[gnutls-devel] GnuTLS | PKCS#12 files that do not use encryption and integrity checks cause errors when used by GnuTLS (#722)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Tue Mar 5 18:28:08 CET 2019


New Issue was created.

Issue 722: https://gitlab.com/gnutls/gnutls/issues/722
Author:    Hubert Kario
Assignee:  

## Description of problem:
Files that don't encrypt the key or certificate, and that don't include MAC (HMAC) in the PKCS#12 files cause errors to be emitted by `certtool`

## Version of gnutls used:
gnutls-3.6.5-1.el8.x86_64

## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
RHEL

## How reproducible:
always


 * download https://github.com/redhat-qe-security/keyfile-corpus
 * run `certtool --p12-info --inder --infile 'keyfile-corpus-keyfiles-0.1.3/ecdsa(P-256,sha256),cert(none),key(none).p12' --password ''`

## Actual results:

```
BAG #0
	Elements: 1
	Type: Certificate
	Friendly name: localhost
	Key ID: EC:0D:39:91:6E:0F:CF:32:01:C6:A8:B5:18:37:C2:C9:C0:BA:E2:8D
-----BEGIN CERTIFICATE-----
MIIBbjCCARWgAwIBAgIJAI/IbTxv+I9jMAoGCCqGSM49BAMCMBQxEjAQBgNVBAMM
CWxvY2FsaG9zdDAeFw0xNzAzMTcxODEyMDFaFw0xNzA0MTYxODEyMDFaMBQxEjAQ
BgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCMknyAq
nA+3aK3ZOZniUoMdXw2FS32ntx/z5lyNHR/uDccJWqf+pvRrh3KIJ/rBH1senRgZ
rxBFNLiSy4jFl6GjUDBOMB0GA1UdDgQWBBRA0Rev/Y1Sim7zT+43/pscgrYNmDAf
BgNVHSMEGDAWgBRA0Rev/Y1Sim7zT+43/pscgrYNmDAMBgNVHRMEBTADAQH/MAoG
CCqGSM49BAMCA0cAMEQCIHjCu1sp0hot0cJYRfl3/PrFY5cmvIacmhaNydbCCDIE
AiBa+Og0kq9JmSQzGgeTmzCOdU/PTSNZ9d8KWE70AgDu1A==
-----END CERTIFICATE-----

BAG #1
	Elements: 1
	Type: PKCS #8 Key
	Friendly name: localhost
	Key ID: EC:0D:39:91:6E:0F:CF:32:01:C6:A8:B5:18:37:C2:C9:C0:BA:E2:8D
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgQRBA0do9FYtTDVeJ
+jra/OoPyOwUMxm4AfTWUyI/BrKhRANCAAQjJJ8gKpwPt2it2TmZ4lKDHV8NhUt9
p7cf8+ZcjR0f7g3HCVqn/qb0a4dyiCf6wR9bHp0YGa8QRTS4ksuIxZeh
-----END PRIVATE KEY-----
verify_mac: ASN1 parser: Element was not found.
There were errors parsing the structure
```

## Expected results:

no errors printed

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/722
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190305/22e879a4/attachment.html>


More information about the Gnutls-devel mailing list