From e8868c8e83d5051fda0c0e5e00c0655f8fcf6a55 Mon Sep 17 00:00:00 2001 From: Kovid Goyal Date: Mon, 15 Sep 2025 19:03:43 +0530 Subject: [PATCH] certgen: Use AES 256 as the CBC when serializing RSA keys That is the current standard recommendation --- src/calibre/utils/certgen.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/calibre/utils/certgen.c b/src/calibre/utils/certgen.c index 0b55ccfeb4..abac05501b 100644 --- a/src/calibre/utils/certgen.c +++ b/src/calibre/utils/certgen.c @@ -369,8 +369,8 @@ static PyObject* serialize_rsa_key(PyObject *self, PyObject *args) { mem = BIO_new(BIO_s_mem()); if (!mem) {set_error("BIO_new"); goto error; } - if (password && *password) ok = PEM_write_bio_PrivateKey(mem, keypair, EVP_des_ede3_cbc(), NULL, 0, 0, password); - else ok = PEM_write_bio_PrivateKey(mem, keypair, NULL, NULL, 0, 0, NULL); + if (password && *password) ok = PEM_write_bio_PKCS8PrivateKey(mem, keypair, EVP_aes_256_cbc(), NULL, 0, 0, password); + else ok = PEM_write_bio_PKCS8PrivateKey(mem, keypair, NULL, NULL, 0, 0, NULL); if (!ok) { set_error("PEM_write_bio_PrivateKey"); goto error; } sz = BIO_get_mem_data(mem, &p); Py_ssize_t psz = sz;