Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-108678

PKCS#12 files with empty password not readable by other implementations (bad docs)

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Minor Minor
    • None
    • rhel-10.1
    • gnutls
    • None
    • No
    • Low
    • rhel-security-crypto-spades
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • No
    • None
    • None
    • None
    • Unspecified Release Note Type - Unknown
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      When gnutls-3.8.10-2.el10.x86_64 is used to create a PKCS#12 file:

      certtool --load-certificate ca/cert.pem --load-privkey ca/key.pem --to-p12 --p12-name ca --outder --outfile ca.p12 --password ''
      

      the resulting file cannot be imported by NSS, as it errors out:

      pk12util: PKCS12 decode not verified: SEC_ERROR_BAD_DER: security library: improperly formatted DER-encoded message.
      

      and with OpenSSL:

      ...
      9ViypE0hAUVmEQ6Nm+YLVHvk9seQsiwQnPsfGP/6BUFhQ1B2CYxfqdr5arxgZEEk
      SJd8TIj/bs86LFRmB0w+1PoR3aWDMT4o/VGPVMKTTQFjw1PA9SCr/ksSdfQYJ7Y4
      ZyV3/2zUa/Vu3UN2P5fPzSoJDBJmcquxIyVmlrDC8zJshOgAAjh4fpKrwgIbMW2H
      nvMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYNEREZIA==
      -----END CERTIFICATE-----
      Error outputting keys and certificates
      8082D401DE7F0000:error:068000A8:asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1194:
      8082D401DE7F0000:error:0688010A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:349:Type=X509_ALGOR
      8082D401DE7F0000:error:0688010A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:685:Field=algor, Type=X509_SIG
      8082D401DE7F0000:error:0688010A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:685:
      8082D401DE7F0000:error:0688010A:asn1 encoding routines:asn1_template_ex_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:537:Field=value.shkeybag, Type=PKCS12_SAFEBAG
      8082D401DE7F0000:error:0688010A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:654:
      8082D401DE7F0000:error:0680006E:asn1 encoding routines:ASN1_item_unpack_ex:decode error:crypto/asn1/asn_pack.c:72:
      

              dueno@redhat.com Daiki Ueno
              hkario@redhat.com Alicja Kario
              Daiki Ueno Daiki Ueno
              Alexander Sosedkin Alexander Sosedkin
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: