One unacceptable bypass is to add "-nomac" to remove mac protection as PRs and error msg mentioned.
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/2107991 Title: fips-updates openssl is broken for PKCS#12/p12 certs Status in openssl package in Ubuntu: In Progress Bug description: This appears to be reported upstream already under: [1] - https://github.com/openssl/openssl/issues/20427 [2] - https://github.com/openssl/openssl/issues/19997 [3] - https://github.com/openssl/openssl/issues/24546 # General system information ``` $ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 22.04.5 LTS Release: 22.04 Codename: jammy ``` ``` $ apt-cache policy openssl openssl: Installed: 3.0.2-0ubuntu1.19+Fips1 Candidate: 3.0.2-0ubuntu1.19+Fips1 ``` # Reproduce ``` $openssl pkcs12 -export -out test.p12 -inkey test.key -in test.pem -certfile ca.crt Enter Export Password: Verifying - Enter Export Password: Error creating PKCS12 structure for test.p12 40C7F16FB57F0000:error:1C800069:Provider routines:kdf_pbkdf2_set_ctx_params:invalid key length:../providers/implementations/kdfs/pbkdf2.c:223: 40C7F16FB57F0000:error:11800067:PKCS12 routines:PKCS12_item_i2d_encrypt_ex:encrypt error:../crypto/pkcs12/p12_decr.c:191: 40C7F16FB57F0000:error:11800067:PKCS12 routines:PKCS12_pack_p7encdata_ex:encrypt error:../crypto/pkcs12/p12_add.c:133: ``` To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2107991/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
