Don't use RC2 with PKCS#12 files in FIPS mode.

(cherry picked from commit cdb6c48445ded3daafab32e5f266943d07bb512b)
author: Dr. Stephen Henson <steve@openssl.org> 2013-05-30 21:39:50 +0100
committer: Dr. Stephen Henson <steve@openssl.org> 2013-06-05 15:06:02 +0100
commit: af908bc48b64ef80dec48263f791d6a4e2874232 (patch)
tree: 46b5183c1ebf5c5122d44acfca2c4d3a49c09d00 /crypto/pkcs12
parent: 233ebcb543b25135643c2954e469248d7adc1d21 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/crypto/pkcs12/p12_crt.c b/crypto/pkcs12/p12_crt.c
index 96b131defa..9d9a25d099 100644
--- a/crypto/pkcs12/p12_crt.c
+++ b/crypto/pkcs12/p12_crt.c
@@ -90,6 +90,11 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
 
 	/* Set defaults */
 	if (!nid_cert)
+#ifdef OPENSSL_FIPS
+		if (FIPS_mode())
+			nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+		else
+#endif
 		nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
 	if (!nid_key)
 		nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
author	Dr. Stephen Henson <steve@openssl.org>	2013-05-30 21:39:50 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	2013-06-05 15:06:02 +0100
commit	af908bc48b64ef80dec48263f791d6a4e2874232 (patch)
tree	46b5183c1ebf5c5122d44acfca2c4d3a49c09d00 /crypto/pkcs12
parent	233ebcb543b25135643c2954e469248d7adc1d21 (diff)