diff options
| author | Shane Lontis <shane.lontis@oracle.com> | 2019-05-03 13:04:58 +1000 |
|---|---|---|
| committer | Shane Lontis <shane.lontis@oracle.com> | 2019-06-11 20:40:07 +1000 |
| commit | f0efeea29eca6e528a976f62ae2422eee34ea0eb (patch) | |
| tree | 468ae2e94d4aaf2cd9bc2972d97f447117da68af /CHANGES | |
| parent | 83b4a24384e62ed8cf91f51bf9a303f98017e13e (diff) | |
PBKDF2 updates to conform to SP800-132
The existing code used PKCS5 specifications.
SP800-132 adds the following additional constraints for:
- the range of the key length.
- the minimum iteration count (1000 recommended).
- salt length (at least 128 bits).
These additional constraints may cause errors (in scrypt, and
some PKCS5 related test vectors). To disable the new
constraints use the new ctrl string "pkcs5".
For backwards compatability, the checks are only enabled by
default for fips mode.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8868)
Diffstat (limited to 'CHANGES')
| -rw-r--r-- | CHANGES | 11 |
1 files changed, 10 insertions, 1 deletions
@@ -9,6 +9,15 @@ Changes between 1.1.1 and 3.0.0 [xx XXX xxxx] + *) Change PBKDF2 to conform to SP800-132 instead of the older PKCS5 RFC2898. + This checks that the salt length is at least 128 bits, the derived key + length is at least 112 bits, and that the iteration count is at least 1000. + For backwards compatibility these checks are disabled by default in the + default provider, but are enabled by default in the fips provider. + To enable or disable these checks use the control + EVP_KDF_CTRL_SET_PBKDF2_PKCS5_MODE. + [Shane Lontis] + *) Default cipher lists/suites are now avaialble via a function, the #defines are deprecated. [Todd Short] @@ -30,7 +39,7 @@ *) Added command 'openssl kdf' that uses the EVP_KDF API. [Shane Lontis] - *) Added command 'openssl mac' that uses the EVP_MAC API. + *) Added command 'openssl mac' that uses the EVP_MAC API. [Shane Lontis] *) Added OPENSSL_info() to get diverse built-in OpenSSL data, such |