diff options
author | Kan <chenxinpingc2306@163.com> | 2022-06-14 12:06:39 +0800 |
---|---|---|
committer | Hugo Landau <hlandau@openssl.org> | 2022-06-30 09:01:54 +0100 |
commit | e393064ee78a7ea07e2d63493579eab95384afe4 (patch) | |
tree | 2e198bdcd1ebd42b230e779d55ccf018832a9b7a /apps/pkcs12.c | |
parent | 05e51bc79bac45e194dd6f0bf73c99ed5ca06272 (diff) |
Update the default macsaltlen and Add the configure for macsaltlen
Fixed #18489
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18550)
Diffstat (limited to 'apps/pkcs12.c')
-rw-r--r-- | apps/pkcs12.c | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 46a55cb987..645e30e72f 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -20,6 +20,7 @@ #include <openssl/pkcs12.h> #include <openssl/provider.h> #include <openssl/kdf.h> +#include <openssl/rand.h> #define NOKEYS 0x1 #define NOCERTS 0x2 @@ -61,7 +62,7 @@ typedef enum OPTION_choice { #ifndef OPENSSL_NO_DES OPT_DESCERT, #endif - OPT_EXPORT, OPT_ITER, OPT_NOITER, OPT_MACITER, OPT_NOMACITER, + OPT_EXPORT, OPT_ITER, OPT_NOITER, OPT_MACITER, OPT_NOMACITER, OPT_MACSALTLEN, OPT_NOMAC, OPT_LMK, OPT_NODES, OPT_NOENC, OPT_MACALG, OPT_CERTPBE, OPT_KEYPBE, OPT_INKEY, OPT_CERTFILE, OPT_UNTRUSTED, OPT_PASSCERTS, OPT_NAME, OPT_CSP, OPT_CANAME, @@ -148,6 +149,7 @@ const OPTIONS pkcs12_options[] = { {"noiter", OPT_NOITER, '-', "Don't use encryption iteration"}, {"nomaciter", OPT_NOMACITER, '-', "Don't use MAC iteration)"}, {"maciter", OPT_MACITER, '-', "Unused, kept for backwards compatibility"}, + {"macsaltlen", OPT_MACSALTLEN, '-', "Specify the salt len for MAC"}, {"nomac", OPT_NOMAC, '-', "Don't generate MAC"}, {NULL} }; @@ -165,6 +167,7 @@ int pkcs12_main(int argc, char **argv) #endif /* use library defaults for the iter, maciter, cert, and key PBE */ int iter = 0, maciter = 0; + int macsaltlen = PKCS12_SALT_LEN; int cert_pbe = NID_undef; int key_pbe = NID_undef; int ret = 1, macver = 1, add_lmk = 0, private = 0; @@ -261,6 +264,9 @@ int pkcs12_main(int argc, char **argv) case OPT_NOMACITER: maciter = 1; break; + case OPT_MACSALTLEN: + macsaltlen = opt_int_arg(); + break; case OPT_NOMAC: cert_pbe = -1; maciter = -1; @@ -423,6 +429,8 @@ int pkcs12_main(int argc, char **argv) WARN_NO_EXPORT("nomaciter"); if (cert_pbe == -1 && maciter == -1) WARN_NO_EXPORT("nomac"); + if (macsaltlen != 0) + WARN_NO_EXPORT("macsaltlen"); } #ifndef OPENSSL_NO_DES if (use_legacy) { @@ -676,13 +684,13 @@ int pkcs12_main(int argc, char **argv) goto opthelp; } - if (maciter != -1) - if (!PKCS12_set_mac(p12, mpass, -1, NULL, 0, maciter, macmd)) { + if (maciter != -1) { + if (!PKCS12_set_mac(p12, mpass, -1, NULL, macsaltlen, maciter, macmd)) { BIO_printf(bio_err, "Error creating PKCS12 MAC; no PKCS12KDF support?\n"); BIO_printf(bio_err, "Use -nomac if MAC not required and PKCS12KDF support not available.\n"); goto export_end; } - + } assert(private); out = bio_open_owner(outfile, FORMAT_PKCS12, private); |