aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstate
diff options
context:
space:
mode:
authorlloyd <[email protected]>2012-05-31 21:08:09 +0000
committerlloyd <[email protected]>2012-05-31 21:08:09 +0000
commit149a855bd7b090eb3868efff272e455e568eade4 (patch)
tree08df5d122f0dceb00ac4576c0714a3ab048967c7 /src/libstate
parentb82642c328d98f2aaa1ac17aa0999e69e7152ae8 (diff)
Allow arbitrary ciphers and hashes with PKCS #5 v2.0. The only
requirement is that OIDS for "<cipher>/CBC" and "HMAC(<hash>)" are defined. This does assume the normal parameter set of just the IV, so doesn't work right for (IIRC) RC5, but we don't have an OID set for RC5/CBC anyway. Continue to default to SHA-1 plus AES-256 as prior versions of the library can't handle any hashes other than SHA-1 or any ciphers other than AES or DES. OpenSSL 1.0.0j seems to understand SHA-256 + AES-256, though. BER_Decoder::decode_optional was assuming optional values were explicitly tagged. Now, only take that behavior if the input class tag was for a context specific tagging. Remove abort call for debugging from BER_Decoder Add a new version of DER_Encoder::encode_if for single objects.
Diffstat (limited to 'src/libstate')
-rw-r--r--src/libstate/policy.cpp2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/libstate/policy.cpp b/src/libstate/policy.cpp
index 00e95d2c0..527833e61 100644
--- a/src/libstate/policy.cpp
+++ b/src/libstate/policy.cpp
@@ -74,7 +74,7 @@ void set_default_oids(Library_State& config)
add_oid(config, "2.16.840.1.101.3.4.2.3", "SHA-512");
/* MACs */
- add_oid(config, "1.2.840.113549.2.7", "HMAC(SHA-1)");
+ add_oid(config, "1.2.840.113549.2.7", "HMAC(SHA-160)");
add_oid(config, "1.2.840.113549.2.8", "HMAC(SHA-224)");
add_oid(config, "1.2.840.113549.2.9", "HMAC(SHA-256)");
add_oid(config, "1.2.840.113549.2.10", "HMAC(SHA-384)");