apps/pkcs12.c: Correct default legacy algs and make related doc consistent

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13534)

apps/pkcs12.c

@@ -64,7 +64,13 @@ typedef enum OPTION_choice {
 const OPTIONS pkcs12_options[] = {
     OPT_SECTION("General"),
     {"help", OPT_HELP, '-', "Display this summary"},
-    {"legacy", OPT_LEGACY_ALG, '-', "use legacy algorithms"},
+    {"legacy", OPT_LEGACY_ALG, '-',
+#ifdef OPENSSL_NO_RC2
+     "Use legacy encryption algorithm 3DES_CBC for keys and certs"
+#else
+     "Use legacy encryption: 3DES_CBC for keys, RC2_CBC for certs"
+#endif
+    },
 #ifndef OPENSSL_NO_ENGINE
     {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
 #endif
@@ -116,18 +122,13 @@ const OPTIONS pkcs12_options[] = {
     {"keysig", OPT_KEYSIG, '-', "Set key type to MS key signature"},
 
     OPT_SECTION("PKCS12 output encryption and MAC"),
-#ifndef OPENSSL_NO_RC2
     {"descert", OPT_DESCERT, '-',
      "Encrypt output with 3DES (default PBES2 with PBKDF2 and AES-256 CBC)"},
     {"certpbe", OPT_CERTPBE, 's',
      "Certificate PBE algorithm (default PBES2 with PBKDF2 and AES-256 CBC)"},
-#else
-    {"descert", OPT_DESCERT, '-', "Encrypt output with 3DES (the default)"},
-    {"certpbe", OPT_CERTPBE, 's', "Certificate PBE algorithm (default 3DES)"},
-#endif
-    {"keypbe", OPT_KEYPBE, 's', "Private key PBE algorithm (default 3DES)"},
-    {"iter", OPT_ITER, 'p', "Specify the iteration count for encryption key and MAC"},
-    {"noiter", OPT_NOITER, '-', "Don't use encryption key iteration"},
+    {"keypbe", OPT_KEYPBE, 's', "Private key PBE algorithm (default AES-256 CBC)"},
+    {"iter", OPT_ITER, 'p', "Specify the iteration count for encryption and MAC"},
+    {"noiter", OPT_NOITER, '-', "Don't use encryption iteration"},
     {"maciter", OPT_MACITER, '-', "Unused, kept for backwards compatibility"},
     {"nomaciter", OPT_NOMACITER, '-', "Don't use MAC iteration"},
     {"macalg", OPT_MACALG, 's',
@@ -142,6 +143,8 @@ const OPTIONS pkcs12_options[] = {
     {NULL}
 };
 
+#define PKCS12_DEFAULT_PBE NID_aes_256_cbc
+
 int pkcs12_main(int argc, char **argv)
 {
     char *infile = NULL, *outfile = NULL, *keyname = NULL, *certfile = NULL;
@@ -151,8 +154,8 @@ int pkcs12_main(int argc, char **argv)
     char pass[PASSWD_BUF_SIZE] = "", macpass[PASSWD_BUF_SIZE] = "";
     int export_cert = 0, options = 0, chain = 0, twopass = 0, keytype = 0, use_legacy = 0;
     int iter = PKCS12_DEFAULT_ITER, maciter = PKCS12_DEFAULT_ITER;
-    int cert_pbe = NID_aes_256_cbc;
-    int key_pbe = NID_aes_256_cbc;
+    int cert_pbe = PKCS12_DEFAULT_PBE;
+    int key_pbe = PKCS12_DEFAULT_PBE;
     int ret = 1, macver = 1, add_lmk = 0, private = 0;
     int noprompt = 0;
     char *passinarg = NULL, *passoutarg = NULL, *passarg = NULL;
@@ -164,7 +167,8 @@ int pkcs12_main(int argc, char **argv)
     BIO *in = NULL, *out = NULL;
     PKCS12 *p12 = NULL;
     STACK_OF(OPENSSL_STRING) *canames = NULL;
-    const EVP_CIPHER *enc = EVP_aes_256_cbc();
+    const EVP_CIPHER *const default_enc = EVP_aes_256_cbc();
+    const EVP_CIPHER *enc = default_enc;
     OPTION_CHOICE o;
 
     prog = opt_init(argc, argv, pkcs12_options);
@@ -373,8 +377,8 @@ int pkcs12_main(int argc, char **argv)
             if (!app_provider_load(app_get0_libctx(), "default"))
                 goto end;
         }
-        if (cert_pbe != NID_pbe_WithSHA1And3_Key_TripleDES_CBC) {
-            /* Restore default algorithms */
+        if (cert_pbe == PKCS12_DEFAULT_PBE) {
+            /* Adapt default algorithm */
 #ifndef OPENSSL_NO_RC2
             cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
 #else
@@ -382,8 +386,10 @@ int pkcs12_main(int argc, char **argv)
 #endif
         }
 
-        key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
-        enc = EVP_des_ede3_cbc();
+        if (key_pbe == PKCS12_DEFAULT_PBE)
+            key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+        if (enc == default_enc)
+            enc = EVP_des_ede3_cbc();
     }
 
     if (argc != 0)

doc/man1/openssl-pkcs12.pod.in

@@ -76,6 +76,7 @@ There are a lot of options the meaning of some depends of whether a PKCS#12 file
 is being created or parsed. By default a PKCS#12 file is parsed.
 A PKCS#12 file can be created by using the B<-export> option (see below).
 Many further options such as B<-chain> make sense only with B<-export>.
+The default encryption algorithm is AES-256-CBC with PBKDF2 for key derivation.
 
 =head1 PARSING OPTIONS
 
@@ -134,7 +135,7 @@ Use DES to encrypt private keys before outputting.
 
 =item B<-des3>
 
-Use triple DES to encrypt private keys before outputting, this is the default.
+Use triple DES to encrypt private keys before outputting.
 
 =item B<-idea>
 
@@ -263,7 +264,7 @@ as well as any untrusted CA certificates given with the B<-untrusted> option.
 
 Encrypt the certificate using triple DES, this may render the PKCS#12
 file unreadable by some "export grade" software. By default the private
-key is encrypted using AES and the certificate using triple DES unless
+key and the certificates are encrypted using AES-256-CBC unless
 the '-legacy' option is used. If '-descert' is used with the '-legacy'
 then both, the private key and the certificate are encrypted using triple DES.
 
@@ -405,7 +406,7 @@ Include some extra certificates:
  openssl pkcs12 -export -in file.pem -out file.p12 -name "My Certificate" \
   -certfile othercerts.pem
 
-Export a PKCS#12 file with default encryption algorithms as in the legacy provider:
+Export a PKCS#12 file with default algorithms as in the legacy provider:
 
  openssl pkcs12 -export -in cert.pem -inkey key.pem -out file.p12 -legacy