2022-05-26 16:07:24 +00:00
|
|
|
diff -up ./cmd/pk12util/pk12util.c.orig ./cmd/pk12util/pk12util.c
|
|
|
|
--- ./cmd/pk12util/pk12util.c.orig 2021-05-28 02:50:43.000000000 -0700
|
|
|
|
+++ ./cmd/pk12util/pk12util.c 2021-06-15 17:05:37.200262345 -0700
|
|
|
|
@@ -1031,9 +1031,11 @@ main(int argc, char **argv)
|
|
|
|
char *export_file = NULL;
|
|
|
|
char *dbprefix = "";
|
|
|
|
SECStatus rv;
|
|
|
|
- SECOidTag cipher = SEC_OID_AES_256_CBC;
|
|
|
|
- SECOidTag hash = SEC_OID_SHA256;
|
|
|
|
- SECOidTag certCipher = SEC_OID_AES_128_CBC;
|
|
|
|
+ SECOidTag cipher =
|
|
|
|
+ SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC;
|
|
|
|
+ SECOidTag hash = SEC_OID_SHA1;
|
|
|
|
+ SECOidTag certCipher =
|
|
|
|
+ SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC;
|
|
|
|
int keyLen = 0;
|
|
|
|
int certKeyLen = 0;
|
|
|
|
secuCommand pk12util;
|
|
|
|
@@ -1147,6 +1149,9 @@ main(int argc, char **argv)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
+ if (PK11_IsFIPS()) {
|
|
|
|
+ certCipher = SEC_OID_UNKNOWN;
|
|
|
|
+ }
|
|
|
|
if (pk12util.options[opt_CertCipher].activated) {
|
|
|
|
char *cipherString = pk12util.options[opt_CertCipher].arg;
|
|
|
|
|
2024-08-05 18:23:49 +00:00
|
|
|
--- ./cmd/pk12util/pk12util.c.no_pkcs12_macpbe_default 2024-07-18 08:26:35.7732
|
|
|
|
48450 -0700
|
|
|
|
+++ ./cmd/pk12util/pk12util.c 2024-07-18 08:27:05.796595554 -0700
|
|
|
|
@@ -1165,10 +1165,6 @@ main(int argc, char **argv)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
- /* in FIPS mode default to encoding with pkcs5v2 for the MAC */
|
|
|
|
- if (PK11_IsFIPS()) {
|
|
|
|
- hash = SEC_OID_HMAC_SHA256;
|
|
|
|
- }
|
|
|
|
if (pk12util.options[opt_Mac].activated) {
|
|
|
|
char *hashString = pk12util.options[opt_Mac].arg;
|
|
|
|
|
2022-05-26 16:07:24 +00:00
|
|
|
diff -up ./tests/tools/tools.sh.orig ./tests/tools/tools.sh
|
|
|
|
--- ./tests/tools/tools.sh.orig 2021-06-15 17:06:27.650564449 -0700
|
|
|
|
+++ ./tests/tools/tools.sh 2021-06-15 17:07:59.934117192 -0700
|
|
|
|
@@ -47,9 +47,9 @@
|
|
|
|
"PKCS #5 Password Based Encryption with SHA-1 and DES-CBC"
|
|
|
|
|
|
|
|
# if we change the defaults in pk12util, update these variables
|
|
|
|
- export CERT_ENCRYPTION_DEFAULT="AES-128-CBC"
|
|
|
|
- export KEY_ENCRYPTION_DEFAULT="AES-256-CBC"
|
|
|
|
- export HASH_DEFAULT="SHA-256"
|
|
|
|
+ export CERT_ENCRYPTION_DEFAULT=${pkcs12v2pbeWithSha1And40BitRc2Cbc}
|
|
|
|
+ export KEY_ENCRYPTION_DEFAULT=${pkcs12v2pbeWithSha1AndTripleDESCBC}
|
|
|
|
+ export HASH_DEFAULT="SHA-1"
|
|
|
|
|
|
|
|
export PKCS5v1_PBE_CIPHERS="${pkcs5pbeWithMD2AndDEScbc},\
|
|
|
|
${pkcs5pbeWithMD5AndDEScbc},\
|