(Note: CC'd to the Keyczar mailing list. Apologies to anyone who's on both lists.)
I'm getting errors that I don't really understand from PEM_read_vio_PrivateKey on Mac OS X 10.6 (the error does not occur on Linux, so it's version/platform-related). The error is occurring in a unit test in the Keyczar project (http://keyczar.org). The test is trying to export and then import an RSA private key (actually, the same problem shows up when working with DSA and ECDSA keys, but I'm focusing on RSA at the moment). The export is done with: PEM_write_bio_PKCS8PrivateKey(out, key, cipher, NULL, 0, NULL, passphrase); where key is an EVP_PKEY pointer and cipher was obtained by calling EVP_aes_128_cbc(). The export returns 1indicating success. The import is then done by calling: PEM_read_bio_PrivateKey(in, NULL, NULL, passphrase); The error text is: error:0607607D:digital envelope routines:PKCS5_v2_PBE_keyivgen:unsupported prf error:06074078:digital envelope routines:EVP_PBE_CipherInit:keygen failure error:23077073:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 algor cipherinit error error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error error:0907B00D:PEM routines:PEM_READ_BIO_PRIVATEKEY:ASN1 lib It appears to me that openssl is trying to use some pseudo-random function (PRF) that it doesn't have, apparently while trying to generate an IV. But that raises some questions. 1. Why is it trying to generate an IV when trying to _read_ a PEM file. It should be decrypting, not encrypting. 2. Why is it trying to use an algorithm it doesn't have? Is there a way I can tell it to use a different one? 3. Why does this only happen on OS X? Is the Mac version of the lib different in some way? This is with the version of the openssl tools and libs distributed by Apple. "openssl version" reports "OpenSSNL 0.9.8r 8 Feb 2011". I've also tested it with a version of openssl installed via Macports, which reports "OpenSSL 1.0.0d 8 Feb 2011". If you want to look at the actual source code, the unit test is in: http://code.google.com/p/keyczar/source/browse/cpp/src/keyczar/rsa_key_unittest.cc and the functions that do the reading and writing are in: http://code.google.com/p/keyczar/source/browse/cpp/src/keyczar/rsa_key_unittest.cc Thanks, Shawn ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
