Handle PBMAC1 with absent PBKDF2 PRF

PRF in PBKDF2-params is optional and defaults to hmacWithSHA1. CLA: trivial Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25568)
2024-11-27 05:21:51 +08:00 · 2024-09-29 17:50:08 +02:00 · 2024-09-29 17:50:08 +02:00 · f3652dff2f
commit f3652dff2f
parent 0d6544cdf8
2 changed files with 17 additions and 6 deletions
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@ -799,16 +799,20 @@ int pkcs12_main(int argc, char **argv)
                BIO_printf(bio_err, ", Unsupported KDF or params for PBMAC1\n");
            } else {
                const ASN1_OBJECT *prfobj;
+                int prfnid;

                BIO_printf(bio_err, " using PBKDF2, Iteration %ld\n",
                           ASN1_INTEGER_get(pbkdf2_param->iter));
                BIO_printf(bio_err, "Key length: %ld, Salt length: %d\n",
                           ASN1_INTEGER_get(pbkdf2_param->keylength),
                           ASN1_STRING_length(pbkdf2_param->salt->value.octet_string));
-                X509_ALGOR_get0(&prfobj, NULL, NULL, pbkdf2_param->prf);
-                BIO_printf(bio_err, "PBKDF2 PRF: ");
-                i2a_ASN1_OBJECT(bio_err, prfobj);
-                BIO_printf(bio_err, "\n");
+                if (pbkdf2_param->prf == NULL) {
+                    prfnid = NID_hmacWithSHA1;
+                } else {
+                    X509_ALGOR_get0(&prfobj, NULL, NULL, pbkdf2_param->prf);
+                    prfnid = OBJ_obj2nid(prfobj);
+                }
+                BIO_printf(bio_err, "PBKDF2 PRF: %s\n", OBJ_nid2sn(prfnid));
            }
            PBKDF2PARAM_free(pbkdf2_param);
        } else {
--- a/crypto/pkcs12/p12_mutl.c
+++ b/crypto/pkcs12/p12_mutl.c
@ -111,6 +111,7 @@ static int PBMAC1_PBKDF2_HMAC(OSSL_LIB_CTX *ctx, const char *propq,
 {
    PBKDF2PARAM *pbkdf2_param = NULL;
    const ASN1_OBJECT *kdf_hmac_oid;
+    int kdf_hmac_nid;
    int ret = -1;
    int keylen = 0;
    EVP_MD *kdf_md = NULL;
@ -123,9 +124,15 @@ static int PBMAC1_PBKDF2_HMAC(OSSL_LIB_CTX *ctx, const char *propq,
    }
    keylen = ASN1_INTEGER_get(pbkdf2_param->keylength);
    pbkdf2_salt = pbkdf2_param->salt->value.octet_string;
-    X509_ALGOR_get0(&kdf_hmac_oid, NULL, NULL, pbkdf2_param->prf);

-    kdf_md = EVP_MD_fetch(ctx, OBJ_nid2sn(ossl_hmac2mdnid(OBJ_obj2nid(kdf_hmac_oid))), propq);
+    if (pbkdf2_param->prf == NULL) {
+        kdf_hmac_nid = NID_hmacWithSHA1;
+    } else {
+        X509_ALGOR_get0(&kdf_hmac_oid, NULL, NULL, pbkdf2_param->prf);
+        kdf_hmac_nid = OBJ_obj2nid(kdf_hmac_oid);
+    }
+
+    kdf_md = EVP_MD_fetch(ctx, OBJ_nid2sn(ossl_hmac2mdnid(kdf_hmac_nid)), propq);
    if (kdf_md == NULL) {
        ERR_raise(ERR_LIB_PKCS12, ERR_R_FETCH_FAILED);
        goto err;