Open Bug 372439 Opened 18 years ago Updated 2 years ago

PKCS#12 export with empty password produces incorrect encoding of MacData in PFX object

Categories

(NSS :: Libraries, defect, P2)

Tracking

(Not tracked)

UNCONFIRMED

People

(Reporter: mozilla, Unassigned)

Details

User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.1) Gecko/20061208 Firefox/2.0.0.1 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.1) Generated PFX DER data with MacData uses empty password incorrectly, violating following quote from Chapter B, section B.2, item 3 of PKCS#12 standard [1]: "Note that if the password is the empty string, then so is P." [1] ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-12/pkcs-12v1.pdf Reproducible: Always Steps to Reproduce: 1. Click Firefox Preferences | Advanced | Encryption | Certificate Manager | Your Certificates --> Backup. 2. Enter a file name 3. In the password field enter a character and then delete it. OK button becomes enabled. 4. Click OK. Actual Results: I verified that the generated PFX object uses 2-byte BMPString "00 00" in hex notation when preparing a string to be hashed. Correct implementation is to use zero-length BMPString for an empty password. Expected Results: PKCS#12 compatibility with [1]. Workarounds: 1) Use non-empty password. 2) Fix Firefox UI to truly disable empty password
Assignee: nobody → neil.williams
Target Milestone: --- → 3.11.8
OS: Linux → All
Priority: -- → P2
Hardware: PC → All
Target Milestone: 3.11.8 → Future
Target Milestone: Future → ---
Assignee: neil.williams → nobody
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.