[openssl-commits] [openssl] master update
Dr. Stephen Henson
steve at openssl.org
Wed May 11 19:38:55 UTC 2016
The branch master has been updated
via 538dbbc6f77bf8080305082bdb8e961eaca053b6 (commit)
via 8fc06e8860d91aefa32f0de2dd7d46a719b81cad (commit)
from 2ab851b779a77d119e1677b2495b368a46d83eef (commit)
- Log -----------------------------------------------------------------
commit 538dbbc6f77bf8080305082bdb8e961eaca053b6
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Wed May 11 19:14:54 2016 +0100
typo
RT#4442
Reviewed-by: Emilia Käsper <emilia at openssl.org>
commit 8fc06e8860d91aefa32f0de2dd7d46a719b81cad
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Wed May 11 12:41:58 2016 +0100
Update pkcs8 defaults.
Update pkcs8 utility to use 256 bit AES using SHA256 by default.
Update documentation.
Reviewed-by: Viktor Dukhovni <viktor at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
CHANGES | 4 ++++
apps/pkcs8.c | 6 ++++--
crypto/asn1/p5_pbev2.c | 2 +-
doc/apps/pkcs8.pod | 46 ++++++++++++++++++++++------------------------
engines/afalg/e_afalg.c | 2 +-
5 files changed, 32 insertions(+), 28 deletions(-)
diff --git a/CHANGES b/CHANGES
index 55e7aa4..0b533ac 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,10 @@
Changes between 1.0.2g and 1.1.0 [xx XXX xxxx]
+ *) Change default algorithms in pkcs8 utility to use PKCS#5 v2.0,
+ 256 bit AES and HMAC with SHA256.
+ [Steve Henson]
+
*) Remove support for MIPS o32 ABI on IRIX (and IRIX only).
[Andy Polyakov]
diff --git a/apps/pkcs8.c b/apps/pkcs8.c
index cd4e76b..d7ac5cb 100644
--- a/apps/pkcs8.c
+++ b/apps/pkcs8.c
@@ -177,6 +177,8 @@ int pkcs8_main(int argc, char **argv)
"%s: Unknown PRF algorithm %s\n", prog, opt_arg());
goto opthelp;
}
+ if (cipher == NULL)
+ cipher = EVP_aes_256_cbc();
break;
case OPT_ITER:
if (!opt_int(opt_arg(), &iter))
@@ -225,8 +227,8 @@ int pkcs8_main(int argc, char **argv)
goto end;
}
- if ((pbe_nid == -1) && !cipher)
- pbe_nid = NID_pbeWithMD5AndDES_CBC;
+ if ((pbe_nid == -1) && cipher == NULL)
+ cipher = EVP_aes_256_cbc();
in = bio_open_default(infile, 'r', informat);
if (in == NULL)
diff --git a/crypto/asn1/p5_pbev2.c b/crypto/asn1/p5_pbev2.c
index 244706a..9bf6d00 100644
--- a/crypto/asn1/p5_pbev2.c
+++ b/crypto/asn1/p5_pbev2.c
@@ -140,7 +140,7 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
if ((prf_nid == -1) &&
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0) {
ERR_clear_error();
- prf_nid = NID_hmacWithSHA1;
+ prf_nid = NID_hmacWithSHA256;
}
EVP_CIPHER_CTX_free(ctx);
ctx = NULL;
diff --git a/doc/apps/pkcs8.pod b/doc/apps/pkcs8.pod
index 8d28a12..6b52685 100644
--- a/doc/apps/pkcs8.pod
+++ b/doc/apps/pkcs8.pod
@@ -57,7 +57,7 @@ private key is used.
=item B<-outform DER|PEM>
-This specifies the output format, the options have the same meaning as the
+This specifies the output format, the options have the same meaning as the
B<-inform> option.
=item B<-in filename>
@@ -100,28 +100,26 @@ code signing software used unencrypted private keys.
