Fix pkcs12 command line segfault
Resolves: RHEL-70878
This commit is contained in:
Dmitry Belyavskiy
parent
5fae31daba
commit
bdb28e8ff0
@ -90,7 +90,7 @@ index 54323a9713393..cbe133742a8be 100644
|
||||
}
|
||||
}
|
||||
assert(private);
|
||||
@@ -774,23 +792,54 @@ int pkcs12_main(int argc, char **argv)
|
||||
@@ -774,23 +792,60 @@ int pkcs12_main(int argc, char **argv)
|
||||
X509_ALGOR_get0(&macobj, NULL, NULL, macalgid);
|
||||
BIO_puts(bio_err, "MAC: ");
|
||||
i2a_ASN1_OBJECT(bio_err, macobj);
|
||||
@ -139,6 +139,12 @@ index 54323a9713393..cbe133742a8be 100644
|
||||
- BIO_printf(bio_err, "Use -nomacver if MAC verification is not required.\n");
|
||||
- goto end;
|
||||
+ PKCS12_get0_mac(NULL, &macalgid, NULL, NULL, p12);
|
||||
+
|
||||
+ if (macalgid == NULL) {
|
||||
+ BIO_printf(bio_err, "Warning: MAC is absent!\n");
|
||||
+ goto dump;
|
||||
+ }
|
||||
+
|
||||
+ X509_ALGOR_get0(&macobj, NULL, NULL, macalgid);
|
||||
+
|
||||
+ if (OBJ_obj2nid(macobj) != NID_pbmac1) {
|
||||
@ -1078,7 +1084,7 @@ index 999129a03074d..c14ef94998cde 100644
|
||||
-plan tests => 31;
|
||||
+my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
|
||||
+
|
||||
+plan tests => $no_fips ? 45 : 51;
|
||||
+plan tests => $no_fips ? 46 : 52;
|
||||
|
||||
# Test different PKCS#12 formats
|
||||
ok(run(test(["pkcs12_format_test"])), "test pkcs12 formats");
|
||||
@ -1163,6 +1169,20 @@ index 999129a03074d..c14ef94998cde 100644
|
||||
# Test some bad pkcs12 files
|
||||
my $bad1 = srctop_file("test", "recipes", "80-test_pkcs12_data", "bad1.p12");
|
||||
my $bad2 = srctop_file("test", "recipes", "80-test_pkcs12_data", "bad2.p12");
|
||||
@@ -288,6 +288,13 @@ with({ exit_checker => sub { return shift == 1; } },
|
||||
"test bad pkcs12 file 3 (info)");
|
||||
});
|
||||
|
||||
+# Test that mac verification doesn't fail when mac is absent in the file
|
||||
+{
|
||||
+ my $nomac = srctop_file("test", "recipes", "80-test_pkcs12_data", "nomac_parse.p12");
|
||||
+ ok(run(app(["openssl", "pkcs12", "-in", $nomac, "-passin", "pass:testpassword"])),
|
||||
+ "test pkcs12 file without MAC");
|
||||
+}
|
||||
+
|
||||
# Test with Oracle Trusted Key Usage specified in openssl.cnf
|
||||
{
|
||||
ok(run(app(["openssl", "pkcs12", "-export", "-out", $outfile7,
|
||||
diff --git a/test/recipes/80-test_pkcs12_data/pbmac1_256_256.bad-iter.p12 b/test/recipes/80-test_pkcs12_data/pbmac1_256_256.bad-iter.p12
|
||||
new file mode 100644
|
||||
index 0000000000000000000000000000000000000000..9957d473c433bc9fb9572ecf51332a7f325fe36f
|
||||
@ -1523,3 +1543,37 @@ D?Q7k<
|
||||
literal 0
|
||||
HcmV?d00001
|
||||
|
||||
diff --git a/test/recipes/80-test_pkcs12_data/nomac_parse.p12 b/test/recipes/80-test_pkcs12_data/nomac_parse.p12
|
||||
new file mode 100644
|
||||
index 0000000000000000000000000000000000000000..d1a025e8bd7ba388106c9b0b69917bcf0d75c981
|
||||
GIT binary patch
|
||||
literal 1191
|
||||
zcmV;Y1X%kpf&`-i0Ru3C1e^v5Duzgg_YDCD0ic2ejRb-Oi7<i$g)o8yfd&aGhDe6@
|
||||
z4FLxOpn?Q)FoFbb0s#Oq05F0CWd;c<hDe6@4FLxMFcby|Duzgg_YDIF1PJvY)RYyF
|
||||
zI0Arz1VFeo*Dy4}{O!4=d-4kQxBh11UJEvOENc$<`EZ{55&y+a&j8`-Wo4)OcT>q@
|
||||
zm`Z3Oq*FzpEwAUgTK!>P0tmf$!rKkJRCN*BGpSYjYzgM!Gc-6XRWeVUUAAN|1nJIT
|
||||
z`n?9lMQ%vyvf8&JttHg_Q>ZosE<Q)3-1(Bcwu|CtQF42GM(|s@aePNKDXp@ciE%Z>
|
||||
zp_Y3ncv1g>L6*c(uu<w2)I;^_n{W)?9G6ua@%az;?F2}LRLZBX<CFM!WSyx-@7P*(
|
||||
zY+_D$IMM;71<DMmd$vtjO3RGeGsJ4G+nRoyytESz;MRP8mB&7*2<Mo*<#LC%uA;pJ
|
||||
z+i|`HiJq(&U<q5IaHoFAD3uAo;CX<W{0U_Gaq6PO92png9q$m%s)C2<&8T#=2c@kV
|
||||
zXrRTLDu6whjo$=r8U-Z!{`1Yr<F&oyy9sul^3t#@{U8xSVkeaGXrVMwXXUB*X?*&?
