generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix for PKCS12_create if no-rc2 specified.

Browse Source 
Use triple DES for certificate encryption if no-rc2 is
specified.

PR#3357
This commit is contained in:
Dr. Stephen Henson 2014-05-21 10:50:19 +01:00
parent cd302feb5d
commit 03b5b78c09
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
crypto/pkcs12/p12_crt.c
View File

@ -96,7 +96,11 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
else else
#endif #endif
#ifdef OPENSSL_NO_RC2
nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
#else
nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC; nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
#endif
} }
if (!nid_key) if (!nid_key)
nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
@ -286,7 +290,11 @@ int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,
free_safes = 0; free_safes = 0;
if (nid_safe == 0) if (nid_safe == 0)
#ifdef OPENSSL_NO_RC2
nid_safe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
#else
nid_safe = NID_pbe_WithSHA1And40BitRC2_CBC; nid_safe = NID_pbe_WithSHA1And40BitRC2_CBC;
#endif
if (nid_safe == -1) if (nid_safe == -1)
p7 = PKCS12_pack_p7data(bags); p7 = PKCS12_pack_p7data(bags);