Added 'saltlen' option to the OpenSSL enc command line app.

This allows PBKDF2 to change the saltlen to something other than the new default value of 16. Previously this app hardwired the salt length to a maximum of 8 bytes. Non PBKDF2 mode uses EVP_BytesToKey() internally, which is documented to only allow 8 bytes. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21858)
author: slontis <shane.lontis@oracle.com> 2023-08-31 17:51:46 +1000
committer: Pauli <pauli@openssl.org> 2023-09-04 14:15:34 +1000
commit: e3994583a1e4bde9a589c379520d216bc0a0c515 (patch)
tree: 740416411fe5f6b4c6fbead6c06d03de556d17cc /CHANGES.md
parent: 9f679bdc71aac83e89cc5aacb42855f3657ace39 (diff)
download: openssl-e3994583a1e4bde9a589c379520d216bc0a0c515.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/CHANGES.md b/CHANGES.md
index 8f1e757f8c..974e549486 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -32,6 +32,9 @@ OpenSSL 3.2
    requires a salt length of 128 bits. This affects OpenSSL command line
    applications such as "genrsa" and "pkcs8" and API's such as
    PEM_write_bio_PrivateKey() that are reliant on the default value.
+   The additional commandline option 'saltlen' has been added to the
+   OpenSSL command line applications for "pkcs8" and "enc" to allow the
+   salt length to be set to a non default value.
 
    *Shane Lontis*
author	slontis <shane.lontis@oracle.com>	2023-08-31 17:51:46 +1000
committer	Pauli <pauli@openssl.org>	2023-09-04 14:15:34 +1000
commit	e3994583a1e4bde9a589c379520d216bc0a0c515 (patch)
tree	740416411fe5f6b4c6fbead6c06d03de556d17cc /CHANGES.md
parent	9f679bdc71aac83e89cc5aacb42855f3657ace39 (diff)
download	openssl-e3994583a1e4bde9a589c379520d216bc0a0c515.tar.gz