From ec42fd986a29d2c552c8d99a6caa63d8b0916428 Mon Sep 17 00:00:00 2001 From: akallabeth Date: Tue, 29 Apr 2025 10:14:33 +0200 Subject: [PATCH] [crypto,key] use EVP_aes_256_xts This mode is supported by all OpenSSL and libressl >= 2.9.1 versions. --- libfreerdp/crypto/privatekey.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libfreerdp/crypto/privatekey.c b/libfreerdp/crypto/privatekey.c index 5b126993b..a50fb5743 100644 --- a/libfreerdp/crypto/privatekey.c +++ b/libfreerdp/crypto/privatekey.c @@ -660,7 +660,7 @@ char* freerdp_key_get_pem(const rdpPrivateKey* key, size_t* plen, const char* pa const EVP_CIPHER* enc = NULL; if (password) - enc = EVP_aes_256_cbc_hmac_sha256(); + enc = EVP_aes_256_xts(); const int status = PEM_write_bio_PrivateKey(bio, key->evp, enc, NULL, 0, 0, WINPR_CAST_CONST_PTR_AWAY(password, void*));