requires a salt length of 128 bits. This affects OpenSSL command line
applications such as "genrsa" and "pkcs8" and API's such as
PEM_write_bio_PrivateKey() that are reliant on the default value.
+ The additional commandline option 'saltlen' has been added to the
+ OpenSSL command line applications for "pkcs8" and "enc" to allow the
+ salt length to be set to a non default value.
*Shane Lontis*
OPT_NOPAD, OPT_SALT, OPT_NOSALT, OPT_DEBUG, OPT_UPPER_P, OPT_UPPER_A,
OPT_A, OPT_Z, OPT_BUFSIZE, OPT_K, OPT_KFILE, OPT_UPPER_K, OPT_NONE,
OPT_UPPER_S, OPT_IV, OPT_MD, OPT_ITER, OPT_PBKDF2, OPT_CIPHER,
- OPT_R_ENUM, OPT_PROV_ENUM
+ OPT_SALTLEN, OPT_R_ENUM, OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS enc_options[] = {
{OPT_MORE_STR, 0, 0,
"Use -iter to change the iteration count from " STR(PBKDF2_ITER_DEFAULT)},
{"none", OPT_NONE, '-', "Don't encrypt"},
+ {"saltlen", OPT_SALTLEN, 'p', "Specify the PBKDF2 salt length (in bytes)"},
+ {OPT_MORE_STR, 0, 0, "Default: 16"},
#ifndef OPENSSL_NO_ZLIB
{"z", OPT_Z, '-', "Compress or decompress encrypted data using zlib"},
#endif
int base64 = 0, informat = FORMAT_BINARY, outformat = FORMAT_BINARY;
int ret = 1, inl, nopad = 0;
unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
- unsigned char *buff = NULL, salt[PKCS5_SALT_LEN];
+ unsigned char *buff = NULL, salt[EVP_MAX_IV_LENGTH];
+ int saltlen = 0;
int pbkdf2 = 0;
int iter = 0;
long n;
iter = opt_int_arg();
pbkdf2 = 1;
break;
+ case OPT_SALTLEN:
+ if (!opt_int(opt_arg(), &saltlen))
+ goto opthelp;
+ if (saltlen > (int)sizeof(salt))
+ saltlen = (int)sizeof(salt);
+ break;
case OPT_PBKDF2:
pbkdf2 = 1;
if (iter == 0) /* do not overwrite a chosen value */
goto opthelp;
if (!app_RAND_load())
goto end;
+ if (saltlen == 0 || pbkdf2 == 0)
+ saltlen = PKCS5_SALT_LEN;
/* Get the cipher name, either from progname (if set) or flag. */
if (!opt_cipher(ciphername, &cipher))
if (nosalt) {
sptr = NULL;
} else {
- if (hsalt != NULL && !set_hex(hsalt, salt, sizeof(salt))) {
+ if (hsalt != NULL && !set_hex(hsalt, salt, saltlen)) {
BIO_printf(bio_err, "invalid hex salt value\n");
goto end;
}
if (enc) { /* encryption */
if (hsalt == NULL) {
- if (RAND_bytes(salt, sizeof(salt)) <= 0) {
+ if (RAND_bytes(salt, saltlen) <= 0) {
BIO_printf(bio_err, "RAND_bytes failed\n");
goto end;
}
sizeof(magic) - 1) != sizeof(magic) - 1
|| BIO_write(wbio,
(char *)salt,
- sizeof(salt)) != sizeof(salt))) {
+ saltlen) != saltlen)) {
BIO_printf(bio_err, "error writing output file\n");
goto end;
}
}
if (memcmp(mbuf, magic, sizeof(mbuf)) == 0) { /* file IS salted */
if (BIO_read(rbio, salt,
- sizeof(salt)) != sizeof(salt)) {
+ saltlen) != saltlen) {
BIO_printf(bio_err, "error reading input file\n");
goto end;
}
int iklen = EVP_CIPHER_get_key_length(cipher);
int ivlen = EVP_CIPHER_get_iv_length(cipher);
/* not needed if HASH_UPDATE() is fixed : */
- int islen = (sptr != NULL ? sizeof(salt) : 0);
+ int islen = (sptr != NULL ? saltlen : 0);
+
if (!PKCS5_PBKDF2_HMAC(str, str_len, sptr, islen,
iter, dgst, iklen+ivlen, tmpkeyiv)) {
BIO_printf(bio_err, "PKCS5_PBKDF2_HMAC failed\n");
if (printkey) {
if (!nosalt) {
printf("salt=");
- for (i = 0; i < (int)sizeof(salt); i++)
+ for (i = 0; i < (int)saltlen; i++)
printf("%02X", salt[i]);
printf("\n");
}
[B<-md> I<digest>]
[B<-iter> I<count>]
[B<-pbkdf2>]
+[B<-saltlen> I<size>]
[B<-p>]
[B<-P>]
[B<-bufsize> I<number>]
Use PBKDF2 algorithm with a default iteration count of 10000
unless otherwise specified by the B<-iter> command line option.
