git.ipfire.org Git - thirdparty/openssl.git/commit

author	Dimitri John Ledkov <dimitri.ledkov@surgut.co.uk>
	Mon, 7 Oct 2024 00:59:48 +0000 (01:59 +0100)
committer	Pauli <paul.dale@oracle.com>
	Tue, 25 Nov 2025 21:48:02 +0000 (08:48 +1100)
commit	71ed0fc8b3cdb33cd06059416686f8972ede0248
tree	4da6d329e6b329493674ebafa36ad56fb44e144b	tree
parent	abcf402a6cef8bdebf45b3cd8129e0e84da20f60	commit \| diff

pbkdf2: enable setting minimum password length at build time

This is required for FIPS, allow to customize minimum password length,
allow opting in doing the same for the default provider too.

Set FIPS provider default to minimum length of 8, and default provider
to 0. Controlled by -no_pbkdf2_lower_bound_check and indicated with
fips-approved indicator.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25621)

crypto/err/openssl.txt		diff \| blob \| blame \| history
doc/man7/EVP_KDF-PBKDF2.pod		diff \| blob \| blame \| history
include/openssl/proverr.h		diff \| blob \| blame \| history
providers/common/provider_err.c		diff \| blob \| blame \| history
providers/implementations/kdfs/pbkdf2.c		diff \| blob \| blame \| history
test/recipes/30-test_evp_data/evpkdf_pbkdf2.txt		diff \| blob \| blame \| history