Any thoughts on this issue? As things currently stand binary curves are pretty much unusable in a FIPS capable OpenSSL build.
Thanks Matt On 22 March 2013 19:41, Matt Caswell via RT <r...@openssl.org> wrote: > Hello > > When using OpenSSL-1.0.1e-fips a call to PEM_write_bio_PrivateKey > silently fails and produces a corrupt pem file when using an > EVP_PKEY_EC key and a binary curve. The same function works fine when > not using a FIPS capable OpenSSL. I suspect the same problem will > affect any ASN.1 routines that attempt to write the private key. > > Please see attached: > * A test case c file that demonstrates the problem > * Two example corrupt pem files > * A patch to rectify the problem > > The patch has been tested against OpenSSL-1.0.1e and corrects the > following: > * Modifies eckey_param2type in ec_ameth.c to check for a 0 return from > i2d_ECParameters to prevent a silent failure > * Modifies the checks to see if the functions should have been called > in EC_GROUP_get_trinomial_basis and EC_GROUP_get_pentanomial_basis > within ec_asn1.c, so that they work in FIPS mode > > Please can someone apply this patch, as binary curves are currently > broken in FIPS mode. > > Thanks > > Matt > >