PEM_read_bio_PrivateKey broken when migrating form 3.0.8 to 3.1.2

[Daniel Thertell]

Hey,

Not really sure if this is the right place to ask this but I had "PEM_read_bio_PrivateKey" working fine with openssl 3.0.8 and suddenly when rebuilding with openssl 3.1.2 I a receiving the following error: "error:0308010C:digital envelope routines::unsupported".

I believe this means the cipher that was being used to decrypt the private key has been moved to a new provider, however I am not sure where it was moved to (or if my assumption is even correct). Not sure if this is relevant but I have complied openssl from source with FIPS enabled for both 3.0.8 and 3.1.2.  I tried loading the legacy provider using "OSSL_PROVIDER_load" however that does not fix the error. Any ideas or suggestions would be appreciated!  

Thanks,

Dan

[Tomas Mraz]

Do you use fips=yes in the default property query? If so, this is
because 3DES moved from being FIPS approved to FIPS unapproved in 3.1.

You'll have to temporarily remove fips=yes from the property query
before loading the private key if it is encrypted with 3DES.

Regards,

Tomas Mraz, OpenSSL Foundation

> --
> You received this message because you are subscribed to the Google
> Groups "openssl-users" group.
> To unsubscribe from this group and stop receiving emails from it,
> send an email to openssl-user...@openssl.org.
> To view this discussion visit
> https://groups.google.com/a/openssl.org/d/msgid/openssl-users/d65c61ef-84aa-4a7a-a61d-7343c54bed65n%40openssl.org
> .

--
Tomáš Mráz, OpenSSL