Update the default macsaltlen and Add the configure for macsaltlen

Fixed #18489

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18550)

CHANGES.md

@@ -24,6 +24,10 @@ OpenSSL 3.1
 
 ### Changes between 3.0 and 3.1 [xx XXX xxxx]
 
+ * Add a mac salt length option for the pkcs12 command.
+
+   *Xinping Chen*
+
  * Add more SRTP protection profiles from RFC8723 and RFC8269.
 
    *Kijin Kim*

apps/pkcs12.c

@@ -20,6 +20,7 @@
 #include <openssl/pkcs12.h>
 #include <openssl/provider.h>
 #include <openssl/kdf.h>
+#include <openssl/rand.h>
 
 #define NOKEYS          0x1
 #define NOCERTS         0x2
@@ -61,7 +62,7 @@ typedef enum OPTION_choice {
 #ifndef OPENSSL_NO_DES
     OPT_DESCERT,
 #endif
-    OPT_EXPORT, OPT_ITER, OPT_NOITER, OPT_MACITER, OPT_NOMACITER,
+    OPT_EXPORT, OPT_ITER, OPT_NOITER, OPT_MACITER, OPT_NOMACITER, OPT_MACSALTLEN,
     OPT_NOMAC, OPT_LMK, OPT_NODES, OPT_NOENC, OPT_MACALG, OPT_CERTPBE, OPT_KEYPBE,
     OPT_INKEY, OPT_CERTFILE, OPT_UNTRUSTED, OPT_PASSCERTS,
     OPT_NAME, OPT_CSP, OPT_CANAME,
@@ -148,6 +149,7 @@ const OPTIONS pkcs12_options[] = {
     {"noiter", OPT_NOITER, '-', "Don't use encryption iteration"},
     {"nomaciter", OPT_NOMACITER, '-', "Don't use MAC iteration)"},
     {"maciter", OPT_MACITER, '-', "Unused, kept for backwards compatibility"},
+    {"macsaltlen", OPT_MACSALTLEN, '-', "Specify the salt len for MAC"},
     {"nomac", OPT_NOMAC, '-', "Don't generate MAC"},
     {NULL}
 };
@@ -165,6 +167,7 @@ int pkcs12_main(int argc, char **argv)
 #endif
     /* use library defaults for the iter, maciter, cert, and key PBE */
     int iter = 0, maciter = 0;
+    int macsaltlen = PKCS12_SALT_LEN;
     int cert_pbe = NID_undef;
     int key_pbe = NID_undef;
     int ret = 1, macver = 1, add_lmk = 0, private = 0;
@@ -261,6 +264,9 @@ int pkcs12_main(int argc, char **argv)
         case OPT_NOMACITER:
             maciter = 1;
             break;
+        case OPT_MACSALTLEN:
+            macsaltlen = opt_int_arg();
+            break;
         case OPT_NOMAC:
             cert_pbe = -1;
             maciter = -1;
@@ -423,6 +429,8 @@ int pkcs12_main(int argc, char **argv)
             WARN_NO_EXPORT("nomaciter");
         if (cert_pbe == -1 && maciter == -1)
             WARN_NO_EXPORT("nomac");
+        if (macsaltlen != 0)
+            WARN_NO_EXPORT("macsaltlen");
     }
 #ifndef OPENSSL_NO_DES
     if (use_legacy) {
@@ -676,13 +684,13 @@ int pkcs12_main(int argc, char **argv)
                 goto opthelp;
         }
 
-        if (maciter != -1)
-            if (!PKCS12_set_mac(p12, mpass, -1, NULL, 0, maciter, macmd)) {
+        if (maciter != -1) {
+            if (!PKCS12_set_mac(p12, mpass, -1, NULL, macsaltlen, maciter, macmd)) {
                 BIO_printf(bio_err, "Error creating PKCS12 MAC; no PKCS12KDF support?\n");
                 BIO_printf(bio_err, "Use -nomac if MAC not required and PKCS12KDF support not available.\n");
                 goto export_end;
             }
-
+        }
         assert(private);
 
         out = bio_open_owner(outfile, FORMAT_PKCS12, private);

doc/man1/openssl-pkcs12.pod.in

@@ -66,6 +66,7 @@ PKCS#12 output (export) options:
 [B<-noiter>]
 [B<-nomaciter>]
 [B<-maciter>]
+[B<-macsaltlen>]
 [B<-nomac>]
 
 =head1 DESCRIPTION
@@ -368,6 +369,12 @@ option.
 This option is included for compatibility with previous versions, it used
 to be needed to use MAC iterations counts but they are now used by default.
 
+=item B<-macsaltlen>
+
+This option specifies the salt length in bytes for the MAC. The salt length 
+should be at least 16 bytes as per NIST SP 800-132. The default value 
+is 8 bytes for backwards compatibility.
+
 =item B<-nomac>
 
 Do not attempt to provide the MAC integrity. This can be useful with the FIPS

include/openssl/pkcs12.h.in

@@ -45,6 +45,7 @@ extern "C" {
 
 # define PKCS12_MAC_KEY_LENGTH 20
 
+/* The macro is expected to be used only internally. Kept for backwards compatibility. */
 # define PKCS12_SALT_LEN 8
 
 /* It's not clear if these are actually needed... */