:bad decrypt OpenSSL error stack: 6065064 : error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt Could anyone please help with this issue? Thanks in advance! -- View this message in context: http://openssl.6102.n7.nabble.com/PEM-read-bio-PrivateKey-returns-NULL-for-PEMs-in-ECB-mode-tp46590.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
