Bug 1612803 - Cannot read EC public key with certtool in 3.6.3 (Fedora 28)
Summary: Cannot read EC public key with certtool in 3.6.3 (Fedora 28)
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: gnutls
Version: 28
Hardware: All
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Nikos Mavrogiannopoulos
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-08-06 10:26 UTC by Stefan Berger
Modified: 2018-08-11 19:11 UTC (History)
2 users (show)

Fixed In Version: gnutls-3.6.3-3.fc28
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-08-11 19:11:53 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Stefan Berger 2018-08-06 10:26:32 UTC 
The bug has been files against GnuTLS and a fix has been created there: https://gitlab.com/gnutls/gnutls/issues/538

Description of problem:

Hello,
the following key in tests/data/ecpubek.pem
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEne14S57Dr9tYfw2PtsVoaC0IrHji
EFKihkvMeimuYRVxYkZh5kmZfwcOIKlGawAo1JhUgA3iYSlLi3ho71aq0g==
-----END PUBLIC KEY-----
cannot be read with certtool from gnutls-utils-3.6.3-2.fc28.x86_64::

certtool --load-pubkey ./tests/data/ecpubek.pem --pubkey-info
Public Key Information:
Public Key Algorithm: EC/ECDSA
Algorithm Security Level: Unknown (0 bits)
Curve:	(null)
X:
00:9d:ed:78:4b:9e:c3:af:db:58:7f:0d:8f:b6:c5:68
68:2d:08:ac:78:e2:10:52:a2:86:4b:cc:7a:29:ae:61
15
Y:
71:62:46:61:e6:49:99:7f:07:0e:20:a9:46:6b:00:28
d4:98:54:80:0d:e2:61:29:4b:8b:78:68:ef:56:aa:d2
error: get_key_id(sha1): ASN1 parser: Generic parsing error.
export error: The request is invalid.

It  works with certtool from gnutls-utils-3.5.18-2.fc27.x86_64:

certtool --load-pubkey ./tests/data/ecpubek.pem --pubkey-info
Public Key Information:
Public Key Algorithm: EC/ECDSA
Algorithm Security Level: High (256 bits)
Curve:  SECP256R1
X:
00:9d:ed:78:4b:9e:c3:af:db:58:7f:0d:8f:b6:c5:68
68:2d:08:ac:78:e2:10:52:a2:86:4b:cc:7a:29:ae:61
15
Y:
71:62:46:61:e6:49:99:7f:07:0e:20:a9:46:6b:00:28
d4:98:54:80:0d:e2:61:29:4b:8b:78:68:ef:56:aa:d2
Public Key ID:
sha1:02f886dc56421b061b8ec2544f2433ee49a1d80e
sha256:ea8456b1378f13acf91cff3eedda26c485aa937763506ffa85d16922001d238f
Public Key PIN:
pin-sha256:6oRWsTePE6z5HP8+7domxIWqk3djUG/6hdFpIgAdI48=
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEne14S57Dr9tYfw2PtsVoaC0IrHji
EFKihkvMeimuYRVxYkZh5kmZfwcOIKlGawAo1JhUgA3iYSlLi3ho71aq0g==
-----END PUBLIC KEY-----

Version-Release number of selected component (if applicable):

gnutls-utils-3.6.3-2.fc28.x86_64
Comment 1 Stefan Berger 2018-08-06 11:52:40 UTC 
I test-built the F28 version of gnutls with their proposed patch https://gitlab.com/gnutls/gnutls/commit/a01e9021999d172ddc0faaadf7ae43abf8093338.patch and it resolves the issue.
Comment 2 Fedora Update System 2018-08-07 14:15:57 UTC 
gnutls-3.6.3-3.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-4fcea4c482
Comment 3 Fedora Update System 2018-08-08 17:14:20 UTC 
gnutls-3.6.3-3.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-4fcea4c482
Comment 4 Fedora Update System 2018-08-11 19:11:53 UTC 
gnutls-3.6.3-3.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.