/*
- * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
# include <stdlib.h>
# include <string.h>
# include "apps.h"
+# include "progs.h"
# include <openssl/crypto.h>
# include <openssl/err.h>
# include <openssl/pem.h>
if (cpass != NULL) {
mpass = cpass;
noprompt = 1;
+ if (twopass) {
+ if (export_cert)
+ BIO_printf(bio_err, "Option -twopass cannot be used with -passout or -password\n");
+ else
+ BIO_printf(bio_err, "Option -twopass cannot be used with -passin or -password\n");
+ goto end;
+ }
} else {
cpass = pass;
mpass = macpass;
/* To avoid bit rot */
if (1) {
#ifndef OPENSSL_NO_UI_CONSOLE
- if (EVP_read_pw_string
- (macpass, sizeof macpass, "Enter MAC Password:", export_cert)) {
+ if (EVP_read_pw_string(
+ macpass, sizeof(macpass), "Enter MAC Password:", export_cert)) {
BIO_printf(bio_err, "Can't read Password\n");
goto end;
}
/* To avoid bit rot */
if (1) {
#ifndef OPENSSL_NO_UI_CONSOLE
- if (EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:",
- 1)) {
+ if (EVP_read_pw_string(pass, sizeof(pass),
+ "Enter Export Password:", 1)) {
BIO_printf(bio_err, "Can't read Password\n");
goto export_end;
}
if (!noprompt) {
if (1) {
#ifndef OPENSSL_NO_UI_CONSOLE
- if (EVP_read_pw_string(pass, sizeof pass, "Enter Import Password:",
+ if (EVP_read_pw_string(pass, sizeof(pass), "Enter Import Password:",
0)) {
BIO_printf(bio_err, "Can't read Password\n");
goto end;
}
if (!twopass)
- OPENSSL_strlcpy(macpass, pass, sizeof macpass);
+ OPENSSL_strlcpy(macpass, pass, sizeof(macpass));
if ((options & INFO) && PKCS12_mac_present(p12)) {
const ASN1_INTEGER *tmaciter;
/* current hash algorithms do not use parameters so extract just name,
in future alg_print() may be needed */
X509_ALGOR_get0(&macobj, NULL, NULL, macalgid);
- BIO_puts(bio_err, "MAC:");
+ BIO_puts(bio_err, "MAC: ");
i2a_ASN1_OBJECT(bio_err, macobj);
- BIO_printf(bio_err, " Iteration %ld\n",
+ BIO_printf(bio_err, ", Iteration %ld\n",
tmaciter != NULL ? ASN1_INTEGER_get(tmaciter) : 1L);
BIO_printf(bio_err, "MAC length: %ld, salt length: %ld\n",
tmac != NULL ? ASN1_STRING_length(tmac) : 0L,
BIO_printf(bio_err, ", Iteration %ld, PRF %s",
ASN1_INTEGER_get(kdf->iter), OBJ_nid2sn(prfnid));
PBKDF2PARAM_free(kdf);
+#ifndef OPENSSL_NO_SCRYPT
+ } else if (pbenid == NID_id_scrypt) {
+ SCRYPT_PARAMS *kdf = NULL;
+
+ if (aparamtype == V_ASN1_SEQUENCE)
+ kdf = ASN1_item_unpack(aparam, ASN1_ITEM_rptr(SCRYPT_PARAMS));
+ if (kdf == NULL) {
+ BIO_puts(bio_err, ", <unsupported parameters>");
+ goto done;
+ }
+ BIO_printf(bio_err, ", Salt length: %d, Cost(N): %ld, "
+ "Block size(r): %ld, Paralelizm(p): %ld",
+ ASN1_STRING_length(kdf->salt),
+ ASN1_INTEGER_get(kdf->costParameter),
+ ASN1_INTEGER_get(kdf->blockSize),
+ ASN1_INTEGER_get(kdf->parallelizationParameter));
+ SCRYPT_PARAMS_free(kdf);
+#endif
}
PBE2PARAM_free(pbe2);
} else {