Unable to load PKCS#12 with password and no MAC

Tomas Mraz tomas at openssl.org
Thu Feb 17 09:43:29 UTC 2022 

On Thu, 2022-02-17 at 11:31 +0200, Florin Spătar wrote:
> I see. Thanks for the suggested workaround.
> 
> Are there any plans for PKCS12_parse to support PKCS12 files without
> MAC 

That would be a simple feature PR against master branch if anyone wants
to take it. It would require some tests of PKCS12_parse to be added,
that would be the hardest part of it I think.

> or any plans to use a FIPS approved algorithm for PKCS12 MAC? Any of 
> these would help dealing with PKCS12 files in FIPS mode.

Adding another algorithm for PKCS12 MAC would actually require changing
the standard. The problem is the non-compliant PKCS12KDF is basically
hardcoded in the PKCS12 standard as the KDF to generate the MAC key
from the password.

Tomas

> Thanks,
> 
> Florin Spatar
> 
> On 16.02.2022 17:25, Tomas Mraz wrote:
> > Yes, unfortunately PKCS12_parse currently does not support PKCS12
> > files
> > without the MAC. Such support could be easily added. As a
> > workaround
> > you can look at how the pkcs12 application is implemented and use
> > these
> > calls instead.
> > 
> > Regards,
> > 
> > Tomas Mraz, OpenSSL
> > 
> > On Wed, 2022-02-16 at 14:09 +0000, Florin Spatar wrote:
> > > Hi,
> > > 
> > > I am trying to use OpenSSL 3 in FIPS mode to load a PKCS#12.
> > > First, I
> > > got this error:
> > > 
> > >      [root at q032 ~]# openssl pkcs12 -nokeys -info -in agent.p12 -
> > > passin
> > > pass:opsware_admin
> > >      MAC: sha256, Iteration 2048
> > >      MAC length: 32, salt length: 8
> > >      Error verifying PKCS12 MAC; no PKCS12KDF support.
> > >      Use -nomacver if MAC verification is not required.
> > > 
> > > To my understanding, PKCS12KDF used for PKCS12 MAC is non-FIPS.
> > > On
> > > openssl-pkcs12 man page I found the following two options: "-
> > > nomac" &
> > > "-nomacver" that can be useful in FIPS mode. Used "-nomac" to re-
> > > create the PKCS#12, and "-nomacver" when loading the PKCS#12 to
> > > get
> > > rid of "Warning: MAC is absent!".
> > > 
> > > The objective is to do the same thing via PKCS12_parse API. The
> > > problem that I'm facing is that there is no API equivalent for -
> > > nomacver and the following error occurs:
> > > 
> > >      4087FE21197F0000:error:1180006C:PKCS12 routines:(unknown
> > > function):mac absent:crypto/pkcs12/p12_mutl.c:182:
> > >      4087FE21197F0000:error:11800071:PKCS12 routines:(unknown
> > > function):mac verify failure:crypto/pkcs12/p12_kiss.c:71:
> > > 
> > > The error only occurs if PKCS#12 password is not empty. If
> > > password
> > > is empty, MAC is not verified.
> > > Am I missing something, or this is actually impossible to
> > > achieve?
> > > 
> > > Thanks,
> > > 
> > > Florin Spatar

-- 
Tomáš Mráz, OpenSSL

More information about the openssl-users mailing list