diff options
author | slontis <shane.lontis@oracle.com> | 2023-08-28 12:47:51 +1000 |
---|---|---|
committer | Pauli <pauli@openssl.org> | 2023-09-04 14:15:34 +1000 |
commit | 3859a027259b5b571eaf5e8cf4c0704611950c2c (patch) | |
tree | 4abfb601d0be8a7ca2bf0b4032693f01865a3774 /include | |
parent | 61cfc22b60e33bc77b1e1944759af48c8e58f0d2 (diff) |
Change PBES2 KDF default salt length to 16 bytes.
The PKCS5 (RFC 8018) standard uses a 64 bit salt length for PBE, and
recommends a minimum of 64 bits for PBES2. For FIPS compliance PBKDF2
requires a salt length of 128 bits.
This affects OpenSSL command line applications such as "genrsa" and "pkcs8"
and API's such as PEM_write_bio_PrivateKey() that are reliant on the
default salt length.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21858)
Diffstat (limited to 'include')
-rw-r--r-- | include/crypto/evp.h | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/include/crypto/evp.h b/include/crypto/evp.h index 566b7889db..9605c9daa5 100644 --- a/include/crypto/evp.h +++ b/include/crypto/evp.h @@ -17,6 +17,15 @@ # include "crypto/ecx.h" /* + * Default PKCS5 PBE KDF salt lengths + * In RFC 8018, PBE1 uses 8 bytes (64 bits) for its salt length. + * It also specifies to use at least 8 bytes for PBES2. + * The NIST requirement for PBKDF2 is 128 bits so we use this as the + * default for PBE2 (scrypt and HKDF2) + */ +# define PKCS5_DEFAULT_PBE1_SALT_LEN PKCS5_SALT_LEN +# define PKCS5_DEFAULT_PBE2_SALT_LEN 16 +/* * Don't free up md_ctx->pctx in EVP_MD_CTX_reset, use the reserved flag * values in evp.h */ |