Fix for PKCS12_create if no-rc2 specified.

Use triple DES for certificate encryption if no-rc2 is
specified.

PR#3357
(cherry picked from commit 2e2a6d0ecd8f6984c692078ec2e2683690e0bc59)

diff --git a/crypto/pkcs12/p12_crt.c b/crypto/pkcs12/p12_crt.c
index 96b131defa0cadb3df00e170698913c5952257f2..f78aecf41786e76e489e44a02724bd35f916e2c9 100644 (file)
--- a/crypto/pkcs12/p12_crt.c
+++ b/crypto/pkcs12/p12_crt.c
@@ -90,7 +90,11 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
 
        /* Set defaults */
        if (!nid_cert)
+#ifdef OPENSSL_NO_RC2
+               nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+#else
                nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
+#endif
        if (!nid_key)
                nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
        if (!iter)
@@ -279,7 +283,11 @@ int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,
                free_safes = 0;
 
        if (nid_safe == 0)
+#ifdef OPENSSL_NO_RC2
+               nid_safe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+#else
                nid_safe = NID_pbe_WithSHA1And40BitRC2_CBC;
+#endif
 
        if (nid_safe == -1)
                p7 = PKCS12_pack_p7data(bags);