Page MenuHome GnuPG

New minip12 does not import from Firefox anymore
Closed, ResolvedPublic


Trying to import the attached file to gpgsm v2.4.3 fails.

gpgsm --debug x509 --import ov-user-ff.p12
gpgsm: DBG: p12_parse(tlv_next): ti.class=0 tag=16 len=0 nhdr=2  cons ndef
gpgsm: p12_parse(pfxVersion): offset 1.0 (tlv_next): Erfolg - Erfolg

The tlv_next before tlv_expect_integer returns 03003FFF (GPG_ERR_EOF, I guess?).;gnupg-2.4.3$2379

Further down, parse_ber_header gets called with length = 0.$173

Could it be a problem with ASN.1 sequences of indefinite length that FF uses? Apparently tlv->ndef is set correctly, but a check (between those two lines?) may be missing.

The attached file is ov-user.p12 from the test suite, which has gone through Firefox (Settings > Security > Certificates... > Import... (pw: start), then Save...).


gpgsm (GnuPG) 2.4.3, libgcrypt 1.10.2, libksba 1.6.4

Event Timeline

werner triaged this task as Normal priority.Oct 10 2023, 9:37 AM
werner added projects: gnupg24, S/MIME.

Yes, there is clearly a problem with the handling of NDEF. I have a fix for that but there are other oddities in that pkcs12 object. Do you have the Firefox version you used to create this?

werner changed the task status from Open to Testing.Oct 24 2023, 2:16 PM
werner moved this task from Backlog to QA on the gnupg24 board.

The test file is now part of our test suite and passes.