From 539b17b6580f2ca235b5e1db529e87793b8a807c Mon Sep 17 00:00:00 2001 From: Aditya Date: Thu, 31 Oct 2024 17:34:28 +0530 Subject: [PATCH] apps: Change default cipher to aes-256-cbc for req, cms and smime apps Update `CHANGES.md` and `NEWS.md`; remove `no-des` guard from req, cms, and smime apps Update MAN pages for default cipher; fix styling by removing braces around single statements Reviewed-by: Matt Caswell Reviewed-by: Dmitry Belyavskiy Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/25839) --- CHANGES.md | 7 +++++++ NEWS.md | 3 ++- apps/cms.c | 11 ++--------- apps/req.c | 4 +--- apps/smime.c | 10 ++-------- doc/man1/openssl-cms.pod.in | 10 ++++++---- doc/man1/openssl-req.pod.in | 5 +++-- doc/man1/openssl-smime.pod.in | 14 ++++++++------ 8 files changed, 31 insertions(+), 33 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 91a58ff558807..53d0208ca8abf 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -30,6 +30,13 @@ OpenSSL 3.4 ### Changes between 3.4 and 3.5 [xx XXX xxxx] + * Updated the default encryption cipher for the `req`, `cms`, and `smime` applications + from `des-ede3-cbc` to `aes-256-cbc`. + + AES-256 provides a stronger 256-bit key encryption than legacy 3DES. + + *Aditya* + * Enhanced PKCS#7 inner contents verification. In the PKCS7_verify() function, the BIO *indata parameter refers to the signed data if the content is detached from p7. Otherwise, indata should be diff --git a/NEWS.md b/NEWS.md index 37ca24ad769ba..fb36cc3e8a7af 100644 --- a/NEWS.md +++ b/NEWS.md @@ -33,7 +33,8 @@ This release is in development. This release incorporates the following potentially significant or incompatible changes: - * none yet + * Default encryption cipher for the `req`, `cms`, and `smime` applications + changed from `des-ede3-cbc` to `aes-256-cbc`. This release adds the following new features: diff --git a/apps/cms.c b/apps/cms.c index c225f07ac0d98..d280b25d43329 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -822,15 +822,8 @@ int cms_main(int argc, char **argv) } if (operation == SMIME_ENCRYPT) { - if (!cipher) { -#ifndef OPENSSL_NO_DES - cipher = (EVP_CIPHER *)EVP_des_ede3_cbc(); -#else - BIO_printf(bio_err, "No cipher selected\n"); - goto end; -#endif - } - + if (!cipher) + cipher = (EVP_CIPHER *)EVP_aes_256_cbc(); if (secret_key && !secret_keyid) { BIO_printf(bio_err, "No secret key id\n"); goto end; diff --git a/apps/req.c b/apps/req.c index 37800b318d308..c5627ffda5427 100644 --- a/apps/req.c +++ b/apps/req.c @@ -275,9 +275,7 @@ int req_main(int argc, char **argv) long newkey_len = -1; unsigned long chtype = MBSTRING_ASC, reqflag = 0; -#ifndef OPENSSL_NO_DES - cipher = (EVP_CIPHER *)EVP_des_ede3_cbc(); -#endif + cipher = (EVP_CIPHER *)EVP_aes_256_cbc(); opt_set_unknown_name("digest"); prog = opt_init(argc, argv, req_options); diff --git a/apps/smime.c b/apps/smime.c index d5a4feb489d3f..132caba2efbea 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -471,14 +471,8 @@ int smime_main(int argc, char **argv) } if (operation == SMIME_ENCRYPT) { - if (cipher == NULL) { -#ifndef OPENSSL_NO_DES - cipher = (EVP_CIPHER *)EVP_des_ede3_cbc(); -#else - BIO_printf(bio_err, "No cipher selected\n"); - goto end; -#endif - } + if (cipher == NULL) + cipher = (EVP_CIPHER *)EVP_aes_256_cbc(); encerts = sk_X509_new_null(); if (encerts == NULL) goto end; diff --git a/doc/man1/openssl-cms.pod.in