git.ipfire.org Git - thirdparty/openssl.git/commit

]> git.ipfire.org Git - thirdparty/openssl.git/commit

projects / thirdparty / openssl.git / commit

author	Shane Lontis <shane.lontis@oracle.com>
	Fri, 3 May 2019 03:04:58 +0000 (13:04 +1000)
committer	Shane Lontis <shane.lontis@oracle.com>
	Tue, 11 Jun 2019 10:40:07 +0000 (20:40 +1000)
commit	f0efeea29eca6e528a976f62ae2422eee34ea0eb
tree	468ae2e94d4aaf2cd9bc2972d97f447117da68af	tree \| snapshot
parent	83b4a24384e62ed8cf91f51bf9a303f98017e13e	commit \| diff

PBKDF2 updates to conform to SP800-132

The existing code used PKCS5 specifications.
SP800-132 adds the following additional constraints for:
  - the range of the key length.
  - the minimum iteration count (1000 recommended).
  - salt length (at least 128 bits).
These additional constraints may cause errors (in scrypt, and
some PKCS5 related test vectors). To disable the new
constraints use the new ctrl string "pkcs5".
For backwards compatability, the checks are only enabled by
default for fips mode.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8868)

CHANGES		diff \| blob \| blame \| history
crypto/err/openssl.txt		diff \| blob \| blame \| history
crypto/evp/p5_crpt2.c		diff \| blob \| blame \| history
crypto/kdf/kdf_err.c		diff \| blob \| blame \| history
crypto/kdf/pbkdf2.c		diff \| blob \| blame \| history
doc/man7/EVP_KDF_PBKDF2.pod		diff \| blob \| blame \| history
include/openssl/kdf.h		diff \| blob \| blame \| history
include/openssl/kdferr.h		diff \| blob \| blame \| history
test/evp_kdf_test.c		diff \| blob \| blame \| history
test/recipes/20-test_kdf.t		diff \| blob \| blame \| history
test/recipes/30-test_evp_data/evpkdf.txt		diff \| blob \| blame \| history

A mirror of the official openssl repository

RSS Atom