In 1.0.1e the following is observed when using OpenSSL in FIPS mode: ?% OPENSSL_FIPS=1 openssl pkcs12 -export -in ?/tmp/ipsec.d/certs/192.168.11.1 -inkey ?/tmp/ipsec.d/private/192.168.11.1 -name 192.168.11.1 -out ?/tmp/ipsec.d/192.168.11.1.p12 -password pass:"" ?3067167952:error:060A60A3:digital envelope? ?routines:FIPS_CIPHERINIT:disabled for fips:fips_enc.c:142: ?3067167952:error:06074078:digital envelope ?routines:EVP_PBE_CipherInit:keygen failure:evp_pbe.c:205: ?3067167952:error:23077073:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 algor ?cipherinit error:p12_decr.c:83: ?3067167952:error:2306C067:PKCS12 ?routines:PKCS12_item_i2d_encrypt:encrypt error:p12_decr.c:175: ?3067167952:error:23073067:PKCS12 routines:PKCS12_pack_p7encdata:encrypt? ?error:p12_add.c:202: In 'Re: PKCS12 keystore creation failing in fips mode' (May 29, 2013 9:15pm) the following is said: ? "That's a bug in 1.0.1 in that it tries to use an unapproved ? algorithm in FIPS mode. ?Workaround: use the -descert option." It is not possible for us to upgrade OpenSSL, but it would be possible to apply a patch. ?Does a patch exist that fixes this problem and if so, where can it be found ? ?I do not know how development is organized for OpenSSL (bug tracker, git ?) Thanks !
