mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-18 13:44:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

apps/pkcs12: Detect missing PKCS12KDF support on import

Browse Source 
Report error message with hint to use -nomacver if
MAC verification is not required.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14445)
This commit is contained in:
Tomas Mraz 2021-03-05 18:08:05 +01:00 committed by Pauli
parent 913f9d5e52
commit 5e9a8678c5
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
apps/pkcs12.c
View File

@ -19,6 +19,7 @@
#include <openssl/pem.h>
#include <openssl/pkcs12.h>
#include <openssl/provider.h>
#include <openssl/kdf.h>
#define NOKEYS 0x1
#define NOCERTS 0x2
@ -733,6 +734,15 @@ int pkcs12_main(int argc, char **argv)
tsalt != NULL ? ASN1_STRING_length(tsalt) : 0L);
}
if (macver) {
EVP_KDF *pkcs12kdf;
pkcs12kdf = EVP_KDF_fetch(NULL, "PKCS12KDF", NULL);
if (pkcs12kdf == NULL) {
BIO_printf(bio_err, "Error verifying PKCS12 MAC; no PKCS12KDF support.\n");
BIO_printf(bio_err, "Use -nomacver if MAC verification is not required.\n");
goto end;
}
EVP_KDF_free(pkcs12kdf);
/* If we enter empty password try no password first */
if (!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) {
/* If mac and crypto pass the same set it to NULL too */