b/doc/man1/openssl-cms.pod.in index da819a047bcba..f6b3a4c7d6f45 100644 --- a/doc/man1/openssl-cms.pod.in +++ b/doc/man1/openssl-cms.pod.in @@ -406,16 +406,16 @@ One or more certificate filenames may be given. =item B<-I> -The encryption algorithm to use. For example triple DES (168 bits) - B<-des3> -or 256 bit AES - B<-aes256>. Any standard algorithm name (as used by the +The encryption algorithm to use. For example, AES (256 bits) - B<-aes256> +or triple DES (168 bits) - B<-des3>. Any standard algorithm name (as used by the EVP_get_cipherbyname() function) can also be used preceded by a dash, for example B<-aes-128-cbc>. See L for a list of ciphers supported by your version of OpenSSL. -Currently the AES variants with GCM mode are the only supported AEAD +Currently, the AES variants with GCM mode are the only supported AEAD algorithms. -If not specified triple DES is used. Only used with B<-encrypt> and +If not specified, AES-256-CBC is used as the default. Only used with B<-encrypt> and B<-EncryptedData_create> commands. =item B<-wrap> I @@ -896,6 +896,8 @@ L =head1 HISTORY +The default encryption cipher was changed from 3DES to AES-256 in OpenSSL 3.5. + The use of multiple B<-signer> options and the B<-resign> command were first added in OpenSSL 1.0.0. diff --git a/doc/man1/openssl-req.pod.in b/doc/man1/openssl-req.pod.in index 5cb3004d3f921..f49730e4548d5 100644 --- a/doc/man1/openssl-req.pod.in +++ b/doc/man1/openssl-req.pod.in @@ -90,8 +90,7 @@ The data is a PKCS#10 object. =item B<-cipher> I Specify the cipher to be used for encrypting the private key. -The default cipher is 3DES (DES-EDE3-CBC). -If no cipher is specified, 3DES will be used by default. +If no cipher is specified, AES-256-CBC will be used by default. You can override this by providing any valid OpenSSL cipher name. =item B<-in> I @@ -836,6 +835,8 @@ L =head1 HISTORY +The default encryption cipher was changed from 3DES to AES-256 in OpenSSL 3.5. + The B<-section> option was added in OpenSSL 3.0.0. The B<-multivalue-rdn> option has become obsolete in OpenSSL 3.0.0 and diff --git a/doc/man1/openssl-smime.pod.in b/doc/man1/openssl-smime.pod.in index 330ddf2f875c9..845fb74e31ef6 100644 --- a/doc/man1/openssl-smime.pod.in +++ b/doc/man1/openssl-smime.pod.in @@ -167,13 +167,13 @@ default digest algorithm for the signing key will be used (usually SHA1). =item B<-I> -The encryption algorithm to use. For example DES (56 bits) - B<-des>, -triple DES (168 bits) - B<-des3>, -EVP_get_cipherbyname() function) can also be used preceded by a dash, for -example B<-aes-128-cbc>. See L for list of ciphers -supported by your version of OpenSSL. +The encryption algorithm to use. For example, DES (56 bits) - B<-des>, +triple DES (168 bits) - B<-des3>, or AES (256 bits) - B<-aes256>. +Any standard algorithm name (as used by the EVP_get_cipherbyname() function) +can also be used, preceded by a dash, for example B<-aes-128-cbc>. +See L for a list of ciphers supported by your version of OpenSSL. -If not specified triple DES is used. Only used with B<-encrypt>. +If not specified, AES-256-CBC is used as the default. Only used with B<-encrypt>. =item B<-nointern> @@ -468,6 +468,8 @@ L =head1 HISTORY +The default encryption cipher was changed from 3DES to AES-256 in OpenSSL 3.5. + The use of multiple B<-signer> options and the B<-resign> command were first added in OpenSSL 1.0.0