1 files changed, 18 insertions, 2 deletions
diff --git a/src/lib/libcrypto/pkcs12/p12_add.c b/src/lib/libcrypto/pkcs12/p12_add.c
index 1f3e378f5c..27ac5facfa 100644
--- a/src/lib/libcrypto/pkcs12/p12_add.c
+++ b/src/lib/libcrypto/pkcs12/p12_add.c
@@ -106,6 +106,7 @@ PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
             PKCS8_PRIV_KEY_INFO *p8)
 {
        PKCS12_SAFEBAG *bag;
+        const EVP_CIPHER *pbe_ciph;
        /* Set up the safe bag */
        if (!(bag = PKCS12_SAFEBAG_new())) {
@@ -114,8 +115,14 @@ PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
        }
        bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);
+        pbe_ciph = EVP_get_cipherbynid(pbe_nid);
+        if (pbe_ciph)
+                pbe_nid = -1;
        if (!(bag->value.shkeybag = 
-          PKCS8_encrypt(pbe_nid, NULL, pass, passlen, salt, saltlen, iter,
+          PKCS8_encrypt(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen, iter,
                                                                         p8))) {
                PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
                return NULL;
@@ -164,6 +171,7 @@ PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
 {
        PKCS7 *p7;
        X509_ALGOR *pbe;
+        const EVP_CIPHER *pbe_ciph;
        if (!(p7 = PKCS7_new())) {
                PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
                return NULL;
@@ -173,7 +181,15 @@ PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
                                PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE);
                return NULL;
        }
-        if (!(pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen))) {
+        pbe_ciph = EVP_get_cipherbynid(pbe_nid);
+        if (pbe_ciph)
+                pbe = PKCS5_pbe2_set(pbe_ciph, iter, salt, saltlen);
+        else
+                pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
+        if (!pbe) {
                PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
                return NULL;
        }

diff --git a/src/lib/libcrypto/pkcs12/p12_add.c b/src/lib/libcrypto/pkcs12/p12_add.c index 1f3e378f5c..27ac5facfa 100644 --- a/src/lib/libcrypto/pkcs12/p12_add.c +++ b/src/lib/libcrypto/pkcs12/p12_add.c
@@ -106,6 +106,7 @@ PKCS12_SAFEBAG PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char pass,
106	PKCS8_PRIV_KEY_INFO *p8)	106	PKCS8_PRIV_KEY_INFO *p8)
107	{	107	{
108	PKCS12_SAFEBAG *bag;	108	PKCS12_SAFEBAG *bag;
		109	const EVP_CIPHER *pbe_ciph;
109		110
110	/* Set up the safe bag */	111	/* Set up the safe bag */
111	if (!(bag = PKCS12_SAFEBAG_new())) {	112	if (!(bag = PKCS12_SAFEBAG_new())) {
@@ -114,8 +115,14 @@ PKCS12_SAFEBAG PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char pass,
114	}	115	}
115		116
116	bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);	117	bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);
		118
		119	pbe_ciph = EVP_get_cipherbynid(pbe_nid);
		120
		121	if (pbe_ciph)
		122	pbe_nid = -1;
		123
117	if (!(bag->value.shkeybag =	124	if (!(bag->value.shkeybag =
118	PKCS8_encrypt(pbe_nid, NULL, pass, passlen, salt, saltlen, iter,	125	PKCS8_encrypt(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen, iter,
119	p8))) {	126	p8))) {
120	PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);	127	PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
121	return NULL;	128	return NULL;
@@ -164,6 +171,7 @@ PKCS7 PKCS12_pack_p7encdata(int pbe_nid, const char pass, int passlen,
164	{	171	{
165	PKCS7 *p7;	172	PKCS7 *p7;
166	X509_ALGOR *pbe;	173	X509_ALGOR *pbe;
		174	const EVP_CIPHER *pbe_ciph;
167	if (!(p7 = PKCS7_new())) {	175	if (!(p7 = PKCS7_new())) {
168	PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);	176	PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
169	return NULL;	177	return NULL;
@@ -173,7 +181,15 @@ PKCS7 PKCS12_pack_p7encdata(int pbe_nid, const char pass, int passlen,
173	PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE);	181	PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE);
174	return NULL;	182	return NULL;
175	}	183	}
176	if (!(pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen))) {	184
		185	pbe_ciph = EVP_get_cipherbynid(pbe_nid);
		186
		187	if (pbe_ciph)
		188	pbe = PKCS5_pbe2_set(pbe_ciph, iter, salt, saltlen);
		189	else
		190	pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
		191
		192	if (!pbe) {
177	PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);	193	PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
178	return NULL;	194	return NULL;
179	}	195	}