When generating keys with openssl, you have the option to encrypt them. It is done by specifying a cipher algorithm, for example:
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -aes-128-cbc -out key.pem
generates a 2048-bit RSA key and encrypts it with AES in CBC mode. OpenSSL will prompt you to provide a passphrase for the encryption. It is important to understand how that passphrase/password will be used to derive a key for the AES encryption. The whole encryption scheme is defined by something called PBES2 1, which in turn uses PBKDF2. The important factor in the computational complexity of PBKDF2 is the number of hash iterations used.
OpenSSL doesn’t have an option in its command-line utilities to control that number of iterations. However, that number is allowed to change pretty much arbitrarily by the standard, so it is part of the ASN.1 representation of the generated encrypted key.
$ openssl asn1parse -i -in key.pem | head
0:d=0 hl=4 l=1311 cons: SEQUENCE
4:d=1 hl=2 l= 73 cons: SEQUENCE
6:d=2 hl=2 l= 9 prim: OBJECT :PBES2
17:d=2 hl=2 l= 60 cons: SEQUENCE
19:d=3 hl=2 l= 27 cons: SEQUENCE
21:d=4 hl=2 l= 9 prim: OBJECT :PBKDF2
32:d=4 hl=2 l= 14 cons: SEQUENCE
34:d=5 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:F3098873E5AB1A81
44:d=5 hl=2 l= 2 prim: INTEGER :0800
48:d=3 hl=2 l= 29 cons: SEQUENCE
The line saying INTEGER :0800 states the number of iterations used (in hex notation) for the generated key.pem. It means that at least for OpenSSL 1.0.1, the default number of iterations is 0x800=2048. This number is relatively low by modern standards2.