Unsupported prf error when reading an RSA private key

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Unsupported prf error when reading an RSA private key

Shawn Willden
(Note:  CC'd to the Keyczar mailing list.  Apologies to anyone who's
on both lists.)

I'm getting errors that I don't really understand from
PEM_read_vio_PrivateKey on Mac OS X 10.6 (the error does not occur on
Linux, so it's version/platform-related).

The error is occurring in a unit test in the Keyczar project
(http://keyczar.org).  The test is trying to export and then import an
RSA private key (actually, the same problem shows up when working with
DSA and ECDSA keys, but I'm focusing on RSA at the moment).  The
export is done with:

    PEM_write_bio_PKCS8PrivateKey(out, key, cipher, NULL, 0, NULL, passphrase);

where key is an EVP_PKEY pointer and cipher was obtained by calling
EVP_aes_128_cbc().  The export returns 1indicating success.   The
import is then done by calling:

    PEM_read_bio_PrivateKey(in, NULL, NULL, passphrase);

The error text is:

    error:0607607D:digital envelope
routines:PKCS5_v2_PBE_keyivgen:unsupported prf
    error:06074078:digital envelope routines:EVP_PBE_CipherInit:keygen failure
    error:23077073:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 algor
cipherinit error
    error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe
crypt error
    error:0907B00D:PEM routines:PEM_READ_BIO_PRIVATEKEY:ASN1 lib

It appears to me that openssl is trying to use some pseudo-random
function (PRF) that it doesn't have, apparently while trying to
generate an IV.  But that raises some questions.

1.  Why is it trying to generate an IV when trying to _read_ a PEM
file.  It should be decrypting, not encrypting.
2.  Why is it trying to use an algorithm it doesn't have?  Is there a
way I can tell it to use a different one?
3.  Why does this only happen on OS X?  Is the Mac version of the lib
different in some way?

This is with the version of the openssl tools and libs distributed by
Apple.  "openssl version" reports "OpenSSNL 0.9.8r 8 Feb 2011".  I've
also tested it with a version of openssl installed via Macports, which
reports "OpenSSL 1.0.0d 8 Feb 2011".

If you want to look at the actual source code, the unit test is in:

    http://code.google.com/p/keyczar/source/browse/cpp/src/keyczar/rsa_key_unittest.cc

and the functions that do the reading and writing are in:

    http://code.google.com/p/keyczar/source/browse/cpp/src/keyczar/rsa_key_unittest.cc

Thanks,

Shawn
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Unsupported prf error when reading an RSA private key

Dr. Stephen Henson
On Wed, Sep 07, 2011, Shawn Willden wrote:

> (Note:  CC'd to the Keyczar mailing list.  Apologies to anyone who's
> on both lists.)
>
> I'm getting errors that I don't really understand from
> PEM_read_vio_PrivateKey on Mac OS X 10.6 (the error does not occur on
> Linux, so it's version/platform-related).
>
> The error is occurring in a unit test in the Keyczar project
> (http://keyczar.org).  The test is trying to export and then import an
> RSA private key (actually, the same problem shows up when working with
> DSA and ECDSA keys, but I'm focusing on RSA at the moment).  The
> export is done with:
>
>     PEM_write_bio_PKCS8PrivateKey(out, key, cipher, NULL, 0, NULL, passphrase);
>
> where key is an EVP_PKEY pointer and cipher was obtained by calling
> EVP_aes_128_cbc().  The export returns 1indicating success.   The
> import is then done by calling:
>
>     PEM_read_bio_PrivateKey(in, NULL, NULL, passphrase);
>
> The error text is:
>
>     error:0607607D:digital envelope
> routines:PKCS5_v2_PBE_keyivgen:unsupported prf
>     error:06074078:digital envelope routines:EVP_PBE_CipherInit:keygen failure
>     error:23077073:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 algor
> cipherinit error
>     error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe
> crypt error
>     error:0907B00D:PEM routines:PEM_READ_BIO_PRIVATEKEY:ASN1 lib
>
> It appears to me that openssl is trying to use some pseudo-random
> function (PRF) that it doesn't have, apparently while trying to
> generate an IV.  But that raises some questions.
>
> 1.  Why is it trying to generate an IV when trying to _read_ a PEM
> file.  It should be decrypting, not encrypting.

Well it is technically deriving the key from the passphrase and it needs to
generate the same key and IV as used when encrypting: though in the case of
that algorithm the IV is in plain text.

> 2.  Why is it trying to use an algorithm it doesn't have?  Is there a
> way I can tell it to use a different one?
> 3.  Why does this only happen on OS X?  Is the Mac version of the lib
> different in some way?
>

Have you included OpenSSL_add_all_algorithms()?

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Unsupported prf error when reading an RSA private key

Shawn Willden


On Wed, Sep 7, 2011 at 12:15 PM, Dr. Stephen Henson <[hidden email]> wrote:
Have you included OpenSSL_add_all_algorithms()?

Yes.  Here's a more complete snippet:

  // Ciphers table requires to be loaded.
  OpenSSL_add_all_ciphers();

  ScopedEVPPKey evp_pkey;
  // The first NULL value means we are not implementing our own password
  // callback function but that we will rely on the default one instead.
  if (passphrase != NULL)
    evp_pkey.reset(PEM_read_bio_PrivateKey(
                       in.get(), NULL, NULL,
                       const_cast<char*>(passphrase->c_str())));
  else
    evp_pkey.reset(PEM_read_bio_PrivateKey(in.get(), NULL, NULL, NULL));

  // Removes the ciphers from the table.
  EVP_cleanup();
 

--
Shawn Willden |  Software Engineer | [hidden email] |  Commerce Team

Reply | Threaded
Open this post in threaded view
|

Re: Unsupported prf error when reading an RSA private key

Dr. Stephen Henson
On Wed, Sep 07, 2011, Shawn Willden wrote:

> On Wed, Sep 7, 2011 at 12:15 PM, Dr. Stephen Henson <[hidden email]>wrote:
> >
> > Have you included OpenSSL_add_all_algorithms()?
>
>
> Yes.  Here's a more complete snippet:
>
>   // Ciphers table requires to be loaded.
>   OpenSSL_add_all_ciphers();
>
>   ScopedEVPPKey evp_pkey;
>   // The first NULL value means we are not implementing our own password
>   // callback function but that we will rely on the default one instead.
>   if (passphrase != NULL)
>     evp_pkey.reset(PEM_read_bio_PrivateKey(
>                        in.get(), NULL, NULL,
>                        const_cast<char*>(passphrase->c_str())));
>   else
>     evp_pkey.reset(PEM_read_bio_PrivateKey(in.get(), NULL, NULL, NULL));
>
>   // Removes the ciphers from the table.
>   EVP_cleanup();
>

Hmm... that's peculiar. Do you get the same error with the openssl utility on
a private key you created? For example:

openssl rsa -in key.pem

If you do then please check if a key created on that platform produces that
error on another platform. Explanation: I'm trying to see if the problem is
writing the encrypted key or reading it in.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Unsupported prf error when reading an RSA private key

Shawn Willden
On Wed, Sep 7, 2011 at 4:09 PM, Dr. Stephen Henson <[hidden email]> wrote:
> Hmm... that's peculiar. Do you get the same error with the openssl utility on
> a private key you created? For example:
>
> openssl rsa -in key.pem

Nope, no error on that, with either of the openssl packages installed
on my machine.  In case it's useful, I've attached the PEM file
generated by the most recent run of the test.  The passphrase is
"cartman".

Thanks,

--
Shawn.

rsa.pem (2K) Download Attachment