<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">
<title>
GitLab
</title>

<style data-premailer="ignore" type="text/css">
a { color: #1068bf; }
</style>

<style>img {
max-width: 100%; height: auto;
}
body {
font-size: 0.875rem;
}
body {
-webkit-text-shadow: rgba(255,255,255,0.01) 0 0 1px;
}
body {
font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Noto Sans", Ubuntu, Cantarell, "Helvetica Neue", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji"; font-size: inherit;
}
</style>
</head>
<body style='font-size: inherit; -webkit-text-shadow: rgba(255,255,255,0.01) 0 0 1px; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Noto Sans", Ubuntu, Cantarell, "Helvetica Neue", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji";'>
<div class="content">

<p class="details" style="font-style: italic; color: #666;">
<a href="https://gitlab.com/asosedkin" style="color: #1068bf;">Alexander Sosedkin</a> created an issue: <a href="https://gitlab.com/gnutls/gnutls/-/issues/1392" style="color: #1068bf;">#1392</a>
</p>
<div class="md" style="color: #303030; word-wrap: break-word;">
<div class="gl-relative markdown-code-block js-markdown-code" style="margin-top: 0;">
<pre class="code highlight js-syntax-highlight language-plaintext" lang="plaintext" data-canonical-lang="" v-pre="true" style='display: block; font-size: 13px; color: #303030; line-height: 1.6em; overflow-x: auto; border-radius: 2px; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; margin: 0 0 16px; padding: 12px; border: 1px solid #dbdbdb;'><code style='font-size: inherit; color: inherit; word-wrap: normal; word-break: keep-all; background-color: inherit; border-radius: 4px; white-space: pre; margin-top: 0; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; overflow-wrap: normal; padding: unset;'><span id="LC1" class="line" lang="plaintext" style="margin-top: 0;">$ fips-mode-setup --check</span>
<span id="LC2" class="line" lang="plaintext">FIPS mode is enabled.</span>
<span id="LC3" class="line" lang="plaintext"> </span>
<span id="LC4" class="line" lang="plaintext">$ wget -q 'https://github.com/redhat-qe-security/keyfile-corpus/raw/master/rsa(2048,sha256),cert&key(pbeWithMD5AndDES-CBC,salt(8),iter(2048)),mac(sha1,salt(8),iter(2048)),pass(ascii).p12'</span>
<span id="LC5" class="line" lang="plaintext"> </span>
<span id="LC6" class="line" lang="plaintext">$ certtool --p12-info --inder --infile 'rsa(2048,sha256),cert&key(pbeWithMD5AndDES-CBC,salt(8),iter(2048)),mac(sha1,salt(8),iter(2048)),pass(ascii).p12' --password 'Red Hat Enterprise Linux 7.4'</span>
<span id="LC7" class="line" lang="plaintext">MAC info:</span>
<span id="LC8" class="line" lang="plaintext">        MAC: SHA1 (1.3.14.3.2.26)</span>
<span id="LC9" class="line" lang="plaintext">        Salt: 052281f5da42b212</span>
<span id="LC10" class="line" lang="plaintext">        Salt size: 8</span>
<span id="LC11" class="line" lang="plaintext">        Iteration count: 2048</span>
<span id="LC12" class="line" lang="plaintext"> </span>
<span id="LC13" class="line" lang="plaintext">BAG #0</span>
<span id="LC14" class="line" lang="plaintext">        Type: Encrypted</span>
