diff options
| author | slontis <shane.lontis@oracle.com> | 2023-08-28 12:47:51 +1000 |
|---|---|---|
| committer | Pauli <pauli@openssl.org> | 2023-09-04 14:15:34 +1000 |
| commit | 3859a027259b5b571eaf5e8cf4c0704611950c2c (patch) | |
| tree | 4abfb601d0be8a7ca2bf0b4032693f01865a3774 /crypto | |
| parent | 61cfc22b60e33bc77b1e1944759af48c8e58f0d2 (diff) | |
| download | openssl-3859a027259b5b571eaf5e8cf4c0704611950c2c.tar.gz | |
Change PBES2 KDF default salt length to 16 bytes.
The PKCS5 (RFC 8018) standard uses a 64 bit salt length for PBE, and
recommends a minimum of 64 bits for PBES2. For FIPS compliance PBKDF2
requires a salt length of 128 bits.
This affects OpenSSL command line applications such as "genrsa" and "pkcs8"
and API's such as PEM_write_bio_PrivateKey() that are reliant on the
default salt length.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21858)
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/asn1/p5_pbe.c | 3 | ||||
| -rw-r--r-- | crypto/asn1/p5_pbev2.c | 3 | ||||
| -rw-r--r-- | crypto/asn1/p5_scrypt.c | 2 |
3 files changed, 5 insertions, 3 deletions
diff --git a/crypto/asn1/p5_pbe.c b/crypto/asn1/p5_pbe.c index 13b3f19bae..c595973fe5 100644 --- a/crypto/asn1/p5_pbe.c +++ b/crypto/asn1/p5_pbe.c @@ -12,6 +12,7 @@ #include <openssl/asn1t.h> #include <openssl/x509.h> #include <openssl/rand.h> +#include "crypto/evp.h" /* PKCS#5 password based encryption structure */ @@ -45,7 +46,7 @@ int PKCS5_pbe_set0_algor_ex(X509_ALGOR *algor, int alg, int iter, goto err; } if (!saltlen) - saltlen = PKCS5_SALT_LEN; + saltlen = PKCS5_DEFAULT_PBE1_SALT_LEN; if (saltlen < 0) goto err; diff --git a/crypto/asn1/p5_pbev2.c b/crypto/asn1/p5_pbev2.c index e710cf3c35..c188a08a6e 100644 --- a/crypto/asn1/p5_pbev2.c +++ b/crypto/asn1/p5_pbev2.c @@ -10,6 +10,7 @@ #include <stdio.h> #include "internal/cryptlib.h" #include "crypto/asn1.h" +#include "crypto/evp.h" #include <openssl/asn1t.h> #include <openssl/core.h> #include <openssl/core_names.h> @@ -196,7 +197,7 @@ X509_ALGOR *PKCS5_pbkdf2_set_ex(int iter, unsigned char *salt, int saltlen, goto err; } if (saltlen == 0) - saltlen = PKCS5_SALT_LEN; + saltlen = PKCS5_DEFAULT_PBE2_SALT_LEN; if ((osalt->data = OPENSSL_malloc(saltlen)) == NULL) goto err; diff --git a/crypto/asn1/p5_scrypt.c b/crypto/asn1/p5_scrypt.c index 94b77fd3ab..d6ec2445fa 100644 --- a/crypto/asn1/p5_scrypt.c +++ b/crypto/asn1/p5_scrypt.c @@ -166,7 +166,7 @@ static X509_ALGOR *pkcs5_scrypt_set(const unsigned char *salt, size_t saltlen, } if (!saltlen) - saltlen = PKCS5_SALT_LEN; + saltlen = PKCS5_DEFAULT_PBE2_SALT_LEN; /* This will either copy salt or grow the buffer */ if (ASN1_STRING_set(sparam->salt, salt, saltlen) == 0) { |