15 files changed, 43 insertions, 24 deletions

diff --git a/src/lib/libcrypto/pkcs12/p12_add.c b/src/lib/libcrypto/pkcs12/p12_add.c
index 41bdc00551..1f3e378f5c 100644
--- a/src/lib/libcrypto/pkcs12/p12_add.c
+++ b/src/lib/libcrypto/pkcs12/p12_add.c
@@ -1,5 +1,5 @@
 /* p12_add.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
 /* ====================================================================
diff --git a/src/lib/libcrypto/pkcs12/p12_asn.c b/src/lib/libcrypto/pkcs12/p12_asn.c
index a3739fee1a..6e27633817 100644
--- a/src/lib/libcrypto/pkcs12/p12_asn.c
+++ b/src/lib/libcrypto/pkcs12/p12_asn.c
@@ -1,5 +1,5 @@
 /* p12_asn.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
 /* ====================================================================
diff --git a/src/lib/libcrypto/pkcs12/p12_attr.c b/src/lib/libcrypto/pkcs12/p12_attr.c
index 026cf3826a..68d6c5ad15 100644
--- a/src/lib/libcrypto/pkcs12/p12_attr.c
+++ b/src/lib/libcrypto/pkcs12/p12_attr.c
@@ -1,5 +1,5 @@
 /* p12_attr.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
 /* ====================================================================
diff --git a/src/lib/libcrypto/pkcs12/p12_crpt.c b/src/lib/libcrypto/pkcs12/p12_crpt.c
index 3ad33c49d8..f8b952e27e 100644
--- a/src/lib/libcrypto/pkcs12/p12_crpt.c
+++ b/src/lib/libcrypto/pkcs12/p12_crpt.c
@@ -1,5 +1,5 @@
 /* p12_crpt.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
 /* ====================================================================
diff --git a/src/lib/libcrypto/pkcs12/p12_crt.c b/src/lib/libcrypto/pkcs12/p12_crt.c
index dbafda17b6..e863de52ce 100644
--- a/src/lib/libcrypto/pkcs12/p12_crt.c
+++ b/src/lib/libcrypto/pkcs12/p12_crt.c
@@ -1,5 +1,5 @@
 /* p12_crt.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
 /* ====================================================================
@@ -59,10 +59,27 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/pkcs12.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
 
 
 static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag);
 
+static int copy_bag_attr(PKCS12_SAFEBAG *bag, EVP_PKEY *pkey, int nid)
+        {
+        int idx;
+        X509_ATTRIBUTE *attr;
+        idx = EVP_PKEY_get_attr_by_NID(pkey, nid, -1);
+        if (idx < 0)
+                return 1;
+        attr = EVP_PKEY_get_attr(pkey, idx);
+        if (!X509at_add1_attr(&bag->attrib, attr))
+                return 0;
+        return 1;
+        }
+
 PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
              STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter,
              int keytype)
@@ -77,7 +94,14 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
 
         /* Set defaults */
         if (!nid_cert)
+                {
+#ifdef OPENSSL_FIPS
+                if (FIPS_mode())
+                        nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+                else
+#endif
                 nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
+                }
         if (!nid_key)
                 nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
         if (!iter)
@@ -122,20 +146,15 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
 
         if (pkey)
                 {
-                int cspidx;
                 bag = PKCS12_add_key(&bags, pkey, keytype, iter, nid_key, pass);
 
                 if (!bag)
                         goto err;
 
-                cspidx = EVP_PKEY_get_attr_by_NID(pkey, NID_ms_csp_name, -1);
-                if (cspidx >= 0)
-                        {
-                        X509_ATTRIBUTE *cspattr;
-                        cspattr = EVP_PKEY_get_attr(pkey, cspidx);
-                        if (!X509at_add1_attr(&bag->attrib, cspattr))
-                                goto err;
-                        }
+                if (!copy_bag_attr(bag, pkey, NID_ms_csp_name))
+                        goto err;
+                if (!copy_bag_attr(bag, pkey, NID_LocalKeySet))
+                        goto err;
 
