summaryrefslogtreecommitdiffstats
path: root/crypto/pkcs12/p12_crt.c
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/pkcs12/p12_crt.c')
-rw-r--r--crypto/pkcs12/p12_crt.c16
1 files changed, 15 insertions, 1 deletions
diff --git a/crypto/pkcs12/p12_crt.c b/crypto/pkcs12/p12_crt.c
index 9748256..9522342 100644
--- a/crypto/pkcs12/p12_crt.c
+++ b/crypto/pkcs12/p12_crt.c
@@ -1,5 +1,5 @@
/* p12_crt.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
/* ====================================================================
@@ -59,6 +59,10 @@
#include <stdio.h>
#include "cryptlib.h"
#include <openssl/pkcs12.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag);
@@ -90,7 +94,14 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
/* Set defaults */
if (!nid_cert)
+ {
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode())
+ nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+ else
+#endif
nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
+ }
if (!nid_key)
nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
if (!iter)
@@ -159,6 +170,9 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
p12 = PKCS12_add_safes(safes, 0);
+ if (!p12)
+ goto err;
+
sk_PKCS7_pop_free(safes, PKCS7_free);
safes = NULL;
OpenPOWER on IntegriCloud