From: Dr. David von Oheimb <David.von.Oheimb@siemens.com>
Date: Mon, 11 May 2020 13:51:34 +0000 (+0200)
Subject: Allow for PKCS#12 input without MAC in p12_kiss.c and e_loader_attic.c
X-Git-Tag: openssl-3.0.0-alpha9~51
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=61dd4168f5d98cd914a65b7357e4df06a65693ab;p=thirdparty%2Fopenssl.git

Allow for PKCS#12 input without MAC in p12_kiss.c and e_loader_attic.c

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/4930)
---

diff --git a/crypto/pkcs12/p12_kiss.c b/crypto/pkcs12/p12_kiss.c
index 894520be39b..9b2e8a55c51 100644
--- a/crypto/pkcs12/p12_kiss.c
+++ b/crypto/pkcs12/p12_kiss.c
@@ -58,7 +58,8 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
      */
 
     if (pass == NULL || *pass == '\0') {
-        if (PKCS12_verify_mac(p12, NULL, 0))
+        if (!PKCS12_mac_present(p12)
+            || PKCS12_verify_mac(p12, NULL, 0))
             pass = NULL;
         else if (PKCS12_verify_mac(p12, "", 0))
             pass = "";
diff --git a/engines/e_loader_attic.c b/engines/e_loader_attic.c
index 7d059f52563..8a9b86483f4 100644
--- a/engines/e_loader_attic.c
+++ b/engines/e_loader_attic.c
@@ -322,7 +322,8 @@ static OSSL_STORE_INFO *try_decode_PKCS12(const char *pem_name,
 
             *matchcount = 1;
 
-            if (PKCS12_verify_mac(p12, "", 0)
+            if (!PKCS12_mac_present(p12)
+                || PKCS12_verify_mac(p12, "", 0)
                 || PKCS12_verify_mac(p12, NULL, 0)) {
                 pass = "";
             } else {