Bug 1712023

Summary: openssl pkcs12 uses certpbe algorithm not compliant with FIPS by default
Product: Red Hat Enterprise Linux 8 Reporter: Ondrej Moriš <omoris>
Component: opensslAssignee: Tomas Mraz <tmraz>
Status: CLOSED ERRATA QA Contact: Daiki Ueno <dueno>
Severity: medium Docs Contact:
Priority: medium    
Version: 8.0CC: dueno, hkario
Target Milestone: rcKeywords: Triaged
Target Release: 8.1Flags: pm-rhel: mirror+
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: openssl-1.1.1b-6.el8 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-11-05 22:40:19 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ondrej Moriš 2019-05-20 16:00:33 UTC 
Description of problem:

OpenSSL PKCS#12 uses certpbe algorithm which is forbidden in FIPS mode (3des?):

# openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12  -passin pass:'whatever' -passout pass:'whatever'
139752744220480:error:060740A0:digital envelope routines:EVP_PBE_CipherInit:unknown cipher:crypto/evp/evp_pbe.c:114:
139752744220480:error:23077073:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 algor cipherinit error:crypto/pkcs12/p12_decr.c:41:
139752744220480:error:2306C067:PKCS12 routines:PKCS12_item_i2d_encrypt:encrypt error:crypto/pkcs12/p12_decr.c:144:
139752744220480:error:23073067:PKCS12 routines:PKCS12_pack_p7encdata:encrypt error:crypto/pkcs12/p12_add.c:119:

The command passes when -certpbe is set to NONE.

Version-Release number of selected component (if applicable):

openssl-1.1.1-8.el8

How reproducible:

100%

Steps to Reproduce:

1. Enable FIPS mode.
2. Generate key pair.
3. Export it via openssl pkcs12.

Actual results:

Error (see above). 

Expected results:

Successful export.

Additional info:

In FIPS  openssl should use FIPS compliant algorithm (analogously to keypbe).
Comment 1 Ondrej Moriš 2019-05-20 16:11:52 UTC 
(In reply to Ondrej Moriš from comment #0)

> Additional info:
> 
> In FIPS  openssl should use FIPS compliant algorithm (analogously to keypbe).

It seems that PBE-SHA1-RC2-40 is used by default actually. Also please notice that both DES-EDE3-CBC and PBE-SHA1-3DES work fine.
Comment 2 Alex Scheel 2019-05-20 16:49:50 UTC 
*** Bug 1710950 has been marked as a duplicate of this bug. ***
Comment 3 Ondrej Moriš 2019-05-21 15:29:21 UTC 
Also, I think the default option should be the same when FIPS mode is enabled or disabled (and compliant with FIPS at the same time). It will help to avoid situation when keys are generated with FIPS mode disabled using a non-compliant algorithm and then cannot be used once FIPS mode is enabled.
Comment 12 errata-xmlrpc 2019-11-05 22:40:19 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2019:3700