pkcs12: increase macsaltlen from 8 to 16 as per NIST SP 800-132
Align PKCS12 PBMAC1 PBKDF2 salt length with
PKCS5_DEFAULT_PBE2_SALT_LEN.
With this change, newly created PKCS12 PBMAC1 PBKDF2 keystores use mac
salt length of 16 bytes by default. This increases interoperability
with FIPS implementations which require at least 16 bytes of salt
length. Otherwise FIPS implementations fail to to open keystore with
invalid salt length errors (unapproved):
Mac verify error: invalid password?
80EBD061AD7F0000:error:
1C800070:Provider routines:kdf_pbkdf2_set_ctx_params:invalid salt length:providers/implementations/kdfs/pbkdf2.c:293:
80EBD061AD7F0000:error:
118C0103:PKCS12 routines:PBMAC1_PBKDF2_HMAC:internal error:crypto/pkcs12/p12_mutl.c:143:
80EBD061AD7F0000:error:
1180006D:PKCS12 routines:PKCS12_verify_mac:mac generation error:crypto/pkcs12/p12_mutl.c:324:
80EBD061AD7F0000:error:
1C800070:Provider routines:kdf_pbkdf2_set_ctx_params:invalid salt length:providers/implementations/kdfs/pbkdf2.c:293:
80EBD061AD7F0000:error:
118C0103:PKCS12 routines:PBMAC1_PBKDF2_HMAC:internal error:crypto/pkcs12/p12_mutl.c:143:
80EBD061AD7F0000:error:
1180006D:PKCS12 routines:PKCS12_verify_mac:mac generation error:crypto/pkcs12/p12_mutl.c:324:
The compile time constant is made possible to override with a build
time define, such that one can revert back to 8 if so is needed for
backwards compatibility.
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27446)
projects / thirdparty / openssl.git / commit
