Bug 1220789

Summary: pkcs12 -info option doesn't report key encryption cipher with PKCS#5 v2.0 ciphers
Product: Red Hat Enterprise Linux 7 Reporter: Alicja Kario <hkario>
Component: opensslAssignee: Tomas Mraz <tmraz>
Status: CLOSED DUPLICATE QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: low Docs Contact:
Priority: low    
Version: 7.1   
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-04-03 14:16:59 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Alicja Kario 2015-05-12 12:57:30 UTC 
Description of problem:
When using `pkcs12 -info` command to list information about a PKCS#12 file, no information is outputted if the key in file is encrypted with the new PKCS#8 v2.0 format.

Version-Release number of selected component (if applicable):
openssl-1.0.1e-42.el7_1.4.x86_64

How reproducible:
Always

Steps to Reproduce:
1. penssl req -x509 -newkey rsa -keyout localhost.key -out localhost.crt -subj /CN=localhost -nodes -batch
2. openssl pkcs12 -export -out bundle.p12 -in localhost.key -nocerts -passout pass: -name server-key -keypbe AES-256-CBC
3. openssl pkcs12 -info -in bundle.p12  -passin pass: -noout

Actual results:
MAC Iteration 2048
MAC verified OK
PKCS7 Data
Shrouded Keybag:

Expected results:
MAC Iteration 2048
MAC verified OK
PKCS7 Data
Shrouded Keybag: PKCS#5 v2 PBE with AES-256-CBC, Iteration 2048

Additional info: 
NSS `pk12util` can output this information with:

  pk12util -l bundle.p12 -v
Comment 1 Alicja Kario 2016-06-24 15:44:03 UTC 
upstream report: https://rt.openssl.org/Ticket/Display.html?id=4588&user=guest&pass=guest
Comment 2 Alicja Kario 2016-09-29 17:24:23 UTC 
this is in 1.0.2 already, so won't rebase fix this?
Comment 3 Tomas Mraz 2016-09-29 17:51:09 UTC 
I confused it with another RFE.
Comment 4 Tomas Mraz 2017-04-03 14:16:59 UTC 
Included in the OpenSSL 1.0.2

*** This bug has been marked as a duplicate of bug 1276310 ***