diff options
| author | lloyd <[email protected]> | 2012-05-31 21:08:09 +0000 |
|---|---|---|
| committer | lloyd <[email protected]> | 2012-05-31 21:08:09 +0000 |
| commit | 149a855bd7b090eb3868efff272e455e568eade4 (patch) | |
| tree | 08df5d122f0dceb00ac4576c0714a3ab048967c7 /src/libstate/policy.cpp | |
| parent | b82642c328d98f2aaa1ac17aa0999e69e7152ae8 (diff) | |
Allow arbitrary ciphers and hashes with PKCS #5 v2.0. The only
requirement is that OIDS for "<cipher>/CBC" and "HMAC(<hash>)" are
defined. This does assume the normal parameter set of just the IV, so
doesn't work right for (IIRC) RC5, but we don't have an OID set for
RC5/CBC anyway. Continue to default to SHA-1 plus AES-256 as prior
versions of the library can't handle any hashes other than SHA-1 or
any ciphers other than AES or DES. OpenSSL 1.0.0j seems to understand
SHA-256 + AES-256, though.
BER_Decoder::decode_optional was assuming optional values were
explicitly tagged. Now, only take that behavior if the input class tag
was for a context specific tagging.
Remove abort call for debugging from BER_Decoder
Add a new version of DER_Encoder::encode_if for single objects.
Diffstat (limited to 'src/libstate/policy.cpp')
| -rw-r--r-- | src/libstate/policy.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/libstate/policy.cpp b/src/libstate/policy.cpp index 00e95d2c0..527833e61 100644 --- a/src/libstate/policy.cpp +++ b/src/libstate/policy.cpp @@ -74,7 +74,7 @@ void set_default_oids(Library_State& config) add_oid(config, "2.16.840.1.101.3.4.2.3", "SHA-512"); /* MACs */ - add_oid(config, "1.2.840.113549.2.7", "HMAC(SHA-1)"); + add_oid(config, "1.2.840.113549.2.7", "HMAC(SHA-160)"); add_oid(config, "1.2.840.113549.2.8", "HMAC(SHA-224)"); add_oid(config, "1.2.840.113549.2.9", "HMAC(SHA-256)"); add_oid(config, "1.2.840.113549.2.10", "HMAC(SHA-384)"); |