Bad salt length AES

Nils Schween nils.schween at mpi-hd.mpg.de
Tue Sep 17 21:45:36 CEST 2024


Dear gpg community,

I had difficulties to import a p12 certificiate with gpgsm --import
cert.p12

I got the following error message:

gpgsm: bad length of salt (32) for AES
gpgsm: parse_shrouded_key_bag(shrouded_key_bag.pkcs5PBES2-params): lvl=16 (tlv_expect_octet_string): Success - Invalid length
gpgsm: parse_bag_data(data.oid): lvl=16 (tlv_expect_octet_string): Success - Invalid length
gpgsm: p12_parse(bag.data): @6724 lvl=16 tlv_expect_octet_string: Success - Invalid length
gpgsm: error parsing or decrypting the PKCS#12 file
gpgsm: total number processed: 4
gpgsm:              unchanged: 4


I searched the internet and I found the following bug report

https://dev.gnupg.org/T6757#182217

I checked with the lenght of the salt in my certificate with the command
command

openssl pkcs12 -info -nokeys -noout -in smime_eyJpZCI6MzYzNTkwMSwidHlwZSI6IlNNSU1FIn0_.p12

The output was

MAC: sha256, Iteration 20000
MAC length: 32, salt length: 64

In agreement with the error message and along the lines of the mentioned
bug report I changed the following lines in the sm/minip12.c :

static int
parse_bag_encrypted_data (struct p12_parse_ctx_s *ctx, tlv_parser_t tlv)
{
  gpg_error_t err = 0;
  const char *where;
  const unsigned char *oid;
  size_t oidlen;
  const unsigned char *data;
  size_t datalen;
  int intval;
-  char salt[32];
+  char salt[64];
 
static gpg_error_t
parse_shrouded_key_bag (struct p12_parse_ctx_s *ctx, tlv_parser_t tlv)
{
  gpg_error_t err = 0;
  const char *where;
  const unsigned char *oid;
  size_t oidlen;
  const unsigned char *data;
  size_t datalen;
  int intval;
-  char salt[20];  
+  char salt[64];
...

After recompiling I could import the certificate without issues. I do
not know if I did something risky from the security perspective and I am
sorry for not reporting it directly in bug tracker, but I do not have an
account there.

Please let me, if this change is going to make into one of the next
versions of gpg.

Best regards,
Nils Schween
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5989 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20240917/47783a30/attachment.bin>


More information about the Gnupg-users mailing list