|
||||
z8)37_Y|;U&@CQPFLcoNVn|sh)|G`xRR<bp4eBI>;OihCtB}=sr@F0RrQbczHighw}
|
||||
zCHVS#fOk?yDXd&IOQpas5z?eq&{!NIgiVN}QU%q0atzm2pm+t@wbLmMrBxz+v-ftM
|
||||
zEmW?FTMT-Ji?<-sRocHjA=27rWx(rhRzf%h!jjjWhJ2rs;eAO5ls!`EK8qty##9%P
|
||||
zs)&B83B+B&hJKktvV71Bq%nV+4=gW69hpiJ+D7;njk2wm)7C(f)UzuwVTiJyokgjc
|
||||
z*yD)Xpu<kQ3ardjMg0fc@>?U|OyC>0I`OSjoWc|oAoTIiUB_f+!^WWqg&Q3vxFi}l
|
||||
zW$JtEHd}hpcl63D&2=RD367hZq<-C;kzlr#V6J}dqwIz3h=rqkxlqW<{<*3iXO+Yi
|
||||
z6h_uyWZ8KSD0kkq-YFa%co5Qbe)OAm47ey6)lo8^c3T{!Z8r;&_vDPpnSkDv&*(f)
|
||||
z0tQx-e;R~JWoMWB0$+PY(-MY!`asK`F3}w%sy*g)Gn#BPkcvk3t$&6DS&3T&6nnQ<
|
||||
z=nKV)-MvN}FRLcX>3fL=q4aN3C!Iu^#V4(6mx{i_exS!lUV#^G_zqY&y;m;;7VuV8
|
||||
zlz+2g1U42cY)DPdjA)rW3)#aZYn%>Ot4ZRw+p6chfWw3F&^CR083G3^i{TvQh%PuL
|
||||
zI@YS2C2~)e2v!x{5Ll_p1*s@h%^Sc(2?v;@cT&{(#>rWyew_n93d3zt{Ey+9jn7kc
|
||||
zQ$n&dI(Sw&tA;g=OoTyro}FfEooxJ((fpLliunP1?Q0E(o^QB$Dd7u$4)13nakv(f
|
||||
zn#_CEaVG5=Qi)oGa8dq|Y@C+9c~*zzJB+EQ`rxJ1dthRxy0$m)y?e)2Q(8lN;ZcFg
|
||||
zyDMf8IvKYsj=I0O##^~wrSsWEF+>f(#9*eG#!CPO)cQ46{8u*V))|)ggdre%<DR)#
|
||||
F&9cN@JK_KU
|
||||
|
||||
literal 0
|
||||
HcmV?d00001
|
||||
|
||||
|
||||
|
||||
@ -532,6 +532,8 @@ touch $RPM_BUILD_ROOT/%{_prefix}/include/openssl/engine.h
|
||||
* Thu Jan 02 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.2.2-15
|
||||
- Fix providers no_cache behavior
|
||||
Resolves: RHEL-71903
|
||||
- Fix pkcs12 command line segfault
|
||||
Resolves: RHEL-70878
|
||||
|
||||
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 1:3.2.2-14
|
||||
- Bump release for October 2024 mass rebuild:
|
||||
|
||||
Loading…
Reference in New Issue
Block a user