pkcs12 FIPS changes.

author Dr. Stephen Henson <steve@openssl.org>

Mon, 15 Sep 2008 20:16:04 +0000 (20:16 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Mon, 15 Sep 2008 20:16:04 +0000 (20:16 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Mon, 15 Sep 2008 20:16:04 +0000 (20:16 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Mon, 15 Sep 2008 20:16:04 +0000 (20:16 +0000)
diff --git a/crypto/pkcs12/p12_crt.c b/crypto/pkcs12/p12_crt.c

index 9748256b6fe1c95b0bbecc4ebbb60aa3795ece68..036ad173a54b1e48dc5bd42415b030f9560f8fb2 100644 (file)
--- a/crypto/pkcs12/p12_crt.c
+++ b/crypto/pkcs12/p12_crt.c
@@ -59,6 +59,10 @@
  #include <stdio.h>
  #include "cryptlib.h"
  #include <openssl/pkcs12.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
  
  
  static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag);
@@ -90,7 +94,14 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
  
         /* Set defaults */
         if (!nid_cert)
+               {
+#ifdef OPENSSL_FIPS
+               if (FIPS_mode())
+                       nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+               else
+#endif
                 nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
+               }
         if (!nid_key)
                 nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
         if (!iter)
author	Dr. Stephen Henson <steve@openssl.org>
	Mon, 15 Sep 2008 20:16:04 +0000 (20:16 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Mon, 15 Sep 2008 20:16:04 +0000 (20:16 +0000)