Add feature to PKCS12_create() if the encryption NID corresponds to a

supported encryption algorithm instead of a PBE NID then use that algorithm with PBES2.
2006-05-15 00:45:10 +00:00 · 2006-05-15 00:45:10 +00:00 · b0e69a0500
commit b0e69a0500
parent 856640b54f
1 changed files with 18 additions and 2 deletions
--- a/crypto/pkcs12/p12_add.c
+++ b/crypto/pkcs12/p12_add.c
@ -106,6 +106,7 @@ PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
 	     PKCS8_PRIV_KEY_INFO *p8)
 {
 	PKCS12_SAFEBAG *bag;
 	const EVP_CIPHER *pbe_ciph;
 	/* Set up the safe bag */
 	if (!(bag = PKCS12_SAFEBAG_new())) {
@ -114,8 +115,14 @@ PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
 	}
 	bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);
 	pbe_ciph = EVP_get_cipherbynid(pbe_nid);
 	if (pbe_ciph)
 		pbe_nid = -1;
 	if (!(bag->value.shkeybag = 
-	  PKCS8_encrypt(pbe_nid, NULL, pass, passlen, salt, saltlen, iter,
+	  PKCS8_encrypt(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen, iter,
 									 p8))) {
 		PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
 		return NULL;
@ -164,6 +171,7 @@ PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
 {
 	PKCS7 *p7;
 	X509_ALGOR *pbe;
 	const EVP_CIPHER *pbe_ciph;
 	if (!(p7 = PKCS7_new())) {
 		PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
 		return NULL;
@ -173,7 +181,15 @@ PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
 				PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE);
 		return NULL;
 	}
-	if (!(pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen))) {
+
 	pbe_ciph = EVP_get_cipherbynid(pbe_nid);
 	if (pbe_ciph)
 		pbe = PKCS5_pbe2_set(pbe_ciph, iter, salt, saltlen);
 	else
 		pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
 	if (!pbe) {
 		PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
 		return NULL;
 	}