[openssl-dev] [openssl.org #4320] [Patch] OpenSSL 1.1.0-pre3: "unable to load Key" error in PEM_get_EVP_CIPHER_INFO()

Rainer Jung via RT rt at openssl.org
Wed Feb 17 18:21:12 UTC 2016 

Change

https://github.com/openssl/openssl/commit/33a6d5a0e565e08758bcb6af456ec657c3a7a76a

introduced a bug in crypto/pem/pem_lib.c function 
PEM_get_EVP_CIPHER_INFO(). One line was removed that is actually needed.

The following patch fixes it:

--- crypto/pem/pem_lib.c     2016-02-15 19:08:07.000000000 +0100
+++ crypto/pem/pem_lib.c  2016-02-17 18:45:14.092815000 +0100
@@ -537,6 +537,7 @@
      *header = '\0';
      cipher->cipher = enc = EVP_get_cipherbyname(dekinfostart);
      *header = c;
+    header++;

      if (enc == NULL) {
          PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, 
PEM_R_UNSUPPORTED_ENCRYPTION);


While you are at it, the following is a small improvement which is used 
in similar ways close to this place:

--- crypto/pem/pem_lib.c.orig     2016-02-17 18:45:14.092815000 +0100
+++ crypto/pem/pem_lib.c  2016-02-17 19:15:19.901402000 +0100
@@ -509,6 +509,7 @@
          PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_ENCRYPTED);
          return (0);
      }
+    header += 9;
      for (; (*header != '\n') && (*header != '\0'); header++) ;
      if (*header == '\0') {
          PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_SHORT_HEADER);



How to reproduce the bug:

OpenSSL> dsaparam -out dsa-test 2048
Generating DSA parameters, 2048 bit long prime
This could take some time
...

OpenSSL> gendsa -out dsa-test.pem -aes128 dsa-test
Generating DSA key, 2048 bits
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:

OpenSSL> dsa -in dsa-test.pem -text
read DSA key
unable to load Private Key
4280523828:error:09065067:PEM routines:load_iv:bad iv chars:pem_lib.c:568:
unable to load Key
error in dsa

The same happens e.g. when using -des or -des3 instead of -aes128.

Without incrementing the header pointer, the parsing of the line

DEK-Info: AES-128-CBC,CBFAADAF91039DF800391FB382CAC3B9

proceeds at the comma, instead of the hex string and bombs out.

Thanks and Regards,

Rainer


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4320
Please log in as guest with password guest if prompted

More information about the openssl-dev mailing list