diff options
author | slontis <shane.lontis@oracle.com> | 2023-08-31 17:51:46 +1000 |
---|---|---|
committer | Pauli <pauli@openssl.org> | 2023-09-04 14:15:34 +1000 |
commit | e3994583a1e4bde9a589c379520d216bc0a0c515 (patch) | |
tree | 740416411fe5f6b4c6fbead6c06d03de556d17cc /CHANGES.md | |
parent | 9f679bdc71aac83e89cc5aacb42855f3657ace39 (diff) | |
download | openssl-e3994583a1e4bde9a589c379520d216bc0a0c515.tar.gz |
Added 'saltlen' option to the OpenSSL enc command line app.
This allows PBKDF2 to change the saltlen to something other than the
new default value of 16. Previously this app hardwired the salt length
to a maximum of 8 bytes. Non PBKDF2 mode uses EVP_BytesToKey()
internally, which is documented to only allow 8 bytes.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21858)
Diffstat (limited to 'CHANGES.md')
-rw-r--r-- | CHANGES.md | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/CHANGES.md b/CHANGES.md index 8f1e757f8c..974e549486 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -32,6 +32,9 @@ OpenSSL 3.2 requires a salt length of 128 bits. This affects OpenSSL command line applications such as "genrsa" and "pkcs8" and API's such as PEM_write_bio_PrivateKey() that are reliant on the default value. + The additional commandline option 'saltlen' has been added to the + OpenSSL command line applications for "pkcs8" and "enc" to allow the + salt length to be set to a non default value. *Shane Lontis* |