genpkey -genparam fails for some EC curves
#12306
Closed
Comments
|
@bbbrumley @slontis suggestions on what might be going on? |
This was referenced Jun 28, 2020
|
Notice also #12291 (comment), that first uncovered the issue, quoted here for convenience:
|
|
So, thanks to @bbbrumley , the problem here seem to be that these two curves don't have an OID assigned. So, actually, we should get a failure on keygen as well with Compare: ; # generate a B-233 key, notice the `:sect233r1` OID encoded at byte 16
; util/shlib_wrap.sh apps/openssl genpkey -algorithm EC -pkeyopt 'ec_paramgen_curve:B-233' | openssl asn1parse
0:d=0 hl=2 l= 126 cons: SEQUENCE
2:d=1 hl=2 l= 1 prim: INTEGER :00
5:d=1 hl=2 l= 16 cons: SEQUENCE
7:d=2 hl=2 l= 7 prim: OBJECT :id-ecPublicKey
16:d=2 hl=2 l= 5 prim: OBJECT :sect233r1
23:d=1 hl=2 l= 103 prim: OCTET STRING [HEX DUMP]:3065020101041E00313C3F21E9CAAB5B5AB97BD93C4CF0D300CA5E7CF1AFD24E40BF844DA3A140033E0004007DBBFB0336E19B7E263DD8CE728AE2F002664E7280415689044F89DB2500F9EB792E2BF588FB3A48C68A269F79FEC3A6114E7EC2271C38F88C5ED9
; # generate a ipsec4 key, notice no OID is being included in the output
; util/shlib_wrap.sh apps/openssl genpkey -algorithm EC -pkeyopt 'ec_paramgen_curve:Oakley-EC2N-4' | tee key | openssl asn1parse
0:d=0 hl=2 l= 100 cons: SEQUENCE
2:d=1 hl=2 l= 1 prim: INTEGER :00
5:d=1 hl=2 l= 9 cons: SEQUENCE
7:d=2 hl=2 l= 7 prim: OBJECT :id-ecPublicKey
16:d=1 hl=2 l= 84 prim: OCTET STRING [HEX DUMP]:305202010104170AFC4B0519F7D5EF940655185F0DF83BD3AA4E09F4B571A13403320004001F45147ED4C61CE12BEBF34B0BEAB9D75DF25BBA74C662008C879475889A4CB009019AA2F357D5B8F3EB53C92AF099
; # try to read again the just generated key: no OID is included, openssl cannot know how to decode this EC key
; util/shlib_wrap.sh apps/openssl pkey -in key -text
unable to load key
140380458363840:error:100DC08E:elliptic curve routines:eckey_type2param:decode error:crypto/ec/ec_ameth.c:134:
140380458363840:error:100D5010:elliptic curve routines:eckey_priv_decode:EC lib:crypto/ec/ec_ameth.c:222:
140380458363840:error:0606F091:digital envelope routines:EVP_PKCS82PKEY:private key decode error:crypto/evp/evp_pkey.c:44:
140380458363840:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:crypto/pem/pem_pkey.c:88: |
romen
added a commit
to romen/openssl
that referenced
this issue
Jun 28, 2020
…nd keys The following built-in curves do not have an assigned OID: - Oakley-EC2N-3 - Oakley-EC2N-4 In general we shouldn't assume that an OID is always available. This commit detects such cases, raises an error and returns appropriate return values so that the condition can be detected and correctly handled by the callers, when serializing EC parameters or EC keys with the default `ec_param_enc:named_curve`. Fixes openssl#12306
romen
added a commit
to romen/openssl
that referenced
this issue
Jun 28, 2020
The following built-in curves do not have an assigned OID: - Oakley-EC2N-3 - Oakley-EC2N-4 In general we shouldn't assume that an OID is always available. This commit detects such cases, raises an error and returns appropriate return values so that the condition can be detected and correctly handled by the callers, when serializing EC parameters or EC keys with the default `ec_param_enc:named_curve`. Fixes openssl#12306
This was referenced Jun 29, 2020
romen
added a commit
to romen/openssl
that referenced
this issue
Jun 29, 2020
…ters and keys The following built-in curves do not have an assigned OID: - Oakley-EC2N-3 - Oakley-EC2N-4 In general we shouldn't assume that an OID is always available. This commit detects such cases, raises an error and returns appropriate return values so that the condition can be detected and correctly handled by the callers, when serializing EC parameters or EC keys with the default `ec_param_enc:named_curve`. Fixes openssl#12306 (cherry picked from commit e810483)
romen
added a commit
to romen/openssl
that referenced
this issue
Jun 29, 2020
Test separately EC parameters and EC key generation. For some curves we have had cases in which generating the parameters under certain conditions failed, while generating and serializing a key under the same conditions did not. See <openssl#12306> for more details.
