diff options
Diffstat (limited to 'security/nss/lib/pkcs12/p12e.c')
| -rw-r--r-- | security/nss/lib/pkcs12/p12e.c | 23 |
1 files changed, 16 insertions, 7 deletions
diff --git a/security/nss/lib/pkcs12/p12e.c b/security/nss/lib/pkcs12/p12e.c index cce1ff7c0..4a21d8955 100644 --- a/security/nss/lib/pkcs12/p12e.c +++ b/security/nss/lib/pkcs12/p12e.c @@ -10,6 +10,7 @@ #include "seccomon.h" #include "secport.h" #include "cert.h" +#include "secpkcs5.h" #include "secpkcs7.h" #include "secasn1.h" #include "secerr.h" @@ -378,17 +379,25 @@ SEC_PKCS12CreatePasswordPrivSafe(SEC_PKCS12ExportContext *p12ctxt, safeInfo->itemCount = 0; /* create the encrypted safe */ - safeInfo->cinfo = SEC_PKCS7CreateEncryptedData(privAlg, 0, p12ctxt->pwfn, - p12ctxt->pwfnarg); + if (!SEC_PKCS5IsAlgorithmPBEAlgTag(privAlg) && + PK11_AlgtagToMechanism(privAlg) == CKM_AES_CBC) { + safeInfo->cinfo = SEC_PKCS7CreateEncryptedDataWithPBEV2(SEC_OID_PKCS5_PBES2, + privAlg, + SEC_OID_UNKNOWN, + 0, + p12ctxt->pwfn, + p12ctxt->pwfnarg); + } else { + safeInfo->cinfo = SEC_PKCS7CreateEncryptedData(privAlg, 0, p12ctxt->pwfn, + p12ctxt->pwfnarg); + } if (!safeInfo->cinfo) { PORT_SetError(SEC_ERROR_NO_MEMORY); goto loser; } safeInfo->arena = p12ctxt->arena; - /* convert the password to unicode */ - if (!sec_pkcs12_convert_item_to_unicode(NULL, &uniPwitem, pwitem, - PR_TRUE, PR_TRUE, PR_TRUE)) { + if (!sec_pkcs12_encode_password(NULL, &uniPwitem, privAlg, pwitem)) { PORT_SetError(SEC_ERROR_NO_MEMORY); goto loser; } @@ -1203,8 +1212,8 @@ SEC_PKCS12AddKeyForCert(SEC_PKCS12ExportContext *p12ctxt, SEC_PKCS12SafeInfo *sa SECKEYEncryptedPrivateKeyInfo *epki = NULL; PK11SlotInfo *slot = NULL; - if (!sec_pkcs12_convert_item_to_unicode(p12ctxt->arena, &uniPwitem, - pwitem, PR_TRUE, PR_TRUE, PR_TRUE)) { + if (!sec_pkcs12_encode_password(p12ctxt->arena, &uniPwitem, algorithm, + pwitem)) { PORT_SetError(SEC_ERROR_NO_MEMORY); goto loser; } |