diff options
| -rw-r--r-- | configure.ac | 10 | ||||
| -rw-r--r-- | lib/x509/pkcs7-crypt.c | 2 |
2 files changed, 11 insertions, 1 deletions
diff --git a/configure.ac b/configure.ac index a871199823..667e07fdc2 100644 --- a/configure.ac +++ b/configure.ac @@ -601,6 +601,16 @@ if [ test "$enable_fips" = "yes" ];then fi fi +AC_ARG_WITH([pkcs12-iter-count], + [AS_HELP_STRING([--with-pkcs12-iter-count], + [specify iteration count for PKCS\#12 key derivation @<:@default=600000@:>@])], + [pkcs12_iter_count="$withval"], + [pkcs12_iter_count=600000]) + +AC_DEFINE_UNQUOTED([PKCS12_ITER_COUNT], [$pkcs12_iter_count], + [The iteration count for PKCS\#12 key derivation]) +AC_SUBST([PKCS12_ITER_COUNT], [$pkcs12_iter_count]) + PKG_CHECK_MODULES(CMOCKA, [cmocka >= 1.0.1], [with_cmocka=yes], [with_cmocka=no]) AM_CONDITIONAL(HAVE_CMOCKA, test "$with_cmocka" != "no") diff --git a/lib/x509/pkcs7-crypt.c b/lib/x509/pkcs7-crypt.c index 7c153c051e..c1e7bef21c 100644 --- a/lib/x509/pkcs7-crypt.c +++ b/lib/x509/pkcs7-crypt.c @@ -1552,7 +1552,7 @@ _gnutls_pkcs_generate_key(schema_id schema, goto cleanup; } - kdf_params->iter_count = 5 * 1024 + rnd[0]; + kdf_params->iter_count = PKCS12_ITER_COUNT; key->size = kdf_params->key_size = gnutls_cipher_get_key_size(enc_params->cipher); |