pkcs12 command with FIPS is not working in OpenSSL 3.2.0 (even with -nomacver)

[reguripradeep]

I have a pfx file generated (in FIPS mode by setting OPENSSL_FIPS=1) with openssl 1.0.2zi. this i am able to parse/import/load the keys and certs using openssl 1.0.2 (in FIPS mode). But the same pfx file i am not able to parse/import/load with Openssl 3.2.0 (with fips provider). This is breaking my backward compatibility unless i use legacy provider
command i used to create pfx file with openssl 1.0.2zi
openssl pkcs12 -export -out server.pfx -inkey server.key -in server.crt
command i used to import/get the keys and certs with Openssl 3.2.0 is:
openssl pkcs12 -in server.pfx -out pfxout.crt -nomacver
I am getting the following error.
C:\F6\CA\secure-proxy\SSL>bin\openssl pkcs12 -in ..\ssl_f6\server.pfx -out pfxout -nomacver
Enter Import Password:
Error outputting keys and certificates
342C0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto\evp\evp_fetch.c:342:Global default library context, Algorithm (PKCS12KDF : 0), Properties ()
342C0000:error:1180006B:PKCS12 routines:PKCS12_PBE_keyivgen_ex:key gen error:crypto\pkcs12\p12_crpt.c:55:

please note that

• if i use legacy provider along with fips, this is working fine.
• if i use OSSL 3.2.0 (with fips provider alone) to export into pfx then it is working fine ( ofcourse by passing -nomacver).

[slontis]

I would be very suprised if this had worked.
1.0.2 is very old now, and PKCS12 has many non FIPS compliant algorithms.
3.X is much stricter and uses more recent FIPS 140-2 rules.
From the error message you can see that it uses "PKCS12KDF" which is not a FIPS compliant algorithm..
(If the old format is PBES then this just wont work).
You may have to export without FIPS so that you can save the key out in an acceptable format, that will be able to be loaded.

[reguripradeep]

I would be very suprised if this had worked. 1.0.2 is very old now, and PKCS12 has many non FIPS compliant algorithms. 3.X is much stricter and uses more recent FIPS 140-2 rules. From the error message you can see that it uses "PKCS12KDF" which is not a FIPS compliant algorithm.. (If the old format is PBES then this just wont work). You may have to export without FIPS so that you can save the key out in an acceptable format, that will be able to be loaded.

Let me rephrase my question.
With openssl 1.0.2 in FIPS Only mode if i try importing cert/keys from a pkcs12 file (.pfx) which is exported win NonFips mode, i see the following error.
"6264:error:060A60A3:digital envelope routines:FIPS_CIPHERINIT:disabled for fips:.\fips\utl\fips_enc.c:142:".
This is expected because the key/certificate and pfx are generated in a non fips mode but we are trying to import in FIPS ONLY mode.
Same behavior i am expecting in openssl .3.20 as well. Means importing of a key/cert with fips provider from a pfx file which is generated in default provider should throw a similar error and should not allow importing at all. But 3.2.0 is importing keys and certificates with -nomacver option. As per the documentation "-nomacver" will skips the mac verification only. and so it should check the algorithms of keys and certificate to see if they are FIPS compliance or not and should not allow importing them even with "-nomacver".
i used the following command
with default provider
key generation: openssl genrsa -des3 -out server.key
self signed cert gen: openssl req -new -x509 -key server.key -out server.crt -days 365
Now with default only or fips only provider the export command: openssl pkcs12 -export -out server.pfx -inkey server.key -in server.crt.
this is expecting "-nomac" irrespective of the providers that i am using and so irrespective of the algorithms used in key and cert. it is only skipping the mac generation and not verigying the algorithms
Again to import: openssl pkcs12 -in server.pfx -out pfxout
This is expecting "-nomacver" irrespective of the underlying providers. it is not verifying if the key/cert/pfx is FIPS compliant or not.
In openssl 3.x is there a way to export/import pkcs12 files which will check the FIPS compliant status of the key/certs to make sure we are not importing non fips keys and certs into a fips only environment.

[t8m]

This all works as designed. The PKCS12 decoder is outside of the FIPS module boundary. There is no FIPS compliance verification performed by the PKCS12 decoder and it never was (even in the 1.0.2 version). To decode PKCS12 files with verification of the integrity with a MAC you need PKCS12KDF algorithm which is not FIPS approved.