diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2014-02-28 17:23:54 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2014-03-01 23:16:08 +0000 |
commit | 5693a30813a031d3921a016a870420e7eb93ec90 (patch) | |
tree | 0a9f590ad64e6df7d64a732e7f0c18f302e5b537 /crypto/pkcs12/p12_p8e.c | |
parent | 01757858feb3590b175b40d7e0e73da8255d6c50 (diff) |
PKCS#8 support for alternative PRFs.
Add option to set an alternative to the default hmacWithSHA1 PRF
for PKCS#8 private key encryptions. This is used automatically
by PKCS8_encrypt if the nid specified is a PRF.
Add option to pkcs8 utility.
Update docs.
(cherry picked from commit b60272b01fcb4f69201b3e1659b4f7e9e9298dfb)
Diffstat (limited to 'crypto/pkcs12/p12_p8e.c')
-rw-r--r-- | crypto/pkcs12/p12_p8e.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/crypto/pkcs12/p12_p8e.c b/crypto/pkcs12/p12_p8e.c index bf20a77b4c..1adb969fc4 100644 --- a/crypto/pkcs12/p12_p8e.c +++ b/crypto/pkcs12/p12_p8e.c @@ -73,8 +73,15 @@ X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, goto err; } - if(pbe_nid == -1) pbe = PKCS5_pbe2_set(cipher, iter, salt, saltlen); - else pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen); + if(pbe_nid == -1) + pbe = PKCS5_pbe2_set(cipher, iter, salt, saltlen); + else if (EVP_PBE_find(EVP_PBE_TYPE_PRF, pbe_nid, NULL, NULL, 0)) + pbe = PKCS5_pbe2_set_iv(cipher, iter, salt, saltlen, NULL, pbe_nid); + else + { + ERR_clear_error(); + pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen); + } if(!pbe) { PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_ASN1_LIB); goto err; |