Handle PBMAC1 with absent PBKDF2 PRF

author Olivier Chéron <olivier.cheron@gmail.com>

Sun, 29 Sep 2024 15:50:08 +0000 (17:50 +0200)

committer Tomas Mraz <tomas@openssl.org>

Mon, 7 Oct 2024 15:51:54 +0000 (17:51 +0200)
author Olivier Chéron <olivier.cheron@gmail.com>
Sun, 29 Sep 2024 15:50:08 +0000 (17:50 +0200)
committer Tomas Mraz <tomas@openssl.org>
Mon, 7 Oct 2024 15:51:54 +0000 (17:51 +0200)
diff --git a/apps/pkcs12.c b/apps/pkcs12.c

index 7ef4d586c3315a776badbe0e3aaf489bd7273258..afdb719ccd4d8eacdbfa3cfabb3178821536d949 100644 (file)
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -799,16 +799,20 @@ int pkcs12_main(int argc, char **argv)
                  BIO_printf(bio_err, ", Unsupported KDF or params for PBMAC1\n");
              } else {
                  const ASN1_OBJECT *prfobj;
+                int prfnid;
  
                  BIO_printf(bio_err, " using PBKDF2, Iteration %ld\n",
                             ASN1_INTEGER_get(pbkdf2_param->iter));
                  BIO_printf(bio_err, "Key length: %ld, Salt length: %d\n",
                             ASN1_INTEGER_get(pbkdf2_param->keylength),
                             ASN1_STRING_length(pbkdf2_param->salt->value.octet_string));
-                X509_ALGOR_get0(&prfobj, NULL, NULL, pbkdf2_param->prf);
-                BIO_printf(bio_err, "PBKDF2 PRF: ");
-                i2a_ASN1_OBJECT(bio_err, prfobj);
-                BIO_printf(bio_err, "\n");
+                if (pbkdf2_param->prf == NULL) {
+                    prfnid = NID_hmacWithSHA1;
+                } else {
+                    X509_ALGOR_get0(&prfobj, NULL, NULL, pbkdf2_param->prf);
+                    prfnid = OBJ_obj2nid(prfobj);
+                }
+                BIO_printf(bio_err, "PBKDF2 PRF: %s\n", OBJ_nid2sn(prfnid));
              }
              PBKDF2PARAM_free(pbkdf2_param);
          } else {
diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c

index db2b6da61645e304816b20c307d6ebabad3f2c2e..b43c82f0ed2914a4bb273956e494935a5b539ce5 100644 (file)
--- a/crypto/pkcs12/p12_mutl.c
+++ b/crypto/pkcs12/p12_mutl.c
@@ -111,6 +111,7 @@ static int PBMAC1_PBKDF2_HMAC(OSSL_LIB_CTX *ctx, const char *propq,
  {
      PBKDF2PARAM *pbkdf2_param = NULL;
      const ASN1_OBJECT *kdf_hmac_oid;
+    int kdf_hmac_nid;
      int ret = -1;
      int keylen = 0;
      EVP_MD *kdf_md = NULL;
@@ -123,9 +124,15 @@ static int PBMAC1_PBKDF2_HMAC(OSSL_LIB_CTX *ctx, const char *propq,
      }
      keylen = ASN1_INTEGER_get(pbkdf2_param->keylength);
      pbkdf2_salt = pbkdf2_param->salt->value.octet_string;
-    X509_ALGOR_get0(&kdf_hmac_oid, NULL, NULL, pbkdf2_param->prf);
  
-    kdf_md = EVP_MD_fetch(ctx, OBJ_nid2sn(ossl_hmac2mdnid(OBJ_obj2nid(kdf_hmac_oid))), propq);
+    if (pbkdf2_param->prf == NULL) {
+        kdf_hmac_nid = NID_hmacWithSHA1;
+    } else {
+        X509_ALGOR_get0(&kdf_hmac_oid, NULL, NULL, pbkdf2_param->prf);
+        kdf_hmac_nid = OBJ_obj2nid(kdf_hmac_oid);
+    }
+
+    kdf_md = EVP_MD_fetch(ctx, OBJ_nid2sn(ossl_hmac2mdnid(kdf_hmac_nid)), propq);
      if (kdf_md == NULL) {
          ERR_raise(ERR_LIB_PKCS12, ERR_R_FETCH_FAILED);
          goto err;
author	Olivier Chéron <olivier.cheron@gmail.com>
	Sun, 29 Sep 2024 15:50:08 +0000 (17:50 +0200)
committer	Tomas Mraz <tomas@openssl.org>
	Mon, 7 Oct 2024 15:51:54 +0000 (17:51 +0200)
apps/pkcs12.c		patch \| blob \| blame \| history
crypto/pkcs12/p12_mutl.c		patch \| blob \| blame \| history