Fix for PKCS12_create if no-rc2 specified.
authorDr. Stephen Henson <steve@openssl.org>
Wed, 21 May 2014 09:50:19 +0000 (10:50 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Wed, 21 May 2014 10:14:33 +0000 (11:14 +0100)
Use triple DES for certificate encryption if no-rc2 is
specified.

PR#3357
(cherry picked from commit 4689c08453e95eeefcc88c9f32dc6e509f95caff)

crypto/pkcs12/p12_crt.c

index a34915d02d14dee31102ea2d8557789cd933011c..35e8a4a8d4ba226d705a006c2c226984e005ef45 100644 (file)
@@ -96,7 +96,11 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
                        nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
                else
 #endif
+#ifdef OPENSSL_NO_RC2
+               nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+#else
                nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
+#endif
                }
        if (!nid_key)
                nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
@@ -286,7 +290,11 @@ int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,
                free_safes = 0;
 
        if (nid_safe == 0)
+#ifdef OPENSSL_NO_RC2
+               nid_safe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+#else
                nid_safe = NID_pbe_WithSHA1And40BitRC2_CBC;
+#endif
 
        if (nid_safe == -1)
                p7 = PKCS12_pack_p7data(bags);