diff options
| author | slontis <shane.lontis@oracle.com> | 2023-08-28 12:47:51 +1000 |
|---|---|---|
| committer | Pauli <pauli@openssl.org> | 2023-09-04 14:15:34 +1000 |
| commit | 3859a027259b5b571eaf5e8cf4c0704611950c2c (patch) | |
| tree | 4abfb601d0be8a7ca2bf0b4032693f01865a3774 /CHANGES.md | |
| parent | 61cfc22b60e33bc77b1e1944759af48c8e58f0d2 (diff) | |
| download | openssl-3859a027259b5b571eaf5e8cf4c0704611950c2c.tar.gz | |
Change PBES2 KDF default salt length to 16 bytes.
The PKCS5 (RFC 8018) standard uses a 64 bit salt length for PBE, and
recommends a minimum of 64 bits for PBES2. For FIPS compliance PBKDF2
requires a salt length of 128 bits.
This affects OpenSSL command line applications such as "genrsa" and "pkcs8"
and API's such as PEM_write_bio_PrivateKey() that are reliant on the
default salt length.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21858)
Diffstat (limited to 'CHANGES.md')
| -rw-r--r-- | CHANGES.md | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/CHANGES.md b/CHANGES.md index 78e74c41fa..8f1e757f8c 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -25,6 +25,16 @@ OpenSSL 3.2 ### Changes between 3.1 and 3.2 [xx XXX xxxx] + * Changed the default salt length used by PBES2 KDF's (PBKDF2 and scrypt) + from 8 bytes to 16 bytes. + The PKCS5 (RFC 8018) standard uses a 64 bit salt length for PBE, and + recommends a minimum of 64 bits for PBES2. For FIPS compliance PBKDF2 + requires a salt length of 128 bits. This affects OpenSSL command line + applications such as "genrsa" and "pkcs8" and API's such as + PEM_write_bio_PrivateKey() that are reliant on the default value. + + *Shane Lontis* + * Changed the default value of the `ess_cert_id_alg` configuration option which is used to calculate the TSA's public key certificate identifier. The default algorithm is updated to be sha256 instead |