diff options
| author | tb <> | 2025-05-24 02:35:25 +0000 | 
|---|---|---|
| committer | tb <> | 2025-05-24 02:35:25 +0000 | 
| commit | f350ba6f6b4972633e43e05229f0f5afc6b52ac3 (patch) | |
| tree | 20d6fd3b1879ece6d8ea91a1c8ffb7259eb78f37 /src/lib/libc/stdlib/radixsort.c | |
| parent | e2753fa54d2cad84d7268e74fcfcd50b2e9af277 (diff) | |
| download | openbsd-f350ba6f6b4972633e43e05229f0f5afc6b52ac3.tar.gz openbsd-f350ba6f6b4972633e43e05229f0f5afc6b52ac3.tar.bz2 openbsd-f350ba6f6b4972633e43e05229f0f5afc6b52ac3.zip | |
Switch default to PBES2 for openssl pkcs8 -topk8
We currently use the glorious default of NID_pbeWithMD5AndDES_CBC which
we inherited from OpenSSL. This could have been worse - there is also
NID_pbeWithMD2AndDES_CBC...
The way this diff works is that the undocumented PKCS8_encrypt() API
uses the PKCS#5v2 code path when it's passed a NID of -1 and requires
a cipher to succeed, otherwise it uses the PKCS#5v1.5 path. So pass in
a sensible cipher, namely AES-CBC-256, and let layers of muppetry
cascade to doing something resembling the right thing.
This still uses the default of hmacWithSHA1 and a somewhat short salt,
which will be improved in a subsequent commit.
https://github.com/pyca/cryptography/issues/12949
https://github.com/libressl/portable/issues/1168
ok kenjiro joshua jsing
Diffstat (limited to 'src/lib/libc/stdlib/radixsort.c')
0 files changed, 0 insertions, 0 deletions
