RE: EVP and Elliptic curve

Fri, 22 Mar 2013 01:54:02 -0700 

The patch works. I am using the openssl-fips-2.0.2 sources.

Here is a Kolbitz-409 curve private key:

-----BEGIN PRIVATE KEY-----
MIIBiwIBADCB2QYHKoZIzj0CATCBzQIBATAdBgcqhkjOPQECMBICAgGZBgkqhkjO
PQECAwICAVcwBgQBAAQBAQRpBABg8F9lj0nBrTqxiQ9xhCEO/QmH4wfITCesz7j5
9nzCxGAYnrWqqmLuIi6xs1VAz+kCN0YB42kFC3xOQqy6Hay/BCmcNGB4L5GOpCfm
MlFl6eoQ49pfbELpxVIVqpyielhj7EjY4ChrAjN/////////////////////////
/////////l+DstTqIEAOxFV9XtPj58pbS1yDuOAeX88CAQQEgakwgaYCAQEEM11q
kNyuCz8isUZ7C5zOWVrFAGNjErW9RKH3vluP5lP5YyP2Y+n7PRP/6xh1bn+/0zKv
O6FsA2oABAEK21oLBen5xoJDZBZJtaSAyMBrLpBihUS3OHprmX9voA2bR8UUHjeZ
3B8KZNEjHHUrTqYBWgYRuoZta9TEINsEOaG7lt4We5/iRQcpuq8vXr8qOMssuWYa
VYvegaty02SSXB2m1wM/
-----END PRIVATE KEY-----

Thanks again
Leon Brits 

> -----Original Message-----
> From: [email protected] [mailto:[email protected]]
> On Behalf Of Matt Caswell
> Sent: 22 March 2013 01:06 AM
> To: [email protected]
> Subject: Re: EVP and Elliptic curve
> 
> Hi Leon
> 
> On 21 March 2013 17:27, Matt Caswell <[email protected]> wrote:
> > On 20 March 2013 07:14, Leon Brits <[email protected]> wrote:
> >> Hi Matt,
> >>
> >> I use:
> >> $ openssl version
> >> OpenSSL 1.0.1e-fips 11 Feb 2013
> >>
> >> I was able to successfully parse your attached private key.
> >> I've attached my smallest prime, binary and kolbitz curve key pairs. As
> I said the prime curve parses correct with the openssl command line tool
> but not the binary curve keys.
> >
> 
> I have successfully managed to reproduce your problem. This is a BUG!
> Looks to me like binary curves are broken in FIPS mode - anything which
> attempts to encode a private key will fail, I think (and potentianly
> numerous other functions).
> 
> I have attached a patch for openssl-1.0.1e. Please can you confirm that
> this resolves your problem?
> 
> cd openssl-1.0.1e
> patch -p1 </path/to/patch
> 
> 
> I have submitted this to RT for one of the devs to pick up and commit
> (hopefully!) :-)
> 
> Matt

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [email protected]
Automated List Manager                           [email protected]

Reply via email to