=item B<-v2 alg>
-This option enables the use of PKCS#5 v2.0 algorithms. Normally PKCS#8
-private keys are encrypted with the password based encryption algorithm
-called B<pbeWithMD5AndDES-CBC> this uses 56 bit DES encryption but it
-was the strongest encryption algorithm supported in PKCS#5 v1.5. Using
-the B<-v2> option PKCS#5 v2.0 algorithms are used which can use any
-encryption algorithm such as 168 bit triple DES or 128 bit RC2 however
-not many implementations support PKCS#5 v2.0 yet. If you are just using
-private keys with OpenSSL then this doesn't matter.
+This option sets the PKCS#5 v2.0 algorithm.
The B<alg> argument is the encryption algorithm to use, valid values include
-B<des>, B<des3> and B<rc2>. It is recommended that B<des3> is used.
+B<aes128>, B<aes256> and B<des3>. If this option isn't specified then B<aes256>
+is used.
=item B<-v2prf alg>
This option sets the PRF algorithm to use with PKCS#5 v2.0. A typical value
-values would be B<hmacWithSHA256>. If this option isn't set then the default
-for the cipher is used or B<hmacWithSHA1> if there is no default.
+value would be B<hmacWithSHA256>. If this option isn't set then the default
+for the cipher is used or B<hmacWithSHA256> if there is no default.
+
+Some implementations may not support custom PRF algorithms and may require
+the B<hmacWithSHA1> option to work.
=item B<-v1 alg>
-This option specifies a PKCS#5 v1.5 or PKCS#12 algorithm to use. A complete
-list of possible algorithms is included below.
+This option indicates a PKCS#5 v1.5 or PKCS#12 algorithm should be used. Some
+older implementations may not support PKCS#5 v2.0 and may require this option.
+If not specified PKCS#5 v2.0 for is used.
=item B<-engine id>
@@ -145,6 +143,13 @@ sets the scrypt B<N>, B<r> or B<p> parameters.
=head1 NOTES
+By default, when converting a key to PKCS#8 format, PKCS#5 v2.0 using 256 bit
+AES with HMAC and SHA256 is used.
+
+Some older implementations do not support PKCS#5 v2.0 format and require
+the older PKCS#5 v1.5 form instead, possibly also requiring insecure weak
+encryption algorithms such as 56 bit DES.
+
The encrypted form of a PEM encode PKCS#8 files uses the following
headers and footers:
@@ -161,13 +166,6 @@ counts are more secure that those encrypted using the traditional
SSLeay compatible formats. So if additional security is considered
important the keys should be converted.
-The default encryption is only 56 bits because this is the encryption
-that most current implementations of PKCS#8 will support.
-
-Some software may use PKCS#12 password based encryption algorithms
-with PKCS#8 format private keys: these are handled automatically
-but there is no option to produce them.
-
It is possible to write out DER encoded encrypted private keys in
PKCS#8 format because the encryption details are included at an ASN1
level whereas the traditional format includes them at a PEM level.
@@ -228,8 +226,8 @@ Read a DER unencrypted PKCS#8 format private key:
Convert a private key from any PKCS#8 format to traditional format:
openssl pkcs8 -in pk8.pem -out key.pem
-
-Convert a private key to PKCS#8 format, encrypting with AES-256 and with
+
+Convert a private key to PKCS#8 format, encrypting with AES-256 and with
one million iterations of the password:
openssl pkcs8 -in raw.pem -topk8 -v2 aes-256-cbc -iter 1000000 -out pk8.pem
@@ -259,7 +257,7 @@ the old format at present.
=head1 SEE ALSO
L<dsa(1)>, L<rsa(1)>, L<genrsa(1)>,
-L<gendsa(1)>
+L<gendsa(1)>
=head1 HISTORY
diff --git a/engines/afalg/e_afalg.c b/engines/afalg/e_afalg.c
index d8599a1..4c28107 100644
--- a/engines/afalg/e_afalg.c
+++ b/engines/afalg/e_afalg.c
@@ -131,7 +131,7 @@ static int afalg_chk_platform(void);
/* Engine Id and Name */
static const char *engine_afalg_id = "afalg";
-static const char *engine_afalg_name = "AFLAG engine support";
+static const char *engine_afalg_name = "AFALG engine support";
static int afalg_cipher_nids[] = {
NID_aes_128_cbc
More information about the openssl-commits
mailing list