use saner default parameters for scrypt

[openssl.git] / apps / pkcs8.c

diff --git a/apps/pkcs8.c b/apps/pkcs8.c
index 3d7282eabbcce304f2f77b5d0d4c2c9e300f800e..0968fef9468ffed6d9d4fecf323da69206c87ab6 100644 (file)
--- a/apps/pkcs8.c
+++ b/apps/pkcs8.c
@@ -121,7 +121,7 @@ int pkcs8_main(int argc, char **argv)
     int informat = FORMAT_PEM, outformat = FORMAT_PEM, topk8 = 0, pbe_nid = -1;
     int private = 0;
 #ifndef OPENSSL_NO_SCRYPT
-    unsigned long scrypt_N = 0, scrypt_r = 0, scrypt_p = 0;
+    long scrypt_N = 0, scrypt_r = 0, scrypt_p = 0;
 #endif
 
     prog = opt_init(argc, argv, pkcs8_options);
@@ -203,29 +203,31 @@ int pkcs8_main(int argc, char **argv)
             break;
 #ifndef OPENSSL_NO_SCRYPT
         case OPT_SCRYPT:
-            scrypt_N = 1024;
+            scrypt_N = 16384;
             scrypt_r = 8;
-            scrypt_p = 16;
+            scrypt_p = 1;
             if (cipher == NULL)
                 cipher = EVP_aes_256_cbc();
             break;
         case OPT_SCRYPT_N:
-            if (!opt_ulong(opt_arg(), &scrypt_N))
+            if (!opt_long(opt_arg(), &scrypt_N) || scrypt_N <= 0)
                 goto opthelp;
             break;
         case OPT_SCRYPT_R:
-            if (!opt_ulong(opt_arg(), &scrypt_r))
+            if (!opt_long(opt_arg(), &scrypt_r) || scrypt_r <= 0)
                 goto opthelp;
             break;
         case OPT_SCRYPT_P:
-            if (!opt_ulong(opt_arg(), &scrypt_p))
+            if (!opt_long(opt_arg(), &scrypt_p) || scrypt_p <= 0)
                 goto opthelp;
             break;
 #endif
         }
     }
     argc = opt_num_rest();
-    argv = opt_rest();
+    if (argc != 0)
+        goto opthelp;
+
     private = 1;
 
     if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {