[openssl-dev] Reminder: OpenSSL's EC private key encoding is broken

Wed Mar 25 21:34:01 UTC 2015

Am 24.03.2015 um 19:42 schrieb Douglas E Engert:
>
> On 3/24/2015 6:10 AM, Annie Yousar wrote:
>> Dear all,
>> this should not have happened:
>
> The private key may have leading zero bytes, and the size of the
> BIGNUM is used
> for the length of the octetstring rather then the field_len.
> The length of the BIGNUM does not include any leading zeros.
>

Exactly.

> Try the attached diff.

The diff solves the issue.
One remark: Please remove the line

       /* to get old behavior, set buf_len = bn_len */

from the diff. There is no need to keep it. OpenSSL handles gently the leading zero bytes in the encoded private key.
Your diff changes the ASN.1 encoding only and no bits on the wire. So the old buggy behavior is obsolete.

Kind regards,
Ann. 

>>
>> $ for i in  `seq 1 1000` ; do if [ "x`openssl ecparam -genkey -name
>> prime256v1 -noout > key.pem; ls -l key.pem | sed '/ 227 /d'`" != " x" ];
>> then echo; cat key.pem;else echo -n "."; fi; done
>> ....................................................................................
>>
>> -----BEGIN EC PRIVATE KEY-----
>> MHYCAQEEH9gjg1X/Gn9X/2VTustsXS/OuWV9LU4ivfp5oewxbACgCgYIKoZIzj0D
>> AQehRANCAARlO6sLkCzJl7khaT8Nj6z3WpcDnMALQ4nI8Toc4/oYHtgUopeSMEj8
>> fgHw9Ym3/2GgClzweJXYLuTYRB7oR/MY
>> -----END EC PRIVATE KEY-----
>> ............................................................................
>>
>> ...
>>

The correct encoded key from above is:

Thanks again.