apps: Change default cipher to aes-256-cbc for req, cms and smime apps

Update `CHANGES.md` and `NEWS.md`; remove `no-des` guard from req, cms,
and smime apps

Update MAN pages for default cipher; fix styling by removing braces around single statements

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25839)

diff --git a/CHANGES.md b/CHANGES.md
index 91a58ff558807e47ca66ec5f86c2f4cb0a908c4b..53d0208ca8abf775802ab996774d3dc205cad2a9 100644 (file)
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -30,6 +30,13 @@ OpenSSL 3.4
 
 ### Changes between 3.4 and 3.5 [xx XXX xxxx]
 
+ * Updated the default encryption cipher for the `req`, `cms`, and `smime` applications
+   from `des-ede3-cbc` to `aes-256-cbc`.
+
+   AES-256 provides a stronger 256-bit key encryption than legacy 3DES.
+
+   *Aditya*
+
  * Enhanced PKCS#7 inner contents verification.
    In the PKCS7_verify() function, the BIO *indata parameter refers to the
    signed data if the content is detached from p7. Otherwise, indata should be

diff --git a/NEWS.md b/NEWS.md
index 37ca24ad769ba6432b0533c03f8eabd5d6590c2a..fb36cc3e8a7aff5d93caaba899de99b26676714b 100644 (file)
--- a/NEWS.md
+++ b/NEWS.md
@@ -33,7 +33,8 @@ This release is in development.
 This release incorporates the following potentially significant or incompatible
 changes:
 
-  * none yet
+  * Default encryption cipher for the `req`, `cms`, and `smime` applications
+    changed from `des-ede3-cbc` to `aes-256-cbc`.
 
 This release adds the following new features:
 

diff --git a/apps/cms.c b/apps/cms.c
index c225f07ac0d98bfca93649abe5804081c96be801..d280b25d43329b43629f12bf04612afe244f8d48 100644 (file)
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -822,15 +822,8 @@ int cms_main(int argc, char **argv)
     }
 
     if (operation == SMIME_ENCRYPT) {
-        if (!cipher) {
-#ifndef OPENSSL_NO_DES
-            cipher = (EVP_CIPHER *)EVP_des_ede3_cbc();
-#else
-            BIO_printf(bio_err, "No cipher selected\n");
-            goto end;
-#endif
-        }
-
+        if (!cipher)
+            cipher = (EVP_CIPHER *)EVP_aes_256_cbc();
         if (secret_key && !secret_keyid) {
             BIO_printf(bio_err, "No secret key id\n");
             goto end;

diff --git a/apps/req.c b/apps/req.c
index 37800b318d3080e726c4a4f5e220ae44a8e1cdf5..c5627ffda54272da9f886450842f8eb0ad4f218e 100644 (file)
--- a/apps/req.c
+++ b/apps/req.c
@@ -275,9 +275,7 @@ int req_main(int argc, char **argv)
     long newkey_len = -1;
     unsigned long chtype = MBSTRING_ASC, reqflag = 0;
 
-#ifndef OPENSSL_NO_DES
-    cipher = (EVP_CIPHER *)EVP_des_ede3_cbc();
-#endif
+    cipher = (EVP_CIPHER *)EVP_aes_256_cbc();
 
     opt_set_unknown_name("digest");
     prog = opt_init(argc, argv, req_options);

diff --git a/apps/smime.c b/apps/smime.c
index d5a4feb489d3f17e9a41705c1f5082efe34f1c3c..132caba2efbea6fe7529c102ef8a2406520b4507 100644 (file)
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -471,14 +471,8 @@ int smime_main(int argc, char **argv)
     }
 
     if (operation == SMIME_ENCRYPT) {
-        if (cipher == NULL) {
-#ifndef OPENSSL_NO_DES
-            cipher = (EVP_CIPHER *)EVP_des_ede3_cbc();
-#else
-            BIO_printf(bio_err, "No cipher selected\n");
-            goto end;
-#endif
-        }
+        if (cipher == NULL)
+            cipher = (EVP_CIPHER *)EVP_aes_256_cbc();
         encerts = sk_X509_new_null();
         if (encerts == NULL)
             goto end;

diff --git a/doc/man1/openssl-cms.pod.in b/doc/man1/openssl-cms.pod.in
index da819a047bcbaa2f42a8774f24fb796a0627d3bf..f6b3a4c7d6f457047ee18443ff7804ef4e5422b7 100644 (file)
--- a/doc/man1/openssl-cms.pod.in
+++ b/doc/man1/openssl-cms.pod.in
@@ -406,16 +406,16 @@ One or more certificate filenames may be given.
 
 =item B<-I<cipher>>
 
-The encryption algorithm to use. For example triple DES (168 bits) - B<-des3>
-or 256 bit AES - B<-aes256>. Any standard algorithm name (as used by the
+The encryption algorithm to use. For example, AES (256 bits) - B<-aes256>
+or triple DES (168 bits) - B<-des3>. Any standard algorithm name (as used by the
 EVP_get_cipherbyname() function) can also be used preceded by a dash, for
 example B<-aes-128-cbc>. See L<openssl-enc(1)> for a list of ciphers
 supported by your version of OpenSSL.
 
-Currently the AES variants with GCM mode are the only supported AEAD
+Currently, the AES variants with GCM mode are the only supported AEAD
 algorithms.
 
-If not specified triple DES is used. Only used with B<-encrypt> and
+If not specified, AES-256-CBC is used as the default. Only used with B<-encrypt> and
 B<-EncryptedData_create> commands.
 
 =item B<-wrap> I<cipher>
@@ -896,6 +896,8 @@ L<ossl_store-file(7)>
 
 =head1 HISTORY
 
+The default encryption cipher was changed from 3DES to AES-256 in OpenSSL 3.5.
+
 The use of multiple B<-signer> options and the B<-resign> command were first
 added in OpenSSL 1.0.0.
 

diff --git a/doc/man1/openssl-req.pod.in b/doc/man1/openssl-req.pod.in
index 5cb3004d3f921db6633bef00349e1203fbb1188c..f49730e4548d5dc27f6603b93702c1b67a289283 100644 (file)
--- a/doc/man1/openssl-req.pod.in
+++ b/doc/man1/openssl-req.pod.in
@@ -90,8 +90,7 @@ The data is a PKCS#10 object.
 =item B<-cipher> I<name>
 
 Specify the cipher to be used for encrypting the private key.
-The default cipher is 3DES (DES-EDE3-CBC).
-If no cipher is specified, 3DES will be used by default.
+If no cipher is specified, AES-256-CBC will be used by default.
 You can override this by providing any valid OpenSSL cipher name.
 
 =item B<-in> I<filename>
@@ -836,6 +835,8 @@ L<x509v3_config(5)>
 
 =head1 HISTORY
 
+The default encryption cipher was changed from 3DES to AES-256 in OpenSSL 3.5.
+
 The B<-section> option was added in OpenSSL 3.0.0.
 
 The B<-multivalue-rdn> option has become obsolete in OpenSSL 3.0.0 and

diff --git a/doc/man1/openssl-smime.pod.in b/doc/man1/openssl-smime.pod.in
index 330ddf2f875c9e152c39977a2a6f409e2a820c6f..845fb74e31ef6678d0ee66cd6c1f56d451f43f1c 100644 (file)
--- a/doc/man1/openssl-smime.pod.in
+++ b/doc/man1/openssl-smime.pod.in
@@ -167,13 +167,13 @@ default digest algorithm for the signing key will be used (usually SHA1).
 
 =item B<-I<cipher>>
 
-The encryption algorithm to use. For example DES  (56 bits) - B<-des>,
-triple DES (168 bits) - B<-des3>,
-EVP_get_cipherbyname() function) can also be used preceded by a dash, for
-example B<-aes-128-cbc>. See L<openssl-enc(1)> for list of ciphers
-supported by your version of OpenSSL.
+The encryption algorithm to use. For example, DES (56 bits) - B<-des>,
+triple DES (168 bits) - B<-des3>, or AES (256 bits) - B<-aes256>.
+Any standard algorithm name (as used by the EVP_get_cipherbyname() function)
+can also be used, preceded by a dash, for example B<-aes-128-cbc>.
+See L<openssl-enc(1)> for a list of ciphers supported by your version of OpenSSL.
 
-If not specified triple DES is used. Only used with B<-encrypt>.
+If not specified, AES-256-CBC is used as the default. Only used with B<-encrypt>.
 
 =item B<-nointern>
 
@@ -468,6 +468,8 @@ L<ossl_store-file(7)>
 
 =head1 HISTORY
 
+The default encryption cipher was changed from 3DES to AES-256 in OpenSSL 3.5.
+
 The use of multiple B<-signer> options and the B<-resign> command were first
 added in OpenSSL 1.0.0