[gnutls-devel] GnuTLS | scrypt in PKCS#12 files is unsupported (#724)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Tue Mar 5 18:40:20 CET 2019


New Issue was created.

Issue 724: https://gitlab.com/gnutls/gnutls/issues/724
Author:    Hubert Kario
Assignee:  

## Description of problem:
PKCS#12 files that use scrypt for key derivation are unsupported by gnutls

## Version of gnutls used:
gnutls-3.6.5-1.el8.x86_64

## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
RHEL

## How reproducible:

 * Download https://github.com/redhat-qe-security/keyfile-corpus
 * run `certtool --p12-info --inder --infile 'keyfile-corpus-keyfiles-0.1.3/rsa(2048,sha256),cert&key(PBES2(scrypt(salt(64),N(16384),r(8),p(1)),aes-256-cbc(IV(16)))),mac(sha512,salt(64),iter(1000000)),pass(ascii).p12' --password 'Red Hat Enterprise Linux 7.4'`


## Actual results:
```
PKCS #12 bag read error: ASN1 parser: Generic parsing error.
bag_decrypt: ASN1 parser: Generic parsing error.
There were errors parsing the structure
BAG #0
	Type: Encrypted

	Decrypting...

BAG #1
	Elements: 1
	Type: PKCS #8 Encrypted key
	Friendly name: localhost
	Key ID: E3:76:B4:62:05:2B:2F:D4:B9:12:5B:B0:EA:E0:4F:10:C8:C0:C5:B0
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFXjCBhwYJKoZIhvcNAQUNMHowWQYJKwYBBAHaRwQLMEwEQOhfHV2LdjihKQzO
193FE8QEj759vzsKsDnsngu4Mz/MI62z7tuv30Jy0nVKdl8TlvO4P4uCrELXML/n
e8FvNXkCAkAAAgEIAgEBMB0GCWCGSAFlAwQBKgQQLsNG7LknUfa3lwM3TUWD1gSC
BNCbgVmMFOLFbofIE0HY52yIQ0TpVMp3RTl8kGW3qzlkphN3pnLqqhGfcgy3pCjd
XY0CR21/fRlsNDxSteSpUCrKzrgpTfzBUDtbgAh+9QcPKTU/RpJIueHOAnoZ6mrs
aJ++IOS2l3zKRe8EWYymSWaCvIyu/XVNwAMkhWevm1XY04lP+IGvbJqxGaa3biFB
WRqGC29/ds1lQHXsDuLePGjlxVic09nasNIR5t1LBVN20iajBNkh6zGjUN9SExud
8lqyaa66qU8gZ+Md3zay6KSRmXjz+GFjMtJts1bLnnmFmi0eNoIufptRk7ZL4MxP
ffPoK0xqC9nsAuFejB8LZSpqlLr2NQwoouVBdzP63xBgVkypJvKVtdxyWVes13aL
nj6LjqkQvAosvAst1BGJauyPXJsLHlMM90WxIu1Gggohot6KgJ3Gl355zptyjF0j
H2bznCyr+74hjqZO+HKT/IhQTfi/I1s327qwKkSXuekjP+NIdhvY4aWAkcYJ/dLV
COiBINua0HqCZHJk9qWeFjBQOnKy3BM6HoT2iNV6VhBsCXFjwuKI7BM/SIhB7vBY
lhSUZP2Ck7GBiQvwFI903YptNrOd88bETbNVAXgU6oPj2vWwqn/jf8pLdVF/0T9X
h72ILxNkfgRKAQ3rPq2o/sPKCswnznGeGZY4DYOGgGQy8jDwKmlrUcZiqVGyRv6/
7y/vt5LnpHcaUxy8LKYowzb2DpDB/2PvUdELYv9SPGOfjZ8uF4naQIO4geBC3DWr
rmrNcuKvynU950ZbjtMQoxw1mlCX9K+YN9jz3a9Ix66wsJcVJbG7qFsOrfqHbx89
6YdXPjFbbfIOX1/oDR/4AWoLy90q362kh0t7Gdo4/UxBl6k1i6GxDO7uRvYfioMy
UB9GZ62OgeQCZENJmIPKVVR1Oj1bbtDn+y3gp9DDZBCFSeDygBYR0BwyLcp56Di+
/9i4rvHr2kB9LIsM/rXUZVkPWWwt2k3BZfawYlbtniqqMWRc1O6rFg6eAF6PBa5S
CCToYrcw0ThDA39ITqVkAnW7YV4ymjiLOjUPVm0I2vnYmgkg2RiD1TzPSpDefEtB
9wDOflT3ajb9gbyDe1uDQiD7Gjjljn2Gh4733eF50o9TE8O3usbBpoY8r/fuJOLm
M4Fv7KX4VGj/T8J2ww/9h4FcCrTzoFYZvPDjqwIOsdE9zPCuD5LP7LlnXCXNNYue
8kwLlQ1OGaAAC87k4pWPX0vpJ8bTD9UshKnkTU/LAM7rg51axzw1tp/CGry18HX6
mERjuv2Nz69iKziX2My6VBnYKLbgqFnwQY17dkqOLlTRJEffAexibSgfebyyFrnZ
0IacOgTIu0JQRqC/0YOrATf5W7rerc2nHoD0nVIfflP/ade0vOLkr+QtaY3DQoMs
6+BnAOWEMFqxgI4yV9dOFqZLjAJeEaAOCiDMG92UBYhYeJSCVS1xagcKN8Hjk0/K
KPT3deFiTGLgFsjbBFkphEuD5S8GR03wr856dB/uE1g7jUwVinYJ3frllP+1Dos8
1SKf05atGwKC5QbMpkqYVapKfE45TtNMsfVD0JGewRkDePY+Jbiydc3IF6kUgfNv
RR0jU7haDKCSU1CGVWBiuA5x04RO++VMOGYKNLlJ1nVx3w==
-----END ENCRYPTED PRIVATE KEY-----
```

## Expected results:

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/724
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190305/902b276e/attachment.html>


More information about the Gnutls-devel mailing list