+=item B<-saltlen>
+
+Set the salt length to use when using the B<-pbkdf2> option.
+For compatibility reasons, the default is 8 bytes.
+The maximum value is currently 16 bytes.
+If the B<-pbkdf2> option is not used, then this option is ignored
+and a fixed salt length of 8 is used. The salt length used when
+encrypting must also be used when decrypting.
+
=item B<-nosalt>
Don't use a salt in the key derivation routines. This option B<SHOULD NOT> be
The actual salt to use: this must be represented as a string of hex digits.
If this option is used while encrypting, the same exact value will be needed
-again during decryption.
+again during decryption. This salt may be truncated or zero padded to
+match the salt length (See B<-saltlen>).
=item B<-K> I<key>
The B<-ciphers> and B<-engine> options were deprecated in OpenSSL 3.0.
+The B<-saltlen> option was added in OpenSSL 3.2.
+
=head1 COPYRIGHT
-Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
|rc2|rc4|seed)/x} @ciphers
if disabled("legacy");
-plan tests => 2 + (scalar @ciphers)*2;
+plan tests => 5 + (scalar @ciphers)*2;
SKIP: {
skip "Problems getting ciphers...", 1 + scalar(@ciphers)
&& compare_text($test,$clearfile) == 0, $t);
}
}
+ ok(run(app([$cmd, "enc", "-in", $test, "-aes256", "-pbkdf2", "-out",
+ "salted_default.cipher", "-pass", "pass:password"]))
+ && run(app([$cmd, "enc", "-d", "-in", "salted_default.cipher", "-aes256", "-pbkdf2",
+ "-saltlen", "8", "-out", "salted_default.clear", "-pass", "pass:password"]))
+ && compare_text($test,"salted_default.clear") == 0,
+ "Check that the default salt length of 8 bytes is used for PKDF2");
+
+ ok(!run(app([$cmd, "enc", "-d", "-in", "salted_default.cipher", "-aes256", "-pbkdf2",
+ "-saltlen", "16", "-out", "salted_fail.clear", "-pass", "pass:password"])),
+ "Check the decrypt fails if the saltlen is incorrect");
+
+ ok(run(app([$cmd, "enc", "-in", $test, "-aes256", "-pbkdf2", "-saltlen", "16",
+ "-out", "salted.cipher", "-pass", "pass:password"]))
+ && run(app([$cmd, "enc", "-d", "-in", "salted.cipher", "-aes256", "-pbkdf2",
+ "-saltlen", "16", "-out", "salted.clear", "-pass", "pass:password"]))
+ && compare_text($test,"salted.clear") == 0,
+ "Check that we can still use a salt length of 16 bytes for PKDF2");
+
}
'-in', 'pbe1.pem',
'-offset', '19', '-length', '10']))),
"Check the default size of the PBE PARAM 'salt length' = 8");
-
+
ok(run(app(([ 'openssl', 'pkcs8', '-topk8',
'-in', srctop_file('test', 'certs', 'pc5-key.pem'),
'-v1', "PBE-MD5-DES",
projects / thirdparty / openssl.git / commitdiff
