diff options
Diffstat (limited to 'src/crypto/pkcs8/pkcs8.c')
-rw-r--r-- | src/crypto/pkcs8/pkcs8.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/crypto/pkcs8/pkcs8.c b/src/crypto/pkcs8/pkcs8.c index ee25ee29..a19b4a3d 100644 --- a/src/crypto/pkcs8/pkcs8.c +++ b/src/crypto/pkcs8/pkcs8.c @@ -486,6 +486,10 @@ int PKCS8_marshal_encrypted_private_key(CBB *out, int pbe_nid, goto err; } + // TODO(davidben): OpenSSL has since extended |pbe_nid| to control either the + // PBES1 scheme or the PBES2 PRF. E.g. passing |NID_hmacWithSHA256| will + // select PBES2 with HMAC-SHA256 as the PRF. Implement this if anything uses + // it. See 5693a30813a031d3921a016a870420e7eb93ec90 in OpenSSL. int alg_ok; if (pbe_nid == -1) { alg_ok = PKCS5_pbe2_encrypt_init(&epki, &ctx, cipher, (unsigned)iterations, |