Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-68357

Cannot convert EC key to PEM when in FIPS mode

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Undefined Undefined
    • None
    • rhel-8.10, rhel-9.5
    • openssl
    • None
    • No
    • Moderate
    • Upstream
    • rhel-sst-security-crypto
    • ssg_security
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • Red Hat Enterprise Linux
    • None
    • None
    • None
    • None

      This is to track Upstream Issue 26012

      It appears that when a system is in FIPS mode, it's not possible to convert a EC key to PEM format, the command fails:

      # openssl ecparam -name secp384r1 -genkey | openssl ec -aes256 -out server.key
[...]
001E9731AB7F0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:355:Global default library context, Algorithm (MD5 : 95), Properties ()
001E9731AB7F0000:error:03000086:digital envelope routines:evp_md_init_internal:initialization error:crypto/evp/digest.c:272:

      The issue affects both RHEL8 and RHEL9, though RHEL8 shows a different message.

              dbelyavs@redhat.com Dmitry Belyavskiy
              rhn-support-rmetrich Renaud Métrich
              Dmitry Belyavskiy Dmitry Belyavskiy
              George Pantelakis George Pantelakis
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: