From: Dr. Stephen Henson Date: Wed, 21 May 2014 09:50:19 +0000 (+0100) Subject: Fix for PKCS12_create if no-rc2 specified. X-Git-Tag: OpenSSL_1_0_1h~32 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=da0a95b23a3619d25d7cecf127919cd215c3e28b;p=oweals%2Fopenssl.git Fix for PKCS12_create if no-rc2 specified. Use triple DES for certificate encryption if no-rc2 is specified. PR#3357 (cherry picked from commit 4689c08453e95eeefcc88c9f32dc6e509f95caff) --- diff --git a/crypto/pkcs12/p12_crt.c b/crypto/pkcs12/p12_crt.c index a34915d02d..35e8a4a8d4 100644 --- a/crypto/pkcs12/p12_crt.c +++ b/crypto/pkcs12/p12_crt.c @@ -96,7 +96,11 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; else #endif +#ifdef OPENSSL_NO_RC2 + nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; +#else nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC; +#endif } if (!nid_key) nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; @@ -286,7 +290,11 @@ int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, free_safes = 0; if (nid_safe == 0) +#ifdef OPENSSL_NO_RC2 + nid_safe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; +#else nid_safe = NID_pbe_WithSHA1And40BitRC2_CBC; +#endif if (nid_safe == -1) p7 = PKCS12_pack_p7data(bags);