Bug 1612803

Summary: Cannot read EC public key with certtool in 3.6.3 (Fedora 28)
Product: [Fedora] Fedora Reporter: Stefan Berger <stefanb>
Component: gnutlsAssignee: Nikos Mavrogiannopoulos <nmavrogi>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 28CC: nmavrogi, tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: gnutls-3.6.3-3.fc28 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-08-11 19:11:53 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Stefan Berger 2018-08-06 10:26:32 UTC 
The bug has been files against GnuTLS and a fix has been created there: https://gitlab.com/gnutls/gnutls/issues/538

Description of problem:

Hello,
the following key in tests/data/ecpubek.pem
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEne14S57Dr9tYfw2PtsVoaC0IrHji
EFKihkvMeimuYRVxYkZh5kmZfwcOIKlGawAo1JhUgA3iYSlLi3ho71aq0g==
-----END PUBLIC KEY-----
cannot be read with certtool from gnutls-utils-3.6.3-2.fc28.x86_64::

certtool --load-pubkey ./tests/data/ecpubek.pem --pubkey-info
Public Key Information:
Public Key Algorithm: EC/ECDSA
Algorithm Security Level: Unknown (0 bits)
Curve:	(null)
X:
00:9d:ed:78:4b:9e:c3:af:db:58:7f:0d:8f:b6:c5:68
68:2d:08:ac:78:e2:10:52:a2:86:4b:cc:7a:29:ae:61
15
Y:
71:62:46:61:e6:49:99:7f:07:0e:20:a9:46:6b:00:28
d4:98:54:80:0d:e2:61:29:4b:8b:78:68:ef:56:aa:d2
error: get_key_id(sha1): ASN1 parser: Generic parsing error.
export error: The request is invalid.

It  works with certtool from gnutls-utils-3.5.18-2.fc27.x86_64:

certtool --load-pubkey ./tests/data/ecpubek.pem --pubkey-info
Public Key Information:
Public Key Algorithm: EC/ECDSA
Algorithm Security Level: High (256 bits)
Curve:  SECP256R1
X:
00:9d:ed:78:4b:9e:c3:af:db:58:7f:0d:8f:b6:c5:68
68:2d:08:ac:78:e2:10:52:a2:86:4b:cc:7a:29:ae:61
15
Y:
71:62:46:61:e6:49:99:7f:07:0e:20:a9:46:6b:00:28
d4:98:54:80:0d:e2:61:29:4b:8b:78:68:ef:56:aa:d2
Public Key ID:
sha1:02f886dc56421b061b8ec2544f2433ee49a1d80e
sha256:ea8456b1378f13acf91cff3eedda26c485aa937763506ffa85d16922001d238f
Public Key PIN:
pin-sha256:6oRWsTePE6z5HP8+7domxIWqk3djUG/6hdFpIgAdI48=
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEne14S57Dr9tYfw2PtsVoaC0IrHji
EFKihkvMeimuYRVxYkZh5kmZfwcOIKlGawAo1JhUgA3iYSlLi3ho71aq0g==
-----END PUBLIC KEY-----

Version-Release number of selected component (if applicable):

gnutls-utils-3.6.3-2.fc28.x86_64
Comment 1 Stefan Berger 2018-08-06 11:52:40 UTC 
I test-built the F28 version of gnutls with their proposed patch https://gitlab.com/gnutls/gnutls/commit/a01e9021999d172ddc0faaadf7ae43abf8093338.patch and it resolves the issue.
Comment 2 Fedora Update System 2018-08-07 14:15:57 UTC 
gnutls-3.6.3-3.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-4fcea4c482
Comment 3 Fedora Update System 2018-08-08 17:14:20 UTC 
gnutls-3.6.3-3.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-4fcea4c482
Comment 4 Fedora Update System 2018-08-11 19:11:53 UTC 
gnutls-3.6.3-3.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.