diff options
| -rw-r--r-- | apps/pkcs12.c | 6 | ||||
| -rw-r--r-- | test/recipes/80-test_pkcs12.t | 9 | ||||
| -rw-r--r-- | test/recipes/80-test_pkcs12_data/nomac_parse.p12 | bin | 0 -> 1191 bytes |
3 files changed, 14 insertions, 1 deletions
diff --git a/apps/pkcs12.c b/apps/pkcs12.c index afdb719ccd..3b91f132f5 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -829,6 +829,12 @@ int pkcs12_main(int argc, char **argv) const ASN1_OBJECT *macobj; PKCS12_get0_mac(NULL, &macalgid, NULL, NULL, p12); + + if (macalgid == NULL) { + BIO_printf(bio_err, "Warning: MAC is absent!\n"); + goto dump; + } + X509_ALGOR_get0(&macobj, NULL, NULL, macalgid); if (OBJ_obj2nid(macobj) != NID_pbmac1) { diff --git a/test/recipes/80-test_pkcs12.t b/test/recipes/80-test_pkcs12.t index 616de23ffb..06fa85af0f 100644 --- a/test/recipes/80-test_pkcs12.t +++ b/test/recipes/80-test_pkcs12.t @@ -56,7 +56,7 @@ $ENV{OPENSSL_WIN32_UTF8}=1; my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); -plan tests => $no_fips ? 46 : 52; +plan tests => $no_fips ? 47 : 53; # Test different PKCS#12 formats ok(run(test(["pkcs12_format_test"])), "test pkcs12 formats"); @@ -288,6 +288,13 @@ with({ exit_checker => sub { return shift == 1; } }, "test bad pkcs12 file 3 (info)"); }); +# Test that mac verification doesn't fail when mac is absent in the file +{ + my $nomac = srctop_file("test", "recipes", "80-test_pkcs12_data", "nomac_parse.p12"); + ok(run(app(["openssl", "pkcs12", "-in", $nomac, "-passin", "pass:testpassword"])), + "test pkcs12 file without MAC"); +} + # Test with Oracle Trusted Key Usage specified in openssl.cnf { ok(run(app(["openssl", "pkcs12", "-export", "-out", $outfile7, diff --git a/test/recipes/80-test_pkcs12_data/nomac_parse.p12 b/test/recipes/80-test_pkcs12_data/nomac_parse.p12 Binary files differnew file mode 100644 index 0000000000..d1a025e8bd --- /dev/null +++ b/test/recipes/80-test_pkcs12_data/nomac_parse.p12 |