diff options
Diffstat (limited to 'crypto/pkcs12/p12_crt.c')
-rw-r--r-- | crypto/pkcs12/p12_crt.c | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/crypto/pkcs12/p12_crt.c b/crypto/pkcs12/p12_crt.c index 9748256..9522342 100644 --- a/crypto/pkcs12/p12_crt.c +++ b/crypto/pkcs12/p12_crt.c @@ -1,5 +1,5 @@ /* p12_crt.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ /* ==================================================================== @@ -59,6 +59,10 @@ #include <stdio.h> #include "cryptlib.h" #include <openssl/pkcs12.h> +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif + static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag); @@ -90,7 +94,14 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, /* Set defaults */ if (!nid_cert) + { +#ifdef OPENSSL_FIPS + if (FIPS_mode()) + nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; + else +#endif nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC; + } if (!nid_key) nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; if (!iter) @@ -159,6 +170,9 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, p12 = PKCS12_add_safes(safes, 0); + if (!p12) + goto err; + sk_PKCS7_pop_free(safes, PKCS7_free); safes = NULL; |