diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2013-05-30 21:39:50 +0100 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2013-05-30 21:39:50 +0100 |
commit | cdb6c48445ded3daafab32e5f266943d07bb512b (patch) | |
tree | 2c254a0e415efca6d76d6406f66097cff690a434 /crypto/pkcs12 | |
parent | 04b727b4dda2988a70457313021ccdbe05ab8252 (diff) |
Don't use RC2 with PKCS#12 files in FIPS mode.
Diffstat (limited to 'crypto/pkcs12')
-rw-r--r-- | crypto/pkcs12/p12_crt.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/crypto/pkcs12/p12_crt.c b/crypto/pkcs12/p12_crt.c index 96b131defa..9d9a25d099 100644 --- a/crypto/pkcs12/p12_crt.c +++ b/crypto/pkcs12/p12_crt.c @@ -90,6 +90,11 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, /* Set defaults */ if (!nid_cert) +#ifdef OPENSSL_FIPS + if (FIPS_mode()) + nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; + else +#endif nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC; if (!nid_key) nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; |