<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en">

<head>

<meta content="text/html; charset=utf-8" http-equiv="Content-Type">

<title>

GitLab

</title>

<style>img {

max-width: 100%; height: auto;

}

</style>

</head>

<body>

<div class="content">

<div></div>

<h2 dir="auto">

<a id="user-content-description-of-problem" class="anchor" href="#description-of-problem" aria-hidden="true"></a>Description of problem:</h2>

<p dir="auto">PKCS#12 files that use scrypt for key derivation are unsupported by gnutls</p>

<h2 dir="auto">

<a id="user-content-version-of-gnutls-used" class="anchor" href="#version-of-gnutls-used" aria-hidden="true"></a>Version of gnutls used:</h2>

<p dir="auto">gnutls-3.6.5-1.el8.x86_64</p>

<h2 dir="auto">

<a id="user-content-distributor-of-gnutls-eg-ubuntu-fedora-rhel" class="anchor" href="#distributor-of-gnutls-eg-ubuntu-fedora-rhel" aria-hidden="true"></a>Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)</h2>

<p dir="auto">RHEL</p>

<h2 dir="auto">

<a id="user-content-how-reproducible" class="anchor" href="#how-reproducible" aria-hidden="true"></a>How reproducible:</h2>

<ul dir="auto">

<li>Download <a href="https://github.com/redhat-qe-security/keyfile-corpus" rel="nofollow noreferrer noopener" target="_blank">https://github.com/redhat-qe-security/keyfile-corpus</a>

</li>

<li>run <code>certtool --p12-info --inder --infile 'keyfile-corpus-keyfiles-0.1.3/rsa(2048,sha256),cert&key(PBES2(scrypt(salt(64),N(16384),r(8),p(1)),aes-256-cbc(IV(16)))),mac(sha512,salt(64),iter(1000000)),pass(ascii).p12' --password 'Red Hat Enterprise Linux 7.4'</code>

</li>

</ul>

<h2 dir="auto">

<a id="user-content-actual-results" class="anchor" href="#actual-results" aria-hidden="true"></a>Actual results:</h2>

<pre class="code highlight js-syntax-highlight plaintext" lang="plaintext" v-pre="true"><code><span id="LC1" class="line" lang="plaintext">PKCS #12 bag read error: ASN1 parser: Generic parsing error.</span>

<span id="LC2" class="line" lang="plaintext">bag_decrypt: ASN1 parser: Generic parsing error.</span>

<span id="LC3" class="line" lang="plaintext">There were errors parsing the structure</span>

<span id="LC4" class="line" lang="plaintext">BAG #0</span>

<span id="LC5" class="line" lang="plaintext">       Type: Encrypted</span>

<span id="LC6" class="line" lang="plaintext"></span>

<span id="LC7" class="line" lang="plaintext">       Decrypting...</span>

<span id="LC8" class="line" lang="plaintext"></span>

<span id="LC9" class="line" lang="plaintext">BAG #1</span>

<span id="LC10" class="line" lang="plaintext">      Elements: 1</span>

<span id="LC11" class="line" lang="plaintext">      Type: PKCS #8 Encrypted key</span>

<span id="LC12" class="line" lang="plaintext">      Friendly name: localhost</span>

<span id="LC13" class="line" lang="plaintext">      Key ID: E3:76:B4:62:05:2B:2F:D4:B9:12:5B:B0:EA:E0:4F:10:C8:C0:C5:B0</span>

<span id="LC14" class="line" lang="plaintext">-----BEGIN ENCRYPTED PRIVATE KEY-----</span>

<span id="LC15" class="line" lang="plaintext">MIIFXjCBhwYJKoZIhvcNAQUNMHowWQYJKwYBBAHaRwQLMEwEQOhfHV2LdjihKQzO</span>

<span id="LC16" class="line" lang="plaintext">193FE8QEj759vzsKsDnsngu4Mz/MI62z7tuv30Jy0nVKdl8TlvO4P4uCrELXML/n</span>

<span id="LC17" class="line" lang="plaintext">e8FvNXkCAkAAAgEIAgEBMB0GCWCGSAFlAwQBKgQQLsNG7LknUfa3lwM3TUWD1gSC</span>

<span id="LC18" class="line" lang="plaintext">BNCbgVmMFOLFbofIE0HY52yIQ0TpVMp3RTl8kGW3qzlkphN3pnLqqhGfcgy3pCjd</span>

<span id="LC19" class="line" lang="plaintext">XY0CR21/fRlsNDxSteSpUCrKzrgpTfzBUDtbgAh+9QcPKTU/RpJIueHOAnoZ6mrs</span>

<span id="LC20" class="line" lang="plaintext">aJ++IOS2l3zKRe8EWYymSWaCvIyu/XVNwAMkhWevm1XY04lP+IGvbJqxGaa3biFB</span>

<span id="LC21" class="line" lang="plaintext">WRqGC29/ds1lQHXsDuLePGjlxVic09nasNIR5t1LBVN20iajBNkh6zGjUN9SExud</span>

<span id="LC22" class="line" lang="plaintext">8lqyaa66qU8gZ+Md3zay6KSRmXjz+GFjMtJts1bLnnmFmi0eNoIufptRk7ZL4MxP</span>

