Add -iter option to pkcs12 command

Fixes #8194

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10130)

2 files changed, 19 insertions, 10 deletions

diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index 96e142ff81..5eff88b644 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -53,7 +53,7 @@ typedef enum OPTION_choice {
     OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
     OPT_CIPHER, OPT_NOKEYS, OPT_KEYEX, OPT_KEYSIG, OPT_NOCERTS, OPT_CLCERTS,
     OPT_CACERTS, OPT_NOOUT, OPT_INFO, OPT_CHAIN, OPT_TWOPASS, OPT_NOMACVER,
-    OPT_DESCERT, OPT_EXPORT, OPT_NOITER, OPT_MACITER, OPT_NOMACITER,
+    OPT_DESCERT, OPT_EXPORT, OPT_ITER, OPT_NOITER, OPT_MACITER, OPT_NOMACITER,
     OPT_NOMAC, OPT_LMK, OPT_NODES, OPT_MACALG, OPT_CERTPBE, OPT_KEYPBE,
     OPT_INKEY, OPT_CERTFILE, OPT_NAME, OPT_CSP, OPT_CANAME,
     OPT_IN, OPT_OUT, OPT_PASSIN, OPT_PASSOUT, OPT_PASSWORD, OPT_CAPATH,
@@ -121,8 +121,9 @@ const OPTIONS pkcs12_options[] = {
     {"descert", OPT_DESCERT, '-', "Encrypt output with 3DES (the default)"},
     {"certpbe", OPT_CERTPBE, 's', "Certificate PBE algorithm (default 3DES)"},
 # endif
-    {"noiter", OPT_NOITER, '-', "Don't use encryption iteration"},
-    {"maciter", OPT_MACITER, '-', "Use MAC iteration"},
+    {"iter", OPT_ITER, 'p', "Specify the iteration count for encryption key and MAC"},
+    {"noiter", OPT_NOITER, '-', "Don't use encryption key iteration"},
+    {"maciter", OPT_MACITER, '-', "Unused, kept for backwards compatibility"},
     {"nomaciter", OPT_NOMACITER, '-', "Don't use MAC iteration"},
     {"nomac", OPT_NOMAC, '-', "Don't generate MAC"},
     {"nodes", OPT_NODES, '-', "Don't encrypt private keys"},
@@ -214,11 +215,16 @@ int pkcs12_main(int argc, char **argv)
             if (!opt_cipher(opt_unknown(), &enc))
                 goto opthelp;
             break;
+        case OPT_ITER:
+            if (!opt_int(opt_arg(), &iter))
+                goto opthelp;
+            maciter = iter;
+            break;
         case OPT_NOITER:
             iter = 1;
             break;
         case OPT_MACITER:
-            maciter = PKCS12_DEFAULT_ITER;
+            /* no-op */
             break;
         case OPT_NOMACITER:
             maciter = 1;
diff --git a/doc/man1/openssl-pkcs12.pod.in b/doc/man1/openssl-pkcs12.pod.in
index 16eb0accec..86c9de4670 100644
--- a/doc/man1/openssl-pkcs12.pod.in
+++ b/doc/man1/openssl-pkcs12.pod.in
@@ -25,8 +25,9 @@ B<openssl> B<pkcs12>
 [B<-nokeys>]
 [B<-info>]
 [B<-des> B<-des3> B<-idea> B<-aes128> B<-aes192> B<-aes256> B<-aria128> B<-aria192> B<-aria256> B<-camellia128> B<-camellia192> B<-camellia256> B<-nodes>]
-[B<-noiter>]
-[B<-maciter> | B<-nomaciter> | B<-nomac>]
+[B<-iter> I<count> | B<-noiter> | B<-nomaciter>]
+[B<-maciter>]
+[B<-nomac>]
 [B<-twopass>]
 [B<-descert>]
 [B<-certpbe> I<cipher>]
@@ -233,17 +234,19 @@ the use of signing only keys for SSL client authentication.
 
 Specify the MAC digest algorithm. If not included them SHA1 will be used.
 
-=item B<-nomaciter>, B<-noiter>
+=item B<-iter> I<count>
 
-These options affect the iteration counts on the MAC and key algorithms.
-Unless you wish to produce files compatible with MSIE 4.0 you should leave
-these options alone.
+This option specifies the iteration count for the encryption key and MAC. The
+default value is 2048.
 
 To discourage attacks by using large dictionaries of common passwords the
 algorithm that derives keys from passwords can have an iteration count applied
 to it: this causes a certain part of the algorithm to be repeated and slows it
 down. The MAC is used to check the file integrity but since it will normally
 have the same password as the keys and certificates it could also be attacked.
+
+=item B<-nomaciter>, B<-noiter>
+
 By default both MAC and encryption iteration counts are set to 2048, using
 these options the MAC and encryption iteration counts can be set to 1, since
 this reduces the file security you should not use these options unless you