1 (edited by aahladh.g 2019-12-20 12:52:07)

Topic: [SOLVED] EC private key read fails ASN1_CHECK_TLEN

Iam currently porting my application from OpenSSL to use WolfSSL.
I have generated EC private key using the new WolfSSL API's added in OpenSSL compatibility layer:

#define OPENSSL_EXTRA
#define HAVE_ECC
#include <wolfssl/openssl/sha.h>
#include <wolfssl/openssl/ssl.h>
#include <wolfssl/openssl/pem.h>
#include <wolfssl/openssl/asn1.h>
#include <wolfssl/openssl/ec.h>

EVP_PKEY *pk;
EC_KEY *key;

// Build the private key
key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
EC_KEY_set_asn1_flag(key, OPENSSL_EC_NAMED_CURVE);
EC_KEY_generate_key(key));
EVP_PKEY_assign_EC_KEY(pk, key));

and then I write the key in a file using wolfSSL_PEM_write_bio_PrivateKey()
I get a key which looks like this

-----BEGIN EC PRIVATE KEY-----
<<64 ASCII characters>>
<<60 ASCII characters>>   
-----END EC PRIVATE KEY-----

I then tried to verify this key using OpenSSL command line :  openssl ec -in nginx-privateKey.key -text -noout

I got the following errors:

3078384116:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1220:
3078384116:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error:tasn_dec.c:788:
3078384116:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:720:Field=version, Type=EC_PRIVATEKEY
3078384116:error:10092010:elliptic curve routines:d2i_ECPrivateKey:EC lib:ec_asn1.c:1029:
3078384116:error:100DE08E:elliptic curve routines:OLD_EC_PRIV_DECODE:decode error:ec_ameth.c:543:
3078384116:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1220:
3078384116:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error:tasn_dec.c:788:
3078384116:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:720:Field=version, Type=PKCS8_PRIV_KEY_INFO
3078384116:error:0907B00D:PEM routines:PEM_READ_BIO_PRIVATEKEY:ASN1 lib:pem_pkey.c:142:

I have checked that there are no extra spaces and line endings in private key file.

Please help me solve this issue.

Share

Re: [SOLVED] EC private key read fails ASN1_CHECK_TLEN

I have fixed it myself.

Turned out that using wolfSSL_PEM_write_bio_PrivateKey() is the issue.

Instead key can be written directly into file using wolfSSL_PEM_write_ECPrivateKey()

Share

Re: [SOLVED] EC private key read fails ASN1_CHECK_TLEN

@aahladh.g,

Thank you for the report, we are happy you were able to find a solution. We will review the wolfSSL_PEM_write_bio_PrivateKey() implementation in a future refactor, I don't have a timeline for that at this point.

For optimal response times feel free to contact us via support@wolfssl.com or through the zendesk portal at https://wolfssl.zendesk.com

Thank you for using the wolfSSL forums, we look forward to hearing from you in the future if anything else comes up!


Warmest Regards,

K