diff options
| author | Ade Lee <alee@redhat.com> | 2017-04-27 11:10:36 -0400 |
|---|---|---|
| committer | Ade Lee <alee@redhat.com> | 2017-04-27 12:56:42 -0400 |
| commit | 3cc50b49e2a18344937702bd1b170b9faf738845 (patch) | |
| tree | b3c3b19acdc2a85378db694ad9c41889e8d4026d /base/common/python | |
| parent | da624993c302a81a11f37f984d75c37a467dc5e5 (diff) | |
| download | pki-3cc50b49e2a18344937702bd1b170b9faf738845.tar.gz pki-3cc50b49e2a18344937702bd1b170b9faf738845.tar.xz pki-3cc50b49e2a18344937702bd1b170b9faf738845.zip | |
Modify the key client to default to 3DES
When no algorithm OID is provided, we used to default to 3DES.
We need to continue to do this to not break IPA.
Change-Id: I620c3d7cec71be1a529056acc6bf3940e25f2f9d
Diffstat (limited to 'base/common/python')
| -rw-r--r-- | base/common/python/pki/key.py | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/base/common/python/pki/key.py b/base/common/python/pki/key.py index e782d54c0..9313b0e59 100644 --- a/base/common/python/pki/key.py +++ b/base/common/python/pki/key.py @@ -514,7 +514,7 @@ class KeyClient(object): pki.util.read_environment_files() client_keyset = os.getenv('KEY_WRAP_PARAMETER_SET') if client_keyset is not None: - return client_keyset + return int(client_keyset) return 0 def get_server_keyset(self): @@ -795,7 +795,7 @@ class KeyClient(object): data_type, encrypted_data, wrapped_session_key, - algorithm_oid=None, + algorithm_oid=self.encrypt_alg_oid, nonce_iv=nonce_iv, key_algorithm=key_algorithm, key_size=key_size, @@ -850,8 +850,10 @@ class KeyClient(object): raise TypeError('Missing wrapped session key') if not algorithm_oid: - algorithm_oid = pki.crypto.AES_128_CBC_OID - # algorithm_oid = KeyClient.DES_EDE3_CBC_OID + # legacy apps like IPA call this directly without + # setting the algorithm_oid. We need to keep DES + # for backward compatibility + algorithm_oid = pki.crypto.DES_EDE3_CBC_OID if not nonce_iv: raise TypeError('Missing nonce IV') |