Add feature to PKCS12_create() if the encryption NID corresponds to a

supported encryption algorithm instead of a PBE NID then use that
algorithm with PBES2.

diff --git a/crypto/pkcs12/p12_add.c b/crypto/pkcs12/p12_add.c
index 41bdc00551049e109eb96dd9c2faa1707ccfd0f3..509a5a1770816f71cd370933ed1a06f416889397 100644 (file)
--- a/crypto/pkcs12/p12_add.c
+++ b/crypto/pkcs12/p12_add.c
@@ -106,6 +106,7 @@ PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
             PKCS8_PRIV_KEY_INFO *p8)
 {
        PKCS12_SAFEBAG *bag;
             PKCS8_PRIV_KEY_INFO *p8)
 {
        PKCS12_SAFEBAG *bag;

+       const EVP_CIPHER *pbe_ciph;

 
        /* Set up the safe bag */
        if (!(bag = PKCS12_SAFEBAG_new())) {
 
        /* Set up the safe bag */
        if (!(bag = PKCS12_SAFEBAG_new())) {


@@ -114,8 +115,14 @@ PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
        }
 
        bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);
        }
 
        bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);

+
+       pbe_ciph = EVP_get_cipherbynid(pbe_nid);
+
+       if (pbe_ciph)
+               pbe_nid = -1;
+

        if (!(bag->value.shkeybag = 
        if (!(bag->value.shkeybag = 

-         PKCS8_encrypt(pbe_nid, NULL, pass, passlen, salt, saltlen, iter,
+         PKCS8_encrypt(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen, iter,

                                                                         p8))) {
                PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
                return NULL;
                                                                         p8))) {
                PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
                return NULL;


@@ -164,6 +171,7 @@ PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
 {
        PKCS7 *p7;
        X509_ALGOR *pbe;
 {
        PKCS7 *p7;
        X509_ALGOR *pbe;

+       const EVP_CIPHER *pbe_ciph;

        if (!(p7 = PKCS7_new())) {
                PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
                return NULL;
        if (!(p7 = PKCS7_new())) {
                PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
                return NULL;


@@ -173,7 +181,15 @@ PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
                                PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE);
                return NULL;
        }
                                PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE);
                return NULL;
        }

-       if (!(pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen))) {
+
+       pbe_ciph = EVP_get_cipherbynid(pbe_nid);
+
+       if (pbe_ciph)
+               pbe = PKCS5_pbe2_set(pbe_ciph, iter, salt, saltlen);
+       else
+               pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
+
+       if (!pbe) {

                PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
                return NULL;
        }
                PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
                return NULL;
        }