certtool: honour --hash option when generating PKCS#12 files

Use algorithm specified with --hash option when generating MAC for PKCS#12 file, allowing user to select algorithms other than SHA-1. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
author: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> 2018-06-15 13:06:41 +0300
committer: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> 2018-06-23 12:20:17 +0300
commit: 5a8b7971a5e8115de52427d58e8e5167479a7c07 (patch)
tree: f03bc75307c5630daba301db430e83a930a287ea
parent: 9a422fd151ebadc5e20e394aaa6ef6b1ed62b688 (diff)
download: gnutls-5a8b7971a5e8115de52427d58e8e5167479a7c07.tar.gz
1 files changed, 7 insertions, 1 deletions
diff --git a/src/certtool.c b/src/certtool.c
index 13f36a60fa..315c23c527 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -2913,6 +2913,7 @@ void generate_pkcs12(common_info_st * cinfo)
 	gnutls_x509_crl_t *crls;
 	gnutls_x509_crt_t *crts, ca_crt;
 	gnutls_x509_privkey_t *keys;
+	gnutls_mac_algorithm_t mac;
 	int result;
 	size_t size;
 	gnutls_datum_t data;
@@ -2939,6 +2940,11 @@ void generate_pkcs12(common_info_st * cinfo)
 		app_exit(1);
 	}
 
+	if (cinfo->hash != GNUTLS_DIG_UNKNOWN)
+		mac = cinfo->hash;
+	else
+		mac = GNUTLS_MAC_SHA1;
+
 	if (HAVE_OPT(P12_NAME)) {
 		name = OPT_ARG(P12_NAME);
 	} else {
@@ -3165,7 +3171,7 @@ void generate_pkcs12(common_info_st * cinfo)
 		gnutls_pkcs12_bag_deinit(kbag);
 	}
 
-	result = gnutls_pkcs12_generate_mac(pkcs12, pass);
+	result = gnutls_pkcs12_generate_mac2(pkcs12, mac, pass);
 	if (result < 0) {
 		fprintf(stderr, "generate_mac: %s\n",
 			gnutls_strerror(result));
author	Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>	2018-06-15 13:06:41 +0300
committer	Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>	2018-06-23 12:20:17 +0300
commit	5a8b7971a5e8115de52427d58e8e5167479a7c07 (patch)
tree	f03bc75307c5630daba301db430e83a930a287ea
parent	9a422fd151ebadc5e20e394aaa6ef6b1ed62b688 (diff)
download	gnutls-5a8b7971a5e8115de52427d58e8e5167479a7c07.tar.gz