OpenSolaris

Printable Version Enter a New Search
Bug ID 6607307
Synopsis pkcs#11 engine can't read RSA private keys
State 10-Fix Delivered (Fix available in build)
Category:Subcategory solaris-crypto:openssl
Keywords rtiq_reviewed
Responsible Engineer Vladimir Kotal
Reported Against
Duplicate Of
Introduced In solaris_10
Commit to Fix snv_93
Fixed In snv_93
Release Fixed solaris_nevada(snv_93) , solaris_10u7(s10u7_01) (Bug ID:2165114)
Related Bugs 6680814
Submit Date 20-September-2007
Last Update Date 3-July-2008
Description 
this should work (server.key is a valid RSA private key):

openssl rsautl -inkey /export/apache/server.key -out test2 -in test -sign -keyform e -engine pkcs11
engine "pkcs11" set.
unable to load Private Key

looking at the code, this is obviously wrong (using a read function for public key when private key is to be read):

EVP_PKEY *pk11_load_privkey(ENGINE* e, const char* privkey_file,
        UI_METHOD *ui_method, void *callback_data)
        {
        if ((pubkey=fopen(privkey_file,"r")) != NULL)
                {
                pkey = PEM_read_PUBKEY(pubkey, NULL, NULL, NULL);
                fclose(pubkey);
                if (pkey)

after fixing the code:

	if ((privkey=fopen(privkey_file,"r")) != NULL)
                {
                pkey = PEM_read_PrivateKey(privkey, NULL, NULL, NULL);
                fclose(privkey);
                if (pkey)

it works as expected.
Work Around 
N/A
Comments 
N/A