From 456e0577d6407fd89879cab0a0abff7c6c0e8138 Mon Sep 17 00:00:00 2001
From: Frank Scheiner <scheiner@hlrs.de>
Date: Sun, 21 Jul 2024 18:36:59 +0200
Subject: [PATCH] MyProxy: change private key cipher to EVP_aes_256_cbc()

As per #229 MyProxy still used an old cipher for encrypting private keys.
Changes courtesy of Mischa Salle (@msalle).

Fixes #229.
---
 myproxy/source/ssl_utils.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/myproxy/source/ssl_utils.c b/myproxy/source/ssl_utils.c
index 62ac72127..b71fd92a0 100644
--- a/myproxy/source/ssl_utils.c
+++ b/myproxy/source/ssl_utils.c
@@ -18,6 +18,10 @@
 #define EVP_PKEY_id(k) (k)->type
 #endif
 
+#ifndef MYPROXY_PRIVKEY_CIPHER
+#define MYPROXY_PRIVKEY_CIPHER()  EVP_aes_256_cbc()
+#endif
+
 /**********************************************************************
  *
  * Constants
@@ -808,8 +812,7 @@ ssl_private_key_store_to_file(SSL_CREDENTIALS *creds,
     else
     {
         /* Encrypt with pass phrase */
-        /* XXX This is my best guess at a cipher */
-        cipher = EVP_des_ede3_cbc();
+        cipher = MYPROXY_PRIVKEY_CIPHER();
         pass_phrase_len = strlen(pass_phrase);
     }
 
@@ -1127,8 +1130,7 @@ ssl_proxy_to_pem(SSL_CREDENTIALS                *creds,
     else
     {
         /* Encrypt with pass phrase */
-        /* XXX This is my best guess at a cipher */
-        cipher = EVP_des_ede3_cbc();
+        cipher = MYPROXY_PRIVKEY_CIPHER();
         pass_phrase_len = strlen(pass_phrase);
     }