[Bug 2107991] Re: fips-updates openssl is broken for PKCS#12/p12 certs
Alan Moore
2107991 at bugs.launchpad.net
Mon Apr 28 08:06:13 UTC 2025
** Changed in: openssl (Ubuntu)
Status: New => Confirmed
** Changed in: openssl (Ubuntu)
Status: Confirmed => In Progress
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/2107991
Title:
fips-updates openssl is broken for PKCS#12/p12 certs
Status in openssl package in Ubuntu:
In Progress
Bug description:
This appears to be reported upstream already under:
[1] - https://github.com/openssl/openssl/issues/20427
[2] - https://github.com/openssl/openssl/issues/19997
[3] - https://github.com/openssl/openssl/issues/24546
# General system information
```
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 22.04.5 LTS
Release: 22.04
Codename: jammy
```
```
$ apt-cache policy openssl
openssl:
Installed: 3.0.2-0ubuntu1.19+Fips1
Candidate: 3.0.2-0ubuntu1.19+Fips1
```
# Reproduce
```
$openssl pkcs12 -export -out test.p12 -inkey test.key -in test.pem -certfile ca.crt
Enter Export Password:
Verifying - Enter Export Password:
Error creating PKCS12 structure for test.p12
40C7F16FB57F0000:error:1C800069:Provider routines:kdf_pbkdf2_set_ctx_params:invalid key length:../providers/implementations/kdfs/pbkdf2.c:223:
40C7F16FB57F0000:error:11800067:PKCS12 routines:PKCS12_item_i2d_encrypt_ex:encrypt error:../crypto/pkcs12/p12_decr.c:191:
40C7F16FB57F0000:error:11800067:PKCS12 routines:PKCS12_pack_p7encdata_ex:encrypt error:../crypto/pkcs12/p12_add.c:133:
```
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2107991/+subscriptions
More information about the foundations-bugs
mailing list