Mercurial Mercurial > upstream > oracle > userland-gate / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/openssl/common/patches/046-pkcs12-default-cipher.patch
branchs11u3-sru
changeset 7163 ee09edbd5876
equal deleted inserted replaced
7159:59b406bc4a3a 7163:ee09edbd5876 
       
     1 #
 
       
     2 # This was developed in house.  The change is internal to Solaris, and
 
       
     3 # it will not be contributed upstream.
 
       
     4 #
 
       
     5 # This patch will change the default cipher used to encrypt certificate
 
       
     6 # to 3DES as RC2 is considered weak cipher. The default cipher for 1.1 will
 
       
     7 # become 3DES.
 
       
     8 #
 
       
     9 --- openssl/apps/pkcs12.c	Tue May  3 06:44:42 2016
 
       
    10 +++ openssl/apps/pkcs12.c.new	Wed May  4 15:11:00 2016
 
       
    11 @@ -142,12 +142,7 @@
 
       
    12      if (!load_config(bio_err, NULL))
 
       
    13          goto end;
 
       
    14  
       
    15 -# ifdef OPENSSL_FIPS
 
       
    16 -    if (FIPS_mode())
 
       
    17 -        cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
 
       
    18 -    else
 
       
    19 -# endif
 
       
    20 -        cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
 
       
    21 +    cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
 
       
    22  
       
    23      args = argv + 1;
 
       
    24  
       
    25 @@ -379,9 +374,9 @@
 
       
    26          BIO_printf(bio_err,
 
       
    27                     "-twopass      separate MAC, encryption passwords\n");
 
       
    28          BIO_printf(bio_err,
 
       
    29 -                   "-descert      encrypt PKCS#12 certificates with triple DES (default RC2-40)\n");
 
       
    30 +                   "-descert      encrypt PKCS#12 certificates with triple DES (default)\n");
 
       
    31          BIO_printf(bio_err,
 
       
    32 -                   "-certpbe alg  specify certificate PBE algorithm (default RC2-40)\n");
 
       
    33 +                   "-certpbe alg  specify certificate PBE algorithm (default 3DES)\n");
 
       
    34          BIO_printf(bio_err,
 
       
    35                     "-keypbe alg   specify private key PBE algorithm (default 3DES)\n");
 
       
    36          BIO_printf(bio_err,
 
       
    37 --- openssl/doc/crypto/PKCS12_create.pod Fri May  6 09:10:00 2016
 
       
    38 +++ openssl/doc/crypto/PKCS12_create.pod Fri May  6 09:14:16 2016
 
       
    39 @@ -30,9 +30,9 @@
 
       
    40  The parameters B<nid_key>, B<nid_cert>, B<iter>, B<mac_iter> and B<keytype>
 
       
    41  can all be set to zero and sensible defaults will be used.
 
       
    42  
       
    43 -These defaults are: 40 bit RC2 encryption for certificates, triple DES
 
       
    44 -encryption for private keys, a key iteration count of PKCS12_DEFAULT_ITER
 
       
    45 -(currently 2048) and a MAC iteration count of 1.
 
       
    46 +These defaults are: triple DES encryption for certificates and private keys,
 
       
    47 +a key iteration count of PKCS12_DEFAULT_ITER (currently 2048) and a MAC
 
       
    48 +iteration count of 1.
 
       
    49  
       
    50  The default MAC iteration count is 1 in order to retain compatibility with
 
       
    51  old software which did not interpret MAC iteration counts. If such compatibility
upstream/oracle/userland-gate