From e3994583a1e4bde9a589c379520d216bc0a0c515 Mon Sep 17 00:00:00 2001
From: slontis <shane.lontis@oracle.com>
Date: Thu, 31 Aug 2023 17:51:46 +1000
Subject: Added 'saltlen' option to the OpenSSL enc command line app.

This allows PBKDF2 to change the saltlen to something other than the
new default value of 16. Previously this app hardwired the salt length
to a maximum of 8 bytes. Non PBKDF2 mode uses EVP_BytesToKey()
internally, which is documented to only allow 8 bytes.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21858)
---
 CHANGES.md | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'CHANGES.md')

diff --git a/CHANGES.md b/CHANGES.md
index 8f1e757f8c..974e549486 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -32,6 +32,9 @@ OpenSSL 3.2
    requires a salt length of 128 bits. This affects OpenSSL command line
    applications such as "genrsa" and "pkcs8" and API's such as
    PEM_write_bio_PrivateKey() that are reliant on the default value.
+   The additional commandline option 'saltlen' has been added to the
+   OpenSSL command line applications for "pkcs8" and "enc" to allow the
+   salt length to be set to a non default value.
 
    *Shane Lontis*
 
-- 
cgit v1.2.3