if (pbkdf2_param->keylength != NULL)
keylen = ASN1_INTEGER_get(pbkdf2_param->keylength);
if (keylen <= 0 || keylen > EVP_MAX_MD_SIZE) {
- ERR_raise_data(ERR_LIB_PKCS12, PKCS12_R_PARSE_ERROR, "Invalid Key length");
+ ERR_raise_data(ERR_LIB_PKCS12, PKCS12_R_PARSE_ERROR,
+ "Invalid Key length (%d is not in the range 1..64)", keylen);
goto err;
}
used. For PKCS#12 file parsing only B<-in> and B<-out> need to be used
for PKCS#12 file creation B<-export> and B<-name> are also used.
+When loading using B<-in>, An error will occur if the PKCS12 macdata contains
+PBMAC1 and the related PBKDF2 parameters are missing, or if the associated
+key length is not in the range 1 to 64.
+
If none of the B<-clcerts>, B<-cacerts> or B<-nocerts> options are present
then all certificates will be output in the order they appear in the input
PKCS#12 files. There is no guarantee that the first certificate present is
PKCS12_verify_mac() verifies the PKCS#12 object's HMAC using the supplied
password.
+If the PKCS12 macdata contains PBMAC1 an error will occur if the related PBKDF2
+parameters are missing, or if the associated key length is not in the range 1 to 64.
PKCS12_setup_mac() sets the MAC part of the PKCS#12 structure with the supplied
parameters.
projects / thirdparty / openssl.git / commitdiff
