lib/extensions/openssl.so/ext/sources/crypto/pkcs12/p12_crt.c in rhodes-3.5.1.12 vs lib/extensions/openssl.so/ext/sources/crypto/pkcs12/p12_crt.c in rhodes-5.5.0
- old
+ new
@@ -88,10 +88,17 @@
unsigned char keyid[EVP_MAX_MD_SIZE];
unsigned int keyidlen = 0;
/* Set defaults */
if (!nid_cert)
+ {
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode())
+ nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+ else
+#endif
nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
+ }
if (!nid_key)
nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
if (!iter)
iter = PKCS12_DEFAULT_ITER;
if (!mac_iter)