From 2aa6d97a548509ae65e471bba3b41ca7cf7110c4 Mon Sep 17 00:00:00 2001 From: Jun Aruga Date: Mon, 19 Jan 2026 13:23:24 +0000 Subject: [PATCH 1/2] Fix test_pkcs12.rb in FIPS. * OpenSSL::PKCS12.create calling the PKCS12_create() has the argument mac_iter which uses a MAC key using PKCS12KDF which is not FIPS-approved. * OpenSSL::PKCS12.new with base64-encoded example calling PKCS12_parse() verifies the MAC key using PKCS12KDF which is not FIPS-approved. * PBE-SHA1-3DES uses PKCS12KDF which is not FIPS-approved according to the RFC 7292 PKCS#12. https://datatracker.ietf.org/doc/html/rfc7292#appendix-C > The PBES1 encryption scheme defined in PKCS #5 provides a number of > algorithm identifiers for deriving keys and IVs; here, we specify a > few more, all of which use the procedure detailed in Appendices B.2 > and B.3 to construct keys (and IVs, where needed). As is implied by > their names, all of the object identifiers below use the hash > function SHA-1. > ... > pbeWithSHAAnd3-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 3} Note that the pbeWithSHAAnd3-KeyTripleDES-CBC (pkcs12-pbeids 3) in the RFC 7292 PKCS#12 means PBE-SHA1-3DES in OpenSSL. PKCS12KDF is used in PKCS#12. https://oidref.com/1.2.840.113549.1.12.1.3 https://github.com/openssl/openssl/blob/ed57d1e06dca28689190e00d9893e0fd7ecc67c1/crypto/objects/objects.txt#L385 --- Rakefile | 1 - test/openssl/test_pkcs12.rb | 23 +++++++++++++++++++++++ 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/Rakefile b/Rakefile index f73cc21b7..06a7c1917 100644 --- a/Rakefile +++ b/Rakefile @@ -28,7 +28,6 @@ Rake::TestTask.new(:test_fips_internal) do |t| t.test_files = FileList['test/**/test_*.rb'] - FileList[ 'test/openssl/test_hmac.rb', 'test/openssl/test_kdf.rb', - 'test/openssl/test_pkcs12.rb', 'test/openssl/test_ts.rb', ] t.warning = true diff --git a/test/openssl/test_pkcs12.rb b/test/openssl/test_pkcs12.rb index 1b5328774..81f7875f9 100644 --- a/test/openssl/test_pkcs12.rb +++ b/test/openssl/test_pkcs12.rb @@ -3,6 +3,29 @@ if defined?(OpenSSL) +# OpenSSL::PKCS12.create calling the PKCS12_create() has the argument mac_iter +# which uses a MAC key using PKCS12KDF which is not FIPS-approved. +# OpenSSL::PKCS12.new with base64-encoded example calling PKCS12_parse() +# verifies the MAC key using PKCS12KDF which is not FIPS-approved. +# +# PBE-SHA1-3DES uses PKCS12KDF which is not FIPS-approved according to the RFC +# 7292 PKCS#12. +# https://datatracker.ietf.org/doc/html/rfc7292#appendix-C +# > The PBES1 encryption scheme defined in PKCS #5 provides a number of +# > algorithm identifiers for deriving keys and IVs; here, we specify a +# > few more, all of which use the procedure detailed in Appendices B.2 +# > and B.3 to construct keys (and IVs, where needed). As is implied by +# > their names, all of the object identifiers below use the hash +# > function SHA-1. +# > ... +# > pbeWithSHAAnd3-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 3} +# +# Note that the pbeWithSHAAnd3-KeyTripleDES-CBC (pkcs12-pbeids 3) in the RFC +# 7292 PKCS#12 means PBE-SHA1-3DES in OpenSSL. PKCS12KDF is used in PKCS#12. +# https://oidref.com/1.2.840.113549.1.12.1.3 +# https://github.com/openssl/openssl/blob/ed57d1e06dca28689190e00d9893e0fd7ecc67c1/crypto/objects/objects.txt#L385 +return if OpenSSL.fips_mode + module OpenSSL class TestPKCS12 < OpenSSL::TestCase DEFAULT_PBE_PKEYS = "PBE-SHA1-3DES" From d86270d1df4f64ba17e52b71aaf31693a6d17ccc Mon Sep 17 00:00:00 2001 From: Jun Aruga Date: Tue, 27 Jan 2026 19:01:27 +0000 Subject: [PATCH 2/2] Update the steps to generate the base64-based examples. * More precisely * Updating the rsa-1.pem file path. --- test/openssl/test_pkcs12.rb | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/test/openssl/test_pkcs12.rb b/test/openssl/test_pkcs12.rb index 81f7875f9..617c156cb 100644 --- a/test/openssl/test_pkcs12.rb +++ b/test/openssl/test_pkcs12.rb @@ -233,8 +233,13 @@ def test_create_with_keytype end def test_new_with_no_keys - # generated with: - # openssl pkcs12 -certpbe PBE-SHA1-3DES -in <@mycert> -nokeys -export + # Generated with the following steps: + # Print the value of the @mycert such as by `puts @mycert.to_s` and + # save the value as the file `mycert.pem`. + # Run the following commands: + # openssl pkcs12 -certpbe PBE-SHA1-3DES -in <(cat mycert.pem) \ + # -nokeys -export -passout pass:abc123 -out /tmp/p12.out + # base64 -w 60 /tmp/p12.out str = <<~EOF.unpack1("m") MIIGJAIBAzCCBeoGCSqGSIb3DQEHAaCCBdsEggXXMIIF0zCCBc8GCSqGSIb3 DQEHBqCCBcAwggW8AgEAMIIFtQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMw @@ -282,8 +287,10 @@ def test_new_with_no_keys end def test_new_with_no_certs - # generated with: - # openssl pkcs12 -inkey fixtures/openssl/pkey/rsa-1.pem -nocerts -export + # Generated with the folowing steps: + # openssl pkcs12 -inkey test/openssl/fixtures/pkey/rsa-1.pem \ + # -nocerts -export -passout pass:abc123 -out /tmp/p12.out + # base64 -w 60 /tmp/p12.out str = <<~EOF.unpack1("m") MIIJ7wIBAzCCCbUGCSqGSIb3DQEHAaCCCaYEggmiMIIJnjCCCZoGCSqGSIb3 DQEHAaCCCYsEggmHMIIJgzCCCX8GCyqGSIb3DQEMCgECoIIJbjCCCWowHAYK