Fix for PKCS12_create if no-rc2 specified.

Use triple DES for certificate encryption if no-rc2 is specified. PR#3357
author: Dr. Stephen Henson <steve@openssl.org> 2014-05-21 10:50:19 +0100
committer: Dr. Stephen Henson <steve@openssl.org> 2014-05-21 11:28:57 +0100
commit: 03b5b78c09fb10839a565f341cdc527c675e89ce (patch)
tree: e3fd238c7d453791edbd4606382ddc40ca61f1b6 /crypto/pkcs12
parent: cd302feb5d54166f9a7ca766137f1b33aa91efd8 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/crypto/pkcs12/p12_crt.c b/crypto/pkcs12/p12_crt.c
index a34915d02d..35e8a4a8d4 100644
--- a/crypto/pkcs12/p12_crt.c
+++ b/crypto/pkcs12/p12_crt.c
@@ -96,7 +96,11 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
 			nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
 		else
 #endif
+#ifdef OPENSSL_NO_RC2
+		nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+#else
 		nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
+#endif
 		}
 	if (!nid_key)
 		nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
@@ -286,7 +290,11 @@ int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,
 		free_safes = 0;
 
 	if (nid_safe == 0)
+#ifdef OPENSSL_NO_RC2
+		nid_safe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+#else
 		nid_safe = NID_pbe_WithSHA1And40BitRC2_CBC;
+#endif
 
 	if (nid_safe == -1)
 		p7 = PKCS12_pack_p7data(bags);
author	Dr. Stephen Henson <steve@openssl.org>	2014-05-21 10:50:19 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	2014-05-21 11:28:57 +0100
commit	03b5b78c09fb10839a565f341cdc527c675e89ce (patch)
tree	e3fd238c7d453791edbd4606382ddc40ca61f1b6 /crypto/pkcs12
parent	cd302feb5d54166f9a7ca766137f1b33aa91efd8 (diff)