diff options
| author | slontis <shane.lontis@oracle.com> | 2023-08-28 12:47:51 +1000 |
|---|---|---|
| committer | Pauli <pauli@openssl.org> | 2023-09-04 14:15:34 +1000 |
| commit | 3859a027259b5b571eaf5e8cf4c0704611950c2c (patch) | |
| tree | 4abfb601d0be8a7ca2bf0b4032693f01865a3774 /doc | |
| parent | 61cfc22b60e33bc77b1e1944759af48c8e58f0d2 (diff) | |
Change PBES2 KDF default salt length to 16 bytes.
The PKCS5 (RFC 8018) standard uses a 64 bit salt length for PBE, and
recommends a minimum of 64 bits for PBES2. For FIPS compliance PBKDF2
requires a salt length of 128 bits.
This affects OpenSSL command line applications such as "genrsa" and "pkcs8"
and API's such as PEM_write_bio_PrivateKey() that are reliant on the
default salt length.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21858)
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/man3/PKCS5_PBE_keyivgen.pod | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/doc/man3/PKCS5_PBE_keyivgen.pod b/doc/man3/PKCS5_PBE_keyivgen.pod index 72de3153b9..f697628db1 100644 --- a/doc/man3/PKCS5_PBE_keyivgen.pod +++ b/doc/man3/PKCS5_PBE_keyivgen.pod @@ -127,6 +127,12 @@ associated parameters for the PBKDF2 algorithm. PKCS5_pbe_set0_algor() and PKCS5_pbe_set0_algor_ex() set the PBE algorithm OID and parameters into the supplied B<X509_ALGOR>. +If I<salt> is NULL, then I<saltlen> specifies the size in bytes of the random salt to +generate. If I<saltlen> is 0 then a default size is used. +For PBE related functions such as PKCS5_pbe_set_ex() the default salt length is 8 bytes. +For PBE2 related functions that use PBKDF2 such as PKCS5_pbkdf2_set(), +PKCS5_pbe2_set_scrypt() and PKCS5_pbe2_set() the default salt length is 16 bytes. + =head1 NOTES The *_keyivgen() functions are typically used in PKCS#12 to encrypt objects. @@ -165,9 +171,13 @@ PKCS5_pbkdf2_set_ex() were added in OpenSSL 3.0. From OpenSSL 3.0 the PBKDF1 algorithm used in PKCS5_PBE_keyivgen() and PKCS5_PBE_keyivgen_ex() has been moved to the legacy provider as an EVP_KDF. +In OpenSSL 3.2 the default salt length changed from 8 bytes to 16 bytes for PBE2 +related functions such as PKCS5_pbe2_set(). +This is required for PBKDF2 FIPS compliance. + =head1 COPYRIGHT -Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy |