diff options
| author | tb <> | 2025-05-10 19:01:16 +0000 | 
|---|---|---|
| committer | tb <> | 2025-05-10 19:01:16 +0000 | 
| commit | 5747076436203e94cc042d06e2a8ae46b0ea5a47 (patch) | |
| tree | 8f28a79ed8e3c3edb243f185a3159fdda9a7a4b7 /src/lib/libc/stdlib/random.c | |
| parent | 3f94dea64529a66651703e561bb0b3408ddf39c1 (diff) | |
| download | openbsd-5747076436203e94cc042d06e2a8ae46b0ea5a47.tar.gz openbsd-5747076436203e94cc042d06e2a8ae46b0ea5a47.tar.bz2 openbsd-5747076436203e94cc042d06e2a8ae46b0ea5a47.zip | |
Increase default PKCS12_SALT_LEN from 8 to 16 bytes
Currently PKCS12_setup_mac() function uses salt length of 8 bytes / 64
bits when no salt length is specified. Increase this fallback default
to 16 bytes / 128 bits, as recommended by NIST SP 800-132.
Note this is for interoperability purposes. Some FIPS implementations
enforce minimum salt length of 16 bytes. Examples of such FIPS
implemenations are Bouncycastle FIPS Java API and Chainguard FIPS
Provider for OpenSSL. Also future v3.6 release of OpenSSL will also
increase the default salt length to 16 bytes.
From Dimitri John Ledkov, thanks
Diffstat (limited to 'src/lib/libc/stdlib/random.c')
0 files changed, 0 insertions, 0 deletions
