[Bug 2107991] [NEW] fips-updates openssl is broken for PKCS#12/p12 certs

Jaimes Joschko 2107991 at bugs.launchpad.net
Tue Apr 22 21:25:37 UTC 2025 

Public bug reported:

This appears to be reported upstream already under:

[1] - https://github.com/openssl/openssl/issues/20427
[2] - https://github.com/openssl/openssl/issues/19997
[3] - https://github.com/openssl/openssl/issues/24546


# General system information

```
$ lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 22.04.5 LTS
Release:	22.04
Codename:	jammy
```

```
$ apt-cache policy openssl
openssl:
  Installed: 3.0.2-0ubuntu1.19+Fips1
  Candidate: 3.0.2-0ubuntu1.19+Fips1
```

# Reproduce

```
$openssl pkcs12 -export -out test.p12 -inkey test.key -in test.pem -certfile ca.crt 
Enter Export Password:
Verifying - Enter Export Password:

Error creating PKCS12 structure for test.p12
40C7F16FB57F0000:error:1C800069:Provider routines:kdf_pbkdf2_set_ctx_params:invalid key length:../providers/implementations/kdfs/pbkdf2.c:223:
40C7F16FB57F0000:error:11800067:PKCS12 routines:PKCS12_item_i2d_encrypt_ex:encrypt error:../crypto/pkcs12/p12_decr.c:191:
40C7F16FB57F0000:error:11800067:PKCS12 routines:PKCS12_pack_p7encdata_ex:encrypt error:../crypto/pkcs12/p12_add.c:133:
```

** Affects: openssl (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/2107991

Title:
  fips-updates openssl is broken for PKCS#12/p12 certs

Status in openssl package in Ubuntu:
  New

Bug description:
  This appears to be reported upstream already under:

  [1] - https://github.com/openssl/openssl/issues/20427
  [2] - https://github.com/openssl/openssl/issues/19997
  [3] - https://github.com/openssl/openssl/issues/24546

  
  # General system information

  ```
  $ lsb_release -a
  No LSB modules are available.
  Distributor ID:	Ubuntu
  Description:	Ubuntu 22.04.5 LTS
  Release:	22.04
  Codename:	jammy
  ```

  ```
  $ apt-cache policy openssl
  openssl:
    Installed: 3.0.2-0ubuntu1.19+Fips1
    Candidate: 3.0.2-0ubuntu1.19+Fips1
  ```

  # Reproduce

  ```
  $openssl pkcs12 -export -out test.p12 -inkey test.key -in test.pem -certfile ca.crt 
  Enter Export Password:
  Verifying - Enter Export Password:

  Error creating PKCS12 structure for test.p12
  40C7F16FB57F0000:error:1C800069:Provider routines:kdf_pbkdf2_set_ctx_params:invalid key length:../providers/implementations/kdfs/pbkdf2.c:223:
  40C7F16FB57F0000:error:11800067:PKCS12 routines:PKCS12_item_i2d_encrypt_ex:encrypt error:../crypto/pkcs12/p12_decr.c:191:
  40C7F16FB57F0000:error:11800067:PKCS12 routines:PKCS12_pack_p7encdata_ex:encrypt error:../crypto/pkcs12/p12_add.c:133:
  ```

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2107991/+subscriptions

More information about the foundations-bugs mailing list