diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2015-05-21 00:37:39 +0100 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2015-05-26 13:09:26 +0100 |
commit | 6355d31538fb3d50ba34210e6514cfac1c627243 (patch) | |
tree | b375f4c6110572be6a487c38a10ec36080224656 /apps/pkcs8.c | |
parent | fef034f85ea8b533423d4102cb8f83ef0ac24154 (diff) | |
download | openssl-6355d31538fb3d50ba34210e6514cfac1c627243.tar.gz |
Add function PKCS8_set0_pbe
This adds a new function which will encrypt a private key using PKCS#8
based on an X509_ALGOR structure and reimplements PKCS8_encrypt to use it.
Update pkcs8 utlity to use PKCS8_set0_pbe.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'apps/pkcs8.c')
-rw-r--r-- | apps/pkcs8.c | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/apps/pkcs8.c b/apps/pkcs8.c index 55c4eea0aa..36e8333c1a 100644 --- a/apps/pkcs8.c +++ b/apps/pkcs8.c @@ -226,18 +226,30 @@ int pkcs8_main(int argc, char **argv) goto end; } } else { + X509_ALGOR *pbe; + if (cipher) + pbe = PKCS5_pbe2_set_iv(cipher, iter, NULL, 0, NULL, pbe_nid); + else + pbe = PKCS5_pbe_set(pbe_nid, iter, NULL, 0); + if (pbe == NULL) { + BIO_printf(bio_err, "Error setting PBE algorithm\n"); + ERR_print_errors(bio_err); + goto end; + } if (passout) p8pass = passout; else { p8pass = pass; if (EVP_read_pw_string - (pass, sizeof pass, "Enter Encryption Password:", 1)) + (pass, sizeof pass, "Enter Encryption Password:", 1)) { + X509_ALGOR_free(pbe); goto end; + } } app_RAND_load_file(NULL, 0); - if ((p8 = PKCS8_encrypt(pbe_nid, cipher, - p8pass, strlen(p8pass), - NULL, 0, iter, p8inf)) == NULL) { + p8 = PKCS8_set0_pbe(p8pass, strlen(p8pass), p8inf, pbe); + if (p8 == NULL) { + X509_ALGOR_free(pbe); BIO_printf(bio_err, "Error encrypting key\n"); ERR_print_errors(bio_err); goto end; |