From: Daiki Ueno <ueno@gnu.org>
Date: Tue, 21 Dec 2021 14:17:55 +0000 (+0100)
Subject: _gnutls_pkcs_generate_key: use HMAC-SHA256 for PBKDF2
X-Git-Tag: 3.7.3~8^2~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c87f5aa5fd5a807a4444e428063db3f8635d378d;p=thirdparty%2Fgnutls.git

_gnutls_pkcs_generate_key: use HMAC-SHA256 for PBKDF2

Signed-off-by: Daiki Ueno <ueno@gnu.org>
---

diff --git a/lib/x509/pkcs7-crypt.c b/lib/x509/pkcs7-crypt.c
index c1e7bef21c..e714861bfe 100644
--- a/lib/x509/pkcs7-crypt.c
+++ b/lib/x509/pkcs7-crypt.c
@@ -1576,7 +1576,7 @@ _gnutls_pkcs_generate_key(schema_id schema,
 			 p->schema == PBES2_GOST28147_89_CPD)
 			kdf_params->mac = GNUTLS_MAC_GOSTR_94;
 		else
-			kdf_params->mac = GNUTLS_MAC_SHA1;
+			kdf_params->mac = GNUTLS_MAC_SHA256;
 		ret = _gnutls_pbes2_string_to_key(pass_len, password,
 						  kdf_params,
 						  kdf_params->key_size,