-
Bug
-
Resolution: Unresolved
-
Normal
-
None
-
rhel-10.2
-
None
-
No
-
Low
-
rhel-security-crypto-diamonds
-
0
-
False
-
False
-
-
None
-
None
-
None
-
None
-
Unspecified
-
Unspecified
-
Unspecified
-
None
The PKCS#12 code in OpenSSL assumes that a PBMAC1 key cannot be larger than 64 bytes because no common hash function outputs more than 64 bytes. While RFC 9579 recommends that the key size matches the PBKDF HMAC output size, it is not a strict requirement.
The issue can be reproduced by attempting to import a PKCS#12 certificate from keyfile-corpus-0.4.0 with a 256-byte PBMAC1 key:
$ openssl pkcs12 -in "rsa(2048,sha256),cert&key(PBES2(PBKDF2(salt(16),iter(2048),keyLen(default),prf(hmacWithSHA256)),aes-128-cbc(IV(16)))),mac(PBMAC1(PBKDF2(salt(8),iter(2048),keyLen(256),prf(hmacWithSHA512)),hmacWithSHA512)),pass(ascii).p12" -passin file:password-ascii.txt
Mac verify error: invalid password?
001341B6A57F0000:error:11800072:PKCS12 routines:PBMAC1_PBKDF2_HMAC:parse error:crypto/pkcs12/p12_mutl.c:151:
001341B6A57F0000:error:1180006D:PKCS12 routines:PKCS12_verify_mac:mac generation error:crypto/pkcs12/p12_mutl.c:339:
001341B6A57F0000:error:11800072:PKCS12 routines:PBMAC1_PBKDF2_HMAC:parse error:crypto/pkcs12/p12_mutl.c:151:
001341B6A57F0000:error:1180006D:PKCS12 routines:PKCS12_verify_mac:mac generation error:crypto/pkcs12/p12_mutl.c:339: