diff options
| author | Sumitra Sharma <sumitraartsy@gmail.com> | 2023-10-03 09:28:44 +0530 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2023-10-04 12:20:31 +0200 |
| commit | ffef6d8f4da20a448421566f63e3283e0986c75b (patch) | |
| tree | 28e1fb64650ef0165cac4e002051aebb56832e2c /doc | |
| parent | f11f24e79ddcb6f3567cf36ceeafe2c713b566f8 (diff) | |
Correct documentation for PKCS5_PBKDF2_HMAC
In OpenSSL 3.x, the documentation for PKCS5_PBKDF2_HMAC incorrectly states
that an iter value less than 1 is treated as a single iteration. Upon further
investigation in providers/implementations/kdfs/pbkdf2.c, it appears that
invalid iter values will result in failure and raise the
PROV_R_INVALID_ITERATION_COUNT error. This commit corrects the documentation
to accurately reflect the behavior in OpenSSL 3.x.
Closes openssl#22168
Signed-off-by: Sumitra Sharma <sumitraartsy@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22252)
(cherry picked from commit 82496b8663f20ff12f02adbe46a060a94b0cbfc5)
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/man3/PKCS5_PBKDF2_HMAC.pod | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/doc/man3/PKCS5_PBKDF2_HMAC.pod b/doc/man3/PKCS5_PBKDF2_HMAC.pod index 0984e993da..3da271bdbf 100644 --- a/doc/man3/PKCS5_PBKDF2_HMAC.pod +++ b/doc/man3/PKCS5_PBKDF2_HMAC.pod @@ -33,7 +33,8 @@ be NULL terminated. B<iter> is the iteration count and its value should be greater than or equal to 1. RFC 2898 suggests an iteration count of at least 1000. Any -B<iter> less than 1 is treated as a single iteration. +B<iter> value less than 1 is invalid; such values will result in failure +and raise the PROV_R_INVALID_ITERATION_COUNT error. B<digest> is the message digest function used in the derivation. PKCS5_PBKDF2_HMAC_SHA1() calls PKCS5_PBKDF2_HMAC() with EVP_sha1(). |