<span id="LC15" class="line" lang="plaintext">        Cipher: DES-CBC</span>
<span id="LC16" class="line" lang="plaintext">        Schema: PBES1-DES-CBC-MD5 (1.2.840.113549.1.5.3)</span>
<span id="LC17" class="line" lang="plaintext">        Salt:</span>
<span id="LC18" class="line" lang="plaintext">        Salt size: 0</span>
<span id="LC19" class="line" lang="plaintext">        Iteration count: 2048</span>
<span id="LC20" class="line" lang="plaintext"> </span>
<span id="LC21" class="line" lang="plaintext">        Decrypting...</span>
<span id="LC22" class="line" lang="plaintext">        Elements: 1</span>
<span id="LC23" class="line" lang="plaintext">        Type: Certificate</span>
<span id="LC24" class="line" lang="plaintext">        Friendly name: localhost</span>
<span id="LC25" class="line" lang="plaintext">        Key ID: E3:76:B4:62:05:2B:2F:D4:B9:12:5B:B0:EA:E0:4F:10:C8:C0:C5:B0</span>
<span id="LC26" class="line" lang="plaintext">-----BEGIN CERTIFICATE-----</span>
<span id="LC27" class="line" lang="plaintext">MIIC+zCCAeOgAwIBAgIJALcX+trIX5ynMA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNV</span>
<span id="LC28" class="line" lang="plaintext">BAMMCWxvY2FsaG9zdDAeFw0xNzAzMTYxMTAzMTBaFw0xNzA0MTUxMTAzMTBaMBQx</span>
<span id="LC29" class="line" lang="plaintext">EjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC</span>
<span id="LC30" class="line" lang="plaintext">ggEBANykRgfq8TW1B6NNUaR3cG0OW0nzy1RW74k4pfg/3CxOh/JBk6YX9TJ2GJ2j</span>
<span id="LC31" class="line" lang="plaintext">mE9el3mMgItrCAv6cduWvYkl7H/B/iLpLO/8ie5bwL6IDC/s107uxTMBJwE83gwt</span>
<span id="LC32" class="line" lang="plaintext">jE1bgJ02rf602BKqTB9COuCLQAM46u3liukOPOAFhiF6dGSOX7wGm36EqS11EZiO</span>
<span id="LC33" class="line" lang="plaintext">UHRLJeIV6ruLf35Sme26Lzefd1Pj6J5T/vYlrd54QcBqRRL3jBw2j4DUphG4LroR</span>
<span id="LC34" class="line" lang="plaintext">eVCNMiYTx9+kqlqHrz4NWNFsms7r6LYTA1Q3KcwjuDVq7aznVKXRxnI09e919Txk</span>
<span id="LC35" class="line" lang="plaintext">veYoK+E7e4M+X4o/Mc41IUZguAkCAwEAAaNQME4wHQYDVR0OBBYEFJ2pF/DIt1Gf</span>
<span id="LC36" class="line" lang="plaintext">DHgXypnHtptyeghoMB8GA1UdIwQYMBaAFJ2pF/DIt1GfDHgXypnHtptyeghoMAwG</span>
<span id="LC37" class="line" lang="plaintext">A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFO29MmqGIBwP4F3ehNlIBnv</span>
<span id="LC38" class="line" lang="plaintext">pSZiLraBN9HKOCJKOJxSJ69KL4FFV/pqXegdXDHebdx3YfRV0tC+nF0izUtNC+kO</span>
<span id="LC39" class="line" lang="plaintext">8XKU/sFwwMG4bP+rU1cl2mZZK8vVWA0mippphOe3Jwr/cZWK5rMja6OIGsIQieWx</span>
<span id="LC40" class="line" lang="plaintext">Ot5vBruOYOfoNAOIms7ezEKCIhgi7lhT06Voe8DlVM2/dxmyIgxenl0i45WRVd9u</span>
<span id="LC41" class="line" lang="plaintext">4C+a2HQULDbBS2GdqHkyD8guY6HFLkeDZrymKZDYDsH6P+qUqK97/WhFqgTCSTQy</span>
<span id="LC42" class="line" lang="plaintext">XcMXQPzfo2bP7KqY/WvwAbekZ4psv22fRs3g6NPxQvMSpqoRZ0sHHvnM40NoBWQ=</span>
<span id="LC43" class="line" lang="plaintext">-----END CERTIFICATE-----</span>
<span id="LC44" class="line" lang="plaintext"> </span>
<span id="LC45" class="line" lang="plaintext">BAG #1</span>
<span id="LC46" class="line" lang="plaintext">        Elements: 1</span>
<span id="LC47" class="line" lang="plaintext">        Type: PKCS #8 Encrypted key</span>
<span id="LC48" class="line" lang="plaintext">        PKCS #8 information:</span>
<span id="LC49" class="line" lang="plaintext">                Cipher: DES-CBC</span>
<span id="LC50" class="line" lang="plaintext">                Schema: PBES1-DES-CBC-MD5 (1.2.840.113549.1.5.3)</span>
<span id="LC51" class="line" lang="plaintext">                Salt:</span>
<span id="LC52" class="line" lang="plaintext">                Salt size: 0</span>
<span id="LC53" class="line" lang="plaintext">                Iteration count: 2048</span>
<span id="LC54" class="line" lang="plaintext"> </span>
<span id="LC55" class="line" lang="plaintext">        Friendly name: localhost</span>
<span id="LC56" class="line" lang="plaintext">        Key ID: E3:76:B4:62:05:2B:2F:D4:B9:12:5B:B0:EA:E0:4F:10:C8:C0:C5:B0</span>
<span id="LC57" class="line" lang="plaintext">-----BEGIN ENCRYPTED PRIVATE KEY-----</span>
<span id="LC58" class="line" lang="plaintext">MIIE6TAbBgkqhkiG9w0BBQMwDgQIxOUh2dwiYk8CAggABIIEyG7fO0wGc6GveVQX</span>
<span id="LC59" class="line" lang="plaintext">1sHnirPDSxMF39c9Aj4tIK/1x4eul+KGwQ4hZIDgNq4nwp+BHG8Cna5uTi/mpy/v</span>
<span id="LC60" class="line" lang="plaintext">XOeWFlf2kicPMmJkR4hLiMij+rSuAox28ChFNIvn2y1zyTP6MTXIDrNg3WQ2hFR6</span>
<span id="LC61" class="line" lang="plaintext">tnO/Lhs+YHA5Zt386lN3DH/SxarRpCCaS6TOcRCfuuEdQNROMPNaPO1AekssjOcF</span>
<span id="LC62" class="line" lang="plaintext">LOCqg2Xi2pc4ZsTT2066OVjFKaeRV/Libg7buTx2l0cR+B+0GovUm42wvwNitGq3</span>
<span id="LC63" class="line" lang="plaintext">QvkSjiMiQ+OFt81R7xcQmGHbz2CF22FMjYpkjbrtC5Rc1dqW1NA1Y83eoYhJzJhR</span>
<span id="LC64" class="line" lang="plaintext">x4W/Y8BvOaPDfCSvBXDDFHr8nOqscs9xxKCpFb6Vh4TlytrbcWKc8bNurNLxfEwS</span>
<span id="LC65" class="line" lang="plaintext">89LXif+jphZ12A3biqjNNQHXMk/TdA7vAb/Xk7xpg7R8LBpV34+mwX+7k0tXARDq</span>
<span id="LC66" class="line" lang="plaintext">Ck377vijd4mvHX65ol8FQuC3ggkeZrk3lmj8FUC4nSzacvS3kXQNr8MtblyvhhJE</span>
<span id="LC67" class="line" lang="plaintext">4FerJdYPNWsnDxqimaUI+c+bjbotaDTUWeJcxJdAki0brgPCeWcak3oCEBNWuLu8</span>
<span id="LC68" class="line" lang="plaintext">BsMAx6Iuw7ECcGKitaIc+zkxokcJZe4rjSOc9bMXuTOpkukpzZ9JZVDh+z/n4ALN</span>
<span id="LC69" class="line" lang="plaintext">uvUbA2/alAVoWZO/OL4BST65uUZxM7nOHR63tTd5HgroxkZHlOlG4p919kqe7s1S</span>
<span id="LC70" class="line" lang="plaintext">XE8nmjIa0ruFHqHg/FjiwL4rUTcg3OLeo7MVUQfqjI0rSL1XKWDgrpWEcVp5pPuu</span>
<span id="LC71" class="line" lang="plaintext">NtDH6gQO0t5t3JBxGVYiZ4A3rLIZeIavz51A/2OwNFHKxXdJGgskv/Xk4vsFL/EB</span>
<span id="LC72" class="line" lang="plaintext">VCThi2c5S2z/jQtP493faKSSHGsK9cJXfOmTv24YqisO/JYQg1/d7srCcYkgmmFh</span>
<span id="LC73" class="line" lang="plaintext">LKJMTYdARuGFs2UtcUubqve/UJp4Zg6FuG51Ga47qJBwS79SqKBeXeC23vf3USn1</span>
<span id="LC74" class="line" lang="plaintext">szInO5WBSCKinFmA9AXnuFDS2gxDi/fJgq9untjg+cqonmPd4pn1vHCibICoyO8V</span>
<span id="LC75" class="line" lang="plaintext">qzELqXasmjSimzzC8WQkEfHln/YqiPonYtvW9Iqf/gjaf1XDwCYSzclIzHT+/E7q</span>
<span id="LC76" class="line" lang="plaintext">j+kY1iJiJU65vvjUmdB+T7h4IqEiAwZhNiqe1RQp7QWThwdefL6THZGEudQarj3z</span>
<span id="LC77" class="line" lang="plaintext">J73buBtY2zf8GfB2b2lmFYzp6MjJQpnT5WLnxBQl2l8/r6ms57ds+avC50CXWf/J</span>
<span id="LC78" class="line" lang="plaintext">Z4I6cN8Q0RKax2Y7nUcNXqrzIHk25cGMn1HPY02F/h9h70JsxrKBHJEFBXXLnZ21</span>
<span id="LC79" class="line" lang="plaintext">72NjT8fGSUgoQ0Qh9epOfaKfQqRiquYkMHiT7ksnIuHF+4x4JYze2HVSYs36Wu3y</span>
<span id="LC80" class="line" lang="plaintext">l7/8cZmH2f356trgcycOLve32xZkx6edcbIWHNWNW2gXsP4LmGxtP58uFtwTxN6v</span>
<span id="LC81" class="line" lang="plaintext">RUmzb9XOWfBCsk4wGF3OGfQpM6pWulxMtjXr8URpyUquCR3E8hzBHg/UJPSkQBIb</span>
<span id="LC82" class="line" lang="plaintext">WSmrZHQH1zRoK7RxPWqjWD5s99fZlPmRTmirVfKynq/5dbsCNIdPPW+qwhGHLlHX</span>
<span id="LC83" class="line" lang="plaintext">jAQwxW5sqEE6m2ENmECrHm5mHjmAUShlu/x55rQuKrQvWwGZXCVOH3NKt8rum/tg</span>
<span id="LC84" class="line" lang="plaintext">Iw3Jj8IrAn8/Do/4vQ==</span>
<span id="LC85" class="line" lang="plaintext">-----END ENCRYPTED PRIVATE KEY-----</span></code></pre>
<copy-code></copy-code>
</div>
<p dir="auto" style="color: #303030; margin: 0 0 16px;" align="initial">I expect DES-CBC bag decryption to fail with <code style='font-size: 90%; color: #1f1f1f; word-wrap: break-word; background-color: #f0f0f0; border-radius: 4px; margin-top: 0; font-weight: inherit; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; white-space: pre-wrap; overflow-wrap: break-word; word-break: keep-all; padding: 2px 4px;'>bag_decrypt: An algorithm that is not enabled was negotiated.</code></p>
<p dir="auto" style="color: #303030; margin: 0;" align="initial">Related: <a href="https://gitlab.com/gnutls/gnutls/-/merge_requests/1626" data-original="https://gitlab.com/gnutls/gnutls/-/merge_requests/1626" data-link="false" data-link-reference="true" data-project="179611" data-merge-request="169540322" data-project-path="gnutls/gnutls" data-iid="1626" data-reference-type="merge_request" data-container="body" data-placement="top" title="_gnutls_decrypt_pbes1_des_md5_data: use public crypto API" class="gfm gfm-merge_request" style="color: #1068bf; margin-top: 0;">!1626</a></p>
</div>

</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #666;">

<br>
Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/-/issues/1392" style="color: #1068bf;">view it on GitLab</a>.
<br>
You're receiving this email because of your account on <a target="_blank" rel="noopener noreferrer" href="https://gitlab.com" style="color: #1068bf;">gitlab.com</a>. <a href="https://gitlab.com/-/sent_notifications/e2b7e303d1e6cecee9eab7dd6176d002/unsubscribe" target="_blank" rel="noopener noreferrer" style="color: #1068bf;">Unsubscribe</a> from this thread · <a href="https://gitlab.com/-/profile/notifications" target="_blank" rel="noopener noreferrer" class="mng-notif-link" style="color: #1068bf;">Manage all notifications</a> · <a href="https://gitlab.com/help" target="_blank" rel="noopener noreferrer" class="help-link" style="color: #1068bf;">Help</a>
<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Issue","url":"https://gitlab.com/gnutls/gnutls/-/issues/1392"}}</script>


</p>
</div>
</body>
</html>