HomePhabricator

pki_crypto: Use the new OpenSSL API to write new PKCS#8 PEM files

Authored by Jakuje on May 23 2019, 11:30 AM.

Description

pki_crypto: Use the new OpenSSL API to write new PKCS#8 PEM files

Since OpenSSL 1.0.0, the "traditional" PEM format was deprecated
in favor of the PKCS#8 PEM files which is more standardized,
more secure and does not depend on the MD5 hash, which is not
available for example in FIPS mode.

This requires using the new EVP_PKEY API for reading private key
blobs.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>

Details

Committed
asnJun 12 2019, 10:41 AM
Parents
rLIBSSHee456104f16b: session: Do not use MD5 in FIPS mode
Branches
Unknown
Tags
Unknown