From b60272b01fcb4f69201b3e1659b4f7e9e9298dfb Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Fri, 28 Feb 2014 17:23:54 +0000
Subject: [PATCH] PKCS#8 support for alternative PRFs.

Add option to set an alternative to the default hmacWithSHA1 PRF
for PKCS#8 private key encryptions. This is used automatically
by PKCS8_encrypt if the nid specified is a PRF.

Add option to pkcs8 utility.

Update docs.
---
 apps/pkcs8.c            | 16 ++++++++++++++++
 crypto/pkcs12/p12_p8e.c | 11 +++++++++--
 doc/apps/pkcs8.pod      | 12 ++++++++++++
 3 files changed, 37 insertions(+), 2 deletions(-)

diff --git a/apps/pkcs8.c b/apps/pkcs8.c
index 7edeb179dd..dc9e1ef66f 100644
--- a/apps/pkcs8.c
+++ b/apps/pkcs8.c
@@ -135,6 +135,22 @@ int MAIN(int argc, char **argv)
 			else
 				badarg = 1;
 			}
+		else if (!strcmp(*args,"-v2prf"))
+			{
+			if (args[1])
+				{
+				args++;
+				pbe_nid=OBJ_txt2nid(*args);
+				if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, pbe_nid, NULL, NULL, 0))
+					{
+					BIO_printf(bio_err,
+						 "Unknown PRF algorithm %s\n", *args);
+					badarg = 1;
+					}
+				}
+			else
+				badarg = 1;
+			}
 		else if (!strcmp(*args,"-inform"))
 			{
 			if (args[1])
diff --git a/crypto/pkcs12/p12_p8e.c b/crypto/pkcs12/p12_p8e.c
index bf20a77b4c..1adb969fc4 100644
--- a/crypto/pkcs12/p12_p8e.c
+++ b/crypto/pkcs12/p12_p8e.c
@@ -73,8 +73,15 @@ X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
 		goto err;
 	}
 
-	if(pbe_nid == -1) pbe = PKCS5_pbe2_set(cipher, iter, salt, saltlen);
-	else pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
+	if(pbe_nid == -1)
+		pbe = PKCS5_pbe2_set(cipher, iter, salt, saltlen);
+	else if (EVP_PBE_find(EVP_PBE_TYPE_PRF, pbe_nid, NULL, NULL, 0))
+		pbe = PKCS5_pbe2_set_iv(cipher, iter, salt, saltlen, NULL, pbe_nid);
+	else
+		{
+		ERR_clear_error();
+		pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
+		}
 	if(!pbe) {
 		PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_ASN1_LIB);
 		goto err;
diff --git a/doc/apps/pkcs8.pod b/doc/apps/pkcs8.pod
index 84abee78f3..6901f1f3f2 100644
--- a/doc/apps/pkcs8.pod
+++ b/doc/apps/pkcs8.pod
@@ -20,6 +20,7 @@ B<openssl> B<pkcs8>
 [B<-embed>]
 [B<-nsdb>]
 [B<-v2 alg>]
+[B<-v2prf alg>]
 [B<-v1 alg>]
 [B<-engine id>]
 
@@ -118,6 +119,12 @@ private keys with OpenSSL then this doesn't matter.
 The B<alg> argument is the encryption algorithm to use, valid values include
 B<des>, B<des3> and B<rc2>. It is recommended that B<des3> is used.
 
+=item B<-v2prf alg>
+
+This option sets the PRF algorithm to use with PKCS#5 v2.0. A typical value
+values would be B<hmacWithSHA256>. If this option isn't set then the default
+for the cipher is used or B<hmacWithSHA1> if there is no default.
+
 =item B<-v1 alg>
 
 This option specifies a PKCS#5 v1.5 or PKCS#12 algorithm to use. A complete
@@ -195,6 +202,11 @@ DES:
 
  openssl pkcs8 -in key.pem -topk8 -v2 des3 -out enckey.pem
 
+Convert a private from traditional to PKCS#5 v2.0 format using AES with
+256 bits in CBC mode and B<hmacWithSHA256> PRF:
+
+ openssl pkcs8 -in key.pem -topk8 -v2 aes-256-cbc -v2prf hmacWithSHA256 -out enckey.pem
+
 Convert a private key to PKCS#8 using a PKCS#5 1.5 compatible algorithm
 (DES):
 
-- 
2.40.0