<span id="LC23" class="line" lang="plaintext">ffPoK0xqC9nsAuFejB8LZSpqlLr2NQwoouVBdzP63xBgVkypJvKVtdxyWVes13aL</span>

<span id="LC24" class="line" lang="plaintext">nj6LjqkQvAosvAst1BGJauyPXJsLHlMM90WxIu1Gggohot6KgJ3Gl355zptyjF0j</span>

<span id="LC25" class="line" lang="plaintext">H2bznCyr+74hjqZO+HKT/IhQTfi/I1s327qwKkSXuekjP+NIdhvY4aWAkcYJ/dLV</span>

<span id="LC26" class="line" lang="plaintext">COiBINua0HqCZHJk9qWeFjBQOnKy3BM6HoT2iNV6VhBsCXFjwuKI7BM/SIhB7vBY</span>

<span id="LC27" class="line" lang="plaintext">lhSUZP2Ck7GBiQvwFI903YptNrOd88bETbNVAXgU6oPj2vWwqn/jf8pLdVF/0T9X</span>

<span id="LC28" class="line" lang="plaintext">h72ILxNkfgRKAQ3rPq2o/sPKCswnznGeGZY4DYOGgGQy8jDwKmlrUcZiqVGyRv6/</span>

<span id="LC29" class="line" lang="plaintext">7y/vt5LnpHcaUxy8LKYowzb2DpDB/2PvUdELYv9SPGOfjZ8uF4naQIO4geBC3DWr</span>

<span id="LC30" class="line" lang="plaintext">rmrNcuKvynU950ZbjtMQoxw1mlCX9K+YN9jz3a9Ix66wsJcVJbG7qFsOrfqHbx89</span>

<span id="LC31" class="line" lang="plaintext">6YdXPjFbbfIOX1/oDR/4AWoLy90q362kh0t7Gdo4/UxBl6k1i6GxDO7uRvYfioMy</span>

<span id="LC32" class="line" lang="plaintext">UB9GZ62OgeQCZENJmIPKVVR1Oj1bbtDn+y3gp9DDZBCFSeDygBYR0BwyLcp56Di+</span>

<span id="LC33" class="line" lang="plaintext">/9i4rvHr2kB9LIsM/rXUZVkPWWwt2k3BZfawYlbtniqqMWRc1O6rFg6eAF6PBa5S</span>

<span id="LC34" class="line" lang="plaintext">CCToYrcw0ThDA39ITqVkAnW7YV4ymjiLOjUPVm0I2vnYmgkg2RiD1TzPSpDefEtB</span>

<span id="LC35" class="line" lang="plaintext">9wDOflT3ajb9gbyDe1uDQiD7Gjjljn2Gh4733eF50o9TE8O3usbBpoY8r/fuJOLm</span>

<span id="LC36" class="line" lang="plaintext">M4Fv7KX4VGj/T8J2ww/9h4FcCrTzoFYZvPDjqwIOsdE9zPCuD5LP7LlnXCXNNYue</span>

<span id="LC37" class="line" lang="plaintext">8kwLlQ1OGaAAC87k4pWPX0vpJ8bTD9UshKnkTU/LAM7rg51axzw1tp/CGry18HX6</span>

<span id="LC38" class="line" lang="plaintext">mERjuv2Nz69iKziX2My6VBnYKLbgqFnwQY17dkqOLlTRJEffAexibSgfebyyFrnZ</span>

<span id="LC39" class="line" lang="plaintext">0IacOgTIu0JQRqC/0YOrATf5W7rerc2nHoD0nVIfflP/ade0vOLkr+QtaY3DQoMs</span>

<span id="LC40" class="line" lang="plaintext">6+BnAOWEMFqxgI4yV9dOFqZLjAJeEaAOCiDMG92UBYhYeJSCVS1xagcKN8Hjk0/K</span>

<span id="LC41" class="line" lang="plaintext">KPT3deFiTGLgFsjbBFkphEuD5S8GR03wr856dB/uE1g7jUwVinYJ3frllP+1Dos8</span>

<span id="LC42" class="line" lang="plaintext">1SKf05atGwKC5QbMpkqYVapKfE45TtNMsfVD0JGewRkDePY+Jbiydc3IF6kUgfNv</span>

<span id="LC43" class="line" lang="plaintext">RR0jU7haDKCSU1CGVWBiuA5x04RO++VMOGYKNLlJ1nVx3w==</span>

<span id="LC44" class="line" lang="plaintext">-----END ENCRYPTED PRIVATE KEY-----</span></code></pre>

<h2 dir="auto">

<a id="user-content-expected-results" class="anchor" href="#expected-results" aria-hidden="true"></a>Expected results:</h2>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #777777;">

—

<br>

Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/issues/724">view it on GitLab</a>.

<br>

You're receiving this email because of your account on gitlab.com.

If you'd like to receive fewer emails, you can

<a href="https://gitlab.com/sent_notifications/fb406c1ebbfccc406642b75b44abacb5/unsubscribe">unsubscribe</a>

from this thread or

adjust your notification settings.

<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Issue","url":"https://gitlab.com/gnutls/gnutls/issues/724"}}</script>

</p>

</div>

</body>

</html>