                 if(name && !PKCS12_add_friendlyname(bag, name, -1))
                         goto err;
diff --git a/src/lib/libcrypto/pkcs12/p12_decr.c b/src/lib/libcrypto/pkcs12/p12_decr.c
index 74c961a92b..ba77dbbe32 100644
--- a/src/lib/libcrypto/pkcs12/p12_decr.c
+++ b/src/lib/libcrypto/pkcs12/p12_decr.c
@@ -1,5 +1,5 @@
 /* p12_decr.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
 /* ====================================================================
diff --git a/src/lib/libcrypto/pkcs12/p12_init.c b/src/lib/libcrypto/pkcs12/p12_init.c
index 6bdc132631..d4d84b056a 100644
--- a/src/lib/libcrypto/pkcs12/p12_init.c
+++ b/src/lib/libcrypto/pkcs12/p12_init.c
@@ -1,5 +1,5 @@
 /* p12_init.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
 /* ====================================================================
diff --git a/src/lib/libcrypto/pkcs12/p12_key.c b/src/lib/libcrypto/pkcs12/p12_key.c
index 18e72d0a1b..9e57eee4a4 100644
--- a/src/lib/libcrypto/pkcs12/p12_key.c
+++ b/src/lib/libcrypto/pkcs12/p12_key.c
@@ -1,5 +1,5 @@
 /* p12_key.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
 /* ====================================================================
diff --git a/src/lib/libcrypto/pkcs12/p12_kiss.c b/src/lib/libcrypto/pkcs12/p12_kiss.c
index c2ee2cc6f3..5c4c6ec988 100644
--- a/src/lib/libcrypto/pkcs12/p12_kiss.c
+++ b/src/lib/libcrypto/pkcs12/p12_kiss.c
@@ -1,5 +1,5 @@
 /* p12_kiss.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
 /* ====================================================================
diff --git a/src/lib/libcrypto/pkcs12/p12_mutl.c b/src/lib/libcrypto/pkcs12/p12_mutl.c
index c408cc8ab8..70bfef6e5d 100644
--- a/src/lib/libcrypto/pkcs12/p12_mutl.c
+++ b/src/lib/libcrypto/pkcs12/p12_mutl.c
@@ -1,5 +1,5 @@
 /* p12_mutl.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
 /* ====================================================================
diff --git a/src/lib/libcrypto/pkcs12/p12_npas.c b/src/lib/libcrypto/pkcs12/p12_npas.c
index 48eacc5c49..47e5e9c377 100644
--- a/src/lib/libcrypto/pkcs12/p12_npas.c
+++ b/src/lib/libcrypto/pkcs12/p12_npas.c
@@ -1,5 +1,5 @@
 /* p12_npas.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
 /* ====================================================================
diff --git a/src/lib/libcrypto/pkcs12/p12_p8d.c b/src/lib/libcrypto/pkcs12/p12_p8d.c
index 3c6f377933..deba81e4a9 100644
--- a/src/lib/libcrypto/pkcs12/p12_p8d.c
+++ b/src/lib/libcrypto/pkcs12/p12_p8d.c
@@ -1,5 +1,5 @@
 /* p12_p8d.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2001.
  */
 /* ====================================================================
diff --git a/src/lib/libcrypto/pkcs12/p12_p8e.c b/src/lib/libcrypto/pkcs12/p12_p8e.c
index 3d47956652..bf20a77b4c 100644
--- a/src/lib/libcrypto/pkcs12/p12_p8e.c
+++ b/src/lib/libcrypto/pkcs12/p12_p8e.c
@@ -1,5 +1,5 @@
 /* p12_p8e.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2001.
  */
 /* ====================================================================
diff --git a/src/lib/libcrypto/pkcs12/p12_utl.c b/src/lib/libcrypto/pkcs12/p12_utl.c
index 243ec76be9..ca30ac4f6d 100644
--- a/src/lib/libcrypto/pkcs12/p12_utl.c
+++ b/src/lib/libcrypto/pkcs12/p12_utl.c
@@ -1,5 +1,5 @@
 /* p12_utl.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
 /* ====================================================================
diff --git a/src/lib/libcrypto/pkcs12/pkcs12.h b/src/lib/libcrypto/pkcs12/pkcs12.h
index a2d7e359a0..4bee605dc0 100644
--- a/src/lib/libcrypto/pkcs12/pkcs12.h
+++ b/src/lib/libcrypto/pkcs12/pkcs12.h
@@ -1,5 +1,5 @@
 /* pkcs12.h */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
 /* ====================================================================