From: Hubert Kario <hkario@redhat.com>
Date: Wed, 26 Jul 2017 14:25:51 +0000 (+0200)
Subject: more info about PKCS#12 structure MAC
X-Git-Tag: OpenSSL_1_1_1-pre1~974
X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=11a25d34549461ad6ddd61322ed3b54dd4c69686;hp=dc46fc25d7e4388f1a6f972bfdf4e24c2b81a0f7;ds=sidebyside

more info about PKCS#12 structure MAC

report additional information about the MAC used over the
PKCS#12 structure: size of mac and salt as well as the
hash algorithm used for creating it

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1334)
---

diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index 6be6b78e9d..c35f164041 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -523,12 +523,20 @@ int pkcs12_main(int argc, char **argv)
         const ASN1_INTEGER *tmaciter;
         const X509_ALGOR *macalgid;
         const ASN1_OBJECT *macobj;
-        PKCS12_get0_mac(NULL, &macalgid, NULL, &tmaciter, p12);
+        const ASN1_OCTET_STRING *tmac;
+        const ASN1_OCTET_STRING *tsalt;
+
+        PKCS12_get0_mac(&tmac, &macalgid, &tsalt, &tmaciter, p12);
+        /* current hash algorithms do not use parameters so extract just name,
+           in future alg_print() may be needed */
         X509_ALGOR_get0(&macobj, NULL, NULL, macalgid);
         BIO_puts(bio_err, "MAC:");
         i2a_ASN1_OBJECT(bio_err, macobj);
         BIO_printf(bio_err, " Iteration %ld\n",
-                   tmaciter  != NULL ? ASN1_INTEGER_get(tmaciter) : 1L);
+                   tmaciter != NULL ? ASN1_INTEGER_get(tmaciter) : 1L);
+        BIO_printf(bio_err, "MAC length: %ld, salt length: %ld\n",
+                   tmac != NULL ? ASN1_STRING_length(tmac) : 0L,
+                   tsalt != NULL ? ASN1_STRING_length(tsalt) : 0L);
     }
     if (macver) {
         /* If we enter empty password try no password first */