sha1-x86_64.pl: add missing rex prefix in shaext.

[oweals/openssl.git] / crypto / pkcs12 / p12_p8e.c

diff --git a/crypto/pkcs12/p12_p8e.c b/crypto/pkcs12/p12_p8e.c
index 7a17b31b5d7486dbe8c51365802db7ba4a1ece52..1adb969fc40068bf82055a9ebeccf218f3a379e4 100644 (file)
--- a/crypto/pkcs12/p12_p8e.c
+++ b/crypto/pkcs12/p12_p8e.c
@@ -1,5 +1,5 @@
 /* p12_p8e.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2001.
  */
 /* ====================================================================
@@ -65,7 +65,7 @@ X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
                         unsigned char *salt, int saltlen, int iter,
                                                PKCS8_PRIV_KEY_INFO *p8inf)
 {
-       X509_SIG *p8;
+       X509_SIG *p8 = NULL;
        X509_ALGOR *pbe;
 
        if (!(p8 = X509_SIG_new())) {
@@ -73,8 +73,15 @@ X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
                goto err;
        }
 
-       if(pbe_nid == -1) pbe = PKCS5_pbe2_set(cipher, iter, salt, saltlen);
-       else pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
+       if(pbe_nid == -1)
+               pbe = PKCS5_pbe2_set(cipher, iter, salt, saltlen);
+       else if (EVP_PBE_find(EVP_PBE_TYPE_PRF, pbe_nid, NULL, NULL, 0))
+               pbe = PKCS5_pbe2_set_iv(cipher, iter, salt, saltlen, NULL, pbe_nid);
+       else
+               {
+               ERR_clear_error();
+               pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
+               }
        if(!pbe) {
                PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_ASN1_LIB);
                goto err;