Description of problem:
When a PKCS#12 file does not use encryption for key nor certificate for ECDSA, the import fails.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. pk12util -i 'keyfile-corpus-keyfiles-0.1.2/ecdsa(P-256,sha256),cert(none),key(none),mac(sha1,salt(8),iter(2048)),pass(ascii).p12' -d sql:nssdb -w keyfile-corpus-keyfiles-0.1.2/password-ascii.txt
pk12util: PKCS12 decode import bags failed: SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY: Unable to import. Error attempting to import private key.
Looks like the issue is only with the key part of the PKCS#12 file, not the certificate not being encrypted.
This issue was not selected to be included either in Red Hat Enterprise Linux 7.7 because it is seen either as low or moderate impact to a small amount of use-cases. The next release will be in Maintenance Support 1 Phase, which means that qualified Critical and Important Security errata advisories (RHSAs) and Urgent Priority Bug Fix errata advisories (RHBAs) may be released as they become available. We will now close this issue, but if you believe that it qualifies for the Maintenance Support 1 Phase, please re-open; otherwise we recommend moving the request to Red Hat Enterprise Linux 8 if applicable.
I am not able to reproduce it with the latest packages on RHEL-7.6:
$ pk12util -i 'keyfile-corpus/ecdsa(P-256,sha256),cert(none),key(none),mac(sha1,salt(8),iter(2048)),pass(ascii).p12' -d sql:nssdb -w keyfile-corpus/password-ascii.txt
pk12util: PKCS12 IMPORT SUCCESSFUL
Given that this was reported against 3.28 while 3.30 has a fix handling ECDSA private keys, I suppose this was already fixed in the previous rebase of NSS to 3.36: