• Antonio Quartulli's avatar
    pkcs5v2: add support for additional hmacSHA algorithms · 12ccef27
    Antonio Quartulli authored
    Currently only SHA1 is supported as PRF algorithm for PBKDF2
    (PKCS#5 v2.0).
    This means that keys encrypted and authenticated using
    another algorithm of the SHA family cannot be decrypted.
    
    This deficiency has become particularly incumbent now that
    PKIs created with OpenSSL1.1 are encrypting keys using
    hmacSHA256 by default (OpenSSL1.0 used PKCS#5 v1.0 by default
    and even if v2 was forced, it would still use hmacSHA1).
    
    Enable support for all the digest algorithms of the SHA
    family for PKCS#5 v2.0.
    Signed-off-by: default avatarAntonio Quartulli <antonio@openvpn.net>
    12ccef27
oid.c 26.1 KB