Hi Leon On 21 March 2013 17:27, Matt Caswell <fr...@baggins.org> wrote: > On 20 March 2013 07:14, Leon Brits <le...@parsec.co.za> wrote: >> Hi Matt, >> >> I use: >> $ openssl version >> OpenSSL 1.0.1e-fips 11 Feb 2013 >> >> I was able to successfully parse your attached private key. >> I've attached my smallest prime, binary and kolbitz curve key pairs. As I >> said the prime curve parses correct with the openssl command line tool but >> not the binary curve keys. >
I have successfully managed to reproduce your problem. This is a BUG! Looks to me like binary curves are broken in FIPS mode - anything which attempts to encode a private key will fail, I think (and potentianly numerous other functions). I have attached a patch for openssl-1.0.1e. Please can you confirm that this resolves your problem? cd openssl-1.0.1e patch -p1 </path/to/patch I have submitted this to RT for one of the devs to pick up and commit (hopefully!) :-) Matt
ec2patch.patch
Description: Binary data