From 121dd39f9f37e5812d99f0c3cb791803dff0a7a7 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 17 May 2006 18:46:22 +0000 Subject: [PATCH] New option to pkcs12 utility to set alternative MAC digest algorithm. --- CHANGES | 4 ++++ apps/pkcs12.c | 19 ++++++++++++++++++- 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index a7ea7eb08..90f29d201 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,10 @@ Changes between 0.9.8b and 0.9.9 [xx XXX xxxx] + *) New -macalg option to pkcs12 utility to allow setting of an alternative + digest MAC. + [Steve Henson] + *) Initial support for PKCS#5 v2.0 PRFs other than default SHA1 HMAC. Reorganize PBE internals to lookup from a static table using NIDs, add support for HMAC PBE OID translation. Add a EVP_CIPHER ctrl: diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 037aa3f01..ec9cc8911 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -121,6 +121,7 @@ int MAIN(int argc, char **argv) char *passargin = NULL, *passargout = NULL, *passarg = NULL; char *passin = NULL, *passout = NULL; char *inrand = NULL; + char *macalg = NULL; char *CApath = NULL, *CAfile = NULL; #ifndef OPENSSL_NO_ENGINE char *engine=NULL; @@ -170,6 +171,11 @@ int MAIN(int argc, char **argv) maciter = 1; else if (!strcmp (*args, "-nomac")) maciter = -1; + else if (!strcmp (*args, "-macalg")) + if (args[1]) { + args++; + macalg = *args; + } else badarg = 1; else if (!strcmp (*args, "-nodes")) enc=NULL; else if (!strcmp (*args, "-certpbe")) { if (!set_pbe(bio_err, &cert_pbe, *++args)) @@ -393,6 +399,7 @@ int MAIN(int argc, char **argv) EVP_PKEY *key = NULL; X509 *ucert = NULL, *x = NULL; STACK_OF(X509) *certs=NULL; + const EVP_MD *macmd = NULL; unsigned char *catmp = NULL; int i; @@ -554,8 +561,18 @@ int MAIN(int argc, char **argv) goto export_end; } + if (macalg) + { + macmd = EVP_get_digestbyname(macalg); + if (!macmd) + { + BIO_printf(bio_err, "Unknown digest algorithm %s\n", + macalg); + } + } + if (maciter != -1) - PKCS12_set_mac(p12, mpass, -1, NULL, 0, maciter, NULL); + PKCS12_set_mac(p12, mpass, -1, NULL, 0, maciter, macmd); #ifdef CRYPTO_MDEBUG CRYPTO_pop_info();