Dev news

Commit b1295c90bc for openssl.org

commit b1295c90bcb2aa14edf46a4599e5acd81b778cd9
Author: slontis <shane.lontis@oracle.com>
Date:   Fri Mar 6 15:20:41 2026 +1100

    PKCS12: Avoid bypassing the provider when doing HMAC operations.

    pkcs12_gen_mac() now used EVP_MAC instead of direct HMAC_ calls.

    PBMAC1_PBKDF2_HMAC() added additional data to raised parsing errors.

    Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
    Reviewed-by: Paul Dale <paul.dale@oracle.com>
    Reviewed-by: Tomas Mraz <tomas@openssl.org>
    MergeDate: Thu Mar 12 10:47:31 2026
    (Merged from https://github.com/openssl/openssl/pull/30279)

diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c
index 37b8289030..acaf1134ee 100644
--- a/crypto/pkcs12/p12_mutl.c
+++ b/crypto/pkcs12/p12_mutl.c
@@ -142,7 +142,7 @@ static int PBMAC1_PBKDF2_HMAC(OSSL_LIB_CTX *ctx, const char *propq,
     /* Validate salt is an OCTET STRING choice */
     if (pbkdf2_param->salt == NULL
         || pbkdf2_param->salt->type != V_ASN1_OCTET_STRING) {
-        ERR_raise(ERR_LIB_PKCS12, PKCS12_R_PARSE_ERROR);
+        ERR_raise_data(ERR_LIB_PKCS12, PKCS12_R_PARSE_ERROR, "Invalid Salt");
         goto err;
     }
     pbkdf2_salt = pbkdf2_param->salt->value.octet_string;
@@ -151,7 +151,7 @@ static int PBMAC1_PBKDF2_HMAC(OSSL_LIB_CTX *ctx, const char *propq,
     if (pbkdf2_param->keylength != NULL)
         keylen = ASN1_INTEGER_get(pbkdf2_param->keylength);
     if (keylen <= 0 || keylen > EVP_MAX_MD_SIZE) {
-        ERR_raise(ERR_LIB_PKCS12, PKCS12_R_PARSE_ERROR);
+        ERR_raise_data(ERR_LIB_PKCS12, PKCS12_R_PARSE_ERROR, "Invalid Key length");
         goto err;
     }

@@ -184,7 +184,6 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
 {
     int ret = 0;
     EVP_MD *md;
-    HMAC_CTX *hmac = NULL;
     unsigned char key[EVP_MAX_MD_SIZE], *salt;
     int saltlen, iter;
     char md_name[80];
@@ -194,6 +193,7 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
     const ASN1_OBJECT *macoid;
     OSSL_LIB_CTX *libctx;
     const char *propq;
+    size_t md_sz, outlen;

     if (!PKCS7_type_is_data(p12->authsafes)) {
         ERR_raise(ERR_LIB_PKCS12, PKCS12_R_CONTENT_TYPE_NOT_DATA);
@@ -233,6 +233,7 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
     md_nid = EVP_MD_get_type(md);
     if (keylen <= 0)
         goto err;
+    md_sz = keylen;

     /* For PBMAC1 we use a special keygen callback if not provided (e.g. on verification) */
     if (pbmac1_md_nid != NID_undef && pkcs12_key_gen == NULL) {
@@ -284,18 +285,17 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
             }
         }
     }
-    if ((hmac = HMAC_CTX_new()) == NULL
-        || !HMAC_Init_ex(hmac, key, keylen, md, NULL)
-        || !HMAC_Update(hmac, p12->authsafes->d.data->data,
-            p12->authsafes->d.data->length)
-        || !HMAC_Final(hmac, mac, maclen)) {
+    if (EVP_Q_mac(libctx, "HMAC", propq, md_name, NULL, key, keylen,
+            p12->authsafes->d.data->data, p12->authsafes->d.data->length,
+            mac, md_sz, &outlen)
+        == NULL)
         goto err;
-    }
+    if (outlen > UINT_MAX)
+        goto err;
+    *maclen = (unsigned int)outlen;
     ret = 1;
-
 err:
     OPENSSL_cleanse(key, sizeof(key));
-    HMAC_CTX_free(hmac);
     EVP_MD_free(md);
     return ret;
 }