HomePhabricator

pki_crypto: Use the new OpenSSL API to write new PKCS#8 PEM files

Description

pki_crypto: Use the new OpenSSL API to write new PKCS#8 PEM files

Since OpenSSL 1.0.0, the "traditional" PEM format was deprecated
in favor of the PKCS#8 PEM files which is more standardized,
more secure and does not depend on the MD5 hash, which is not
available for example in FIPS mode.

This requires using the new EVP_PKEY API for reading private key
blobs.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>

Details

Provenance
JakujeAuthored on May 23 2019, 11:30 AM
asnCommitted on Jun 12 2019, 10:41 AM
Parents
rLIBSSHee456104f16b: session: Do not use MD5 in FIPS mode
Branches
Unknown
Tags
Unknown