[openssl-users] [openssl-dev] openssl 1.0.1p PEM_write_bio_RSAPrivateKey fail. error: ASN1_get_object:too long

Tekale, Sharad sharad.tekale at zebra.com
Fri Mar 18 06:14:17 UTC 2016

Hi Farrell,

Thanks a lot for your reply.

I've actually used password of 64 characters in my program, for simplicity I've showcased as 6 byte password in below example.

Looks like there is some other issue or some stringent check that is added in 1.0.1p as the same code works fine in 0.9.8zg version.

Can you please give us pointers to debug this issue.


From: openssl-dev [mailto:openssl-dev-bounces at openssl.org] On Behalf Of Jeremy Farrell
Sent: Friday, March 18, 2016 1:25 AM
To: openssl-users at openssl.org
Cc: openssl-dev at openssl.org
Subject: Re: [openssl-dev] openssl 1.0.1p PEM_write_bio_RSAPrivateKey fail. error: ASN1_get_object:too long

On 17/03/2016 06:32, Ranjith Kumar A. wrote:
> Need help.

This is a question about using the OpenSSL libraries, further discussion should be on openssl-users; I've set 'reply-to' appropriately, but I don't know what the mailing list will do with it.

> I'm not able to encrypt a key using passphrase, below is the error
> message.
> **"error:0D07209B:asn1 encoding routines:ASN1_get_object:too long"**
> Have already googled for error but couldn't got much info
> unsigned char pass[] = "123456";
> BIO *priv_bio = BIO_new( BIO_s_mem() );
> RSA *rsa = RSA_generate_key( 2048, 65537, NULL, NULL ) ret =
> PEM_write_bio_RSAPrivateKey( priv_bio, rsa, EVP_aes_256_cbc(), pass, 64, NULL, NULL );

I don't know if or how it's related to your problem, but you have defined a 7 byte array as the passphrase then told the function to use 64 bytes at that location. There's no saying what values the other 57 bytes of the passphrase will have, assuming they're accessible at all.

> ...
> The same piece of code is working on openssl-0.9.8zg.

More luck than good judgement I suspect.

> ...

J. J. Farrell
Not speaking for Oracle.


This email and any files transmitted with it are confidential, and may also be legally privileged. If you are not the intended recipient, you may not review, use, copy, or distribute this message. If you receive this email in error, please notify the sender immediately by reply email and then delete this email.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160318/67dabba6/attachment-0001.html>

More information about the openssl-users mailing list