[openssl/openssl] 56925d: OSSL_STORE and PKCS#12: Check if there is a MAC to...

Richard Levitte noreply at github.com
Sun Jun 25 22:03:10 UTC 2023 

  Branch: refs/heads/openssl-3.1
  Home:   https://github.com/openssl/openssl
  Commit: 56925daf6e476cb2ffef9b87ae9b53c5d2af9665
      https://github.com/openssl/openssl/commit/56925daf6e476cb2ffef9b87ae9b53c5d2af9665
  Author: Richard Levitte <levitte at openssl.org>
  Date:   2023-06-26 (Mon, 26 Jun 2023)

  Changed paths:
    M crypto/store/store_result.c

  Log Message:
  -----------
  OSSL_STORE and PKCS#12: Check if there is a MAC to verify before prompting

When a DER object with unknown contents comes all the way to
ossl_store_handle_load_result(), and it attempts to decode them as different
objects, the PKCS#12 decoding attempt would (almost) always prompt for a
passphrase, even if there isn't a MAC to verify it against in the PKCS#12
object.

This change checks if there is a MAC to verify against before attempting to
prompt for a passphrase, leading to less surprising behavior.

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21197)

(cherry picked from commit 7a520619c997146639f42ce8595162ac34c2ad41)


  Commit: 30d5465e54ca586a21b8e3576eaa0e59b86583f1
      https://github.com/openssl/openssl/commit/30d5465e54ca586a21b8e3576eaa0e59b86583f1
  Author: Richard Levitte <levitte at openssl.org>
  Date:   2023-06-26 (Mon, 26 Jun 2023)

  Changed paths:
    A test/recipes/90-test_store_cases.t
    A test/recipes/90-test_store_cases_data/garbage-pkcs12.p12

  Log Message:
  -----------
  Add a test case for the password prompt on garbage PKCS#12 file

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21197)

(cherry picked from commit 1a27cc3626bd15f8fd9a26a2dbc59a681d505321)


Compare: https://github.com/openssl/openssl/compare/50af7294e514...30d5465e54ca

More information about the openssl-commits mailing list