Change default algorithms in PKCS12_create() and PKCS12_set_mac()

Use the modern defaults as now set in the pkcs12 app. This also allows modifying the application to not override the default values when calling the API. Fixes #14034 Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/14450)
author: Tomas Mraz <tomas@openssl.org> 2021-03-05 22:11:49 +0100
committer: Tomas Mraz <tomas@openssl.org> 2021-03-10 17:12:48 +0100
commit: 762970bd686c4aa8ea7169e7f76d5a4ce665da93 (patch)
tree: acf287acb8166e12129047e936b517a2d01c2542 /crypto/pkcs12/p12_mutl.c
parent: 18fdebf1743bc89bf82a205468c56c274e7baf3b (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c
index 4873d43e24..20984055df 100644
--- a/crypto/pkcs12/p12_mutl.c
+++ b/crypto/pkcs12/p12_mutl.c
@@ -186,8 +186,11 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
     unsigned int maclen;
     ASN1_OCTET_STRING *macoct;
 
-    if (!md_type)
-        md_type = EVP_sha1();
+    if (md_type == NULL)
+        /* No need to do a fetch as the md_type is used only to get a NID */
+        md_type = EVP_sha256();
+    if (!iter)
+        iter = PKCS12_DEFAULT_ITER;
     if (PKCS12_setup_mac(p12, iter, salt, saltlen, md_type) == PKCS12_ERROR) {
         ERR_raise(ERR_LIB_PKCS12, PKCS12_R_MAC_SETUP_ERROR);
         return 0;
author	Tomas Mraz <tomas@openssl.org>	2021-03-05 22:11:49 +0100
committer	Tomas Mraz <tomas@openssl.org>	2021-03-10 17:12:48 +0100
commit	762970bd686c4aa8ea7169e7f76d5a4ce665da93 (patch)
tree	acf287acb8166e12129047e936b517a2d01c2542 /crypto/pkcs12/p12_mutl.c
parent	18fdebf1743bc89bf82a205468c56c274e7baf3b (diff)