git.ipfire.org Git - thirdparty/openssl.git/commit

]> git.ipfire.org Git - thirdparty/openssl.git/commit

projects / thirdparty / openssl.git / commit

author	slontis <shane.lontis@oracle.com>
	Mon, 28 Aug 2023 02:47:51 +0000 (12:47 +1000)
committer	Pauli <pauli@openssl.org>
	Mon, 4 Sep 2023 04:15:34 +0000 (14:15 +1000)
commit	3859a027259b5b571eaf5e8cf4c0704611950c2c
tree	4abfb601d0be8a7ca2bf0b4032693f01865a3774	tree \| snapshot
parent	61cfc22b60e33bc77b1e1944759af48c8e58f0d2	commit \| diff

Change PBES2 KDF default salt length to 16 bytes.

The PKCS5 (RFC 8018) standard uses a 64 bit salt length for PBE, and
recommends a minimum of 64 bits for PBES2. For FIPS compliance PBKDF2
requires a salt length of 128 bits.
This affects OpenSSL command line applications such as "genrsa" and "pkcs8"
and API's such as PEM_write_bio_PrivateKey() that are reliant on the
default salt length.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21858)

CHANGES.md		diff \| blob \| blame \| history
crypto/asn1/p5_pbe.c		diff \| blob \| blame \| history
crypto/asn1/p5_pbev2.c		diff \| blob \| blame \| history
crypto/asn1/p5_scrypt.c		diff \| blob \| blame \| history
doc/man3/PKCS5_PBE_keyivgen.pod		diff \| blob \| blame \| history
include/crypto/evp.h		diff \| blob \| blame \| history
test/recipes/15-test_genrsa.t		diff \| blob \| blame \| history
test/recipes/25-test_pkcs8.t		diff \| blob \| blame \| history

A mirror of the official openssl repository

RSS Atom