romen
added a commit
to romen/openssl
that referenced
this issue
Jun 29, 2020
…d keys The following built-in curves do not have an assigned OID: - Oakley-EC2N-3 - Oakley-EC2N-4 In general we shouldn't assume that an OID is always available. This commit detects such cases, raises an error and returns appropriate return values so that the condition can be detected and correctly handled by the callers, when serializing EC parameters or EC keys with the default `ec_param_enc:named_curve`. Fixes openssl#12306
romen
added a commit
to romen/openssl
that referenced
this issue
Jun 29, 2020
Test separately EC parameters and EC key generation. For some curves we have had cases in which generating the parameters under certain conditions failed, while generating and serializing a key under the same conditions did not. See <openssl#12306> for more details.
romen
added a commit
to romen/openssl
that referenced
this issue
Jul 4, 2020
The following built-in curves do not have an assigned OID: - Oakley-EC2N-3 - Oakley-EC2N-4 In general we shouldn't assume that an OID is always available. This commit detects such cases, raises an error and returns appropriate return values so that the condition can be detected and correctly handled by the callers, when serializing EC parameters or EC keys with the default `ec_param_enc:named_curve`. Fixes openssl#12306 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from openssl#12312)
romen
added a commit
to romen/openssl
that referenced
this issue
Jul 4, 2020
Test separately EC parameters and EC key generation. Some curves only support explicit params encoding. For some curves we have had cases in which generating the parameters under certain conditions failed, while generating and serializing a key under the same conditions did not. See <openssl#12306> for more details. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from openssl#12308)
romen
added a commit
to romen/openssl
that referenced
this issue
Jul 4, 2020
The following built-in curves do not have an assigned OID: - Oakley-EC2N-3 - Oakley-EC2N-4 In general we shouldn't assume that an OID is always available. This commit detects such cases, raises an error and returns appropriate return values so that the condition can be detected and correctly handled by the callers, when serializing EC parameters or EC keys with the default `ec_param_enc:named_curve`. Fixes openssl#12306 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from openssl#12313)
romen
added a commit
to romen/openssl
that referenced
this issue
Jul 4, 2020
Test separately EC parameters and EC key generation. Some curves only support explicit params encoding. For some curves we have had cases in which generating the parameters under certain conditions failed, while generating and serializing a key under the same conditions did not. See <openssl#12306> for more details. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from openssl#12307)
openssl-machine
pushed a commit
that referenced
this issue
Jul 7, 2020
Test separately EC parameters and EC key generation. Some curves only support explicit params encoding. For some curves we have had cases in which generating the parameters under certain conditions failed, while generating and serializing a key under the same conditions did not. See <#12306> for more details. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from #12307)
openssl-machine
pushed a commit
that referenced
this issue
Jul 7, 2020
Test separately EC parameters and EC key generation. Some curves only support explicit params encoding. For some curves we have had cases in which generating the parameters under certain conditions failed, while generating and serializing a key under the same conditions did not. See <#12306> for more details. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from #12308)
|
This issue led to several PRs that concur to fix it. As a summary: In
In |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In latest
1.1.1-stable(but also in the first1.1.1release, and persists in currentmaster):this will cause test failures in
test_geneconce #12305 is merged tomaster/backported to1.1.1as the error will be reflected also in the exit status.Curves showing the problem:
Oakley-EC2N-3Oakley-EC2N-4These curves are "special" — as in "stay away from them, HERE BE DRAGONS is an understatement, dragons ran away in fear!" —:
openssl/crypto/ec/ec_curve.c
Lines 3073 to 3081 in 92db29e
openssl/crypto/ec/ec_curve.c
Lines 2157 to 2226 in 92db29e
Yet I fail to see the difference that could trigger the failure in
i2d_ECPKParameters()when compared to a "normal" binary curve:openssl/crypto/ec/ec_curve.c
Lines 2881 to 2882 in 92db29e
openssl/crypto/ec/ec_curve.c
Lines 1184 to 1220 in 92db29e
The text was updated successfully, but these errors were encountered: