summaryrefslogtreecommitdiff
path: root/src/lib
diff options
context:
space:
mode:
authortb <>2025-05-24 02:57:14 +0000
committertb <>2025-05-24 02:57:14 +0000
commitdf2e11e608657e62f1f28a76ff533ab56acfb530 (patch)
treebf362018d769571c08d16919855dc94a90ebb9e1 /src/lib
parent50a6c66073549c15191d581ac8051a0ca61a70f6 (diff)
downloadopenbsd-df2e11e608657e62f1f28a76ff533ab56acfb530.tar.gz
openbsd-df2e11e608657e62f1f28a76ff533ab56acfb530.tar.bz2
openbsd-df2e11e608657e62f1f28a76ff533ab56acfb530.zip
Crank default salt length of PBE2 to 16 octets
FIPS is currently revising their PBKDF2 recommendations and apparently they want to require 16 octets. https://github.com/pyca/cryptography/issues/12949 https://github.com/libressl/portable/issues/1168 ok kenjiro joshua jsing
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/libcrypto/asn1/p5_pbe.c7
-rw-r--r--src/lib/libcrypto/asn1/p5_pbev2.c10
2 files changed, 13 insertions, 4 deletions
diff --git a/src/lib/libcrypto/asn1/p5_pbe.c b/src/lib/libcrypto/asn1/p5_pbe.c
index 815d6b82b6..668bf5d7c1 100644
--- a/src/lib/libcrypto/asn1/p5_pbe.c
+++ b/src/lib/libcrypto/asn1/p5_pbe.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: p5_pbe.c,v 1.29 2025/05/10 05:54:38 tb Exp $ */ 1/* $OpenBSD: p5_pbe.c,v 1.30 2025/05/24 02:57:14 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -66,6 +66,9 @@
66#include "err_local.h" 66#include "err_local.h"
67#include "x509_local.h" 67#include "x509_local.h"
68 68
69/* RFC 8018, section 6.1 specifies an eight-octet salt for PBES1. */
70#define PKCS5_PBE1_SALT_LEN 8
71
69/* PKCS#5 password based encryption structure */ 72/* PKCS#5 password based encryption structure */
70 73
71static const ASN1_TEMPLATE PBEPARAM_seq_tt[] = { 74static const ASN1_TEMPLATE PBEPARAM_seq_tt[] = {
@@ -139,7 +142,7 @@ PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
139 goto err; 142 goto err;
140 } 143 }
141 if (!saltlen) 144 if (!saltlen)
142 saltlen = PKCS5_SALT_LEN; 145 saltlen = PKCS5_PBE1_SALT_LEN;
143 if (!ASN1_STRING_set(pbe->salt, NULL, saltlen)) { 146 if (!ASN1_STRING_set(pbe->salt, NULL, saltlen)) {
144 ASN1error(ERR_R_MALLOC_FAILURE); 147 ASN1error(ERR_R_MALLOC_FAILURE);
145 goto err; 148 goto err;
diff --git a/src/lib/libcrypto/asn1/p5_pbev2.c b/src/lib/libcrypto/asn1/p5_pbev2.c
index 4c096ac5b9..64924d9b38 100644
--- a/src/lib/libcrypto/asn1/p5_pbev2.c
+++ b/src/lib/libcrypto/asn1/p5_pbev2.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: p5_pbev2.c,v 1.37 2025/05/24 02:54:09 tb Exp $ */ 1/* $OpenBSD: p5_pbev2.c,v 1.38 2025/05/24 02:57:14 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999-2004. 3 * project 1999-2004.
4 */ 4 */
@@ -67,6 +67,12 @@
67#include "evp_local.h" 67#include "evp_local.h"
68#include "x509_local.h" 68#include "x509_local.h"
69 69
70/*
71 * RFC 8018, sections 6.2 and 4 specify at least 64 bits for PBES2, apparently
72 * FIPS will require at least 128 bits in the future, OpenSSL does that.
73 */
74#define PKCS5_PBE2_SALT_LEN 16
75
70/* PKCS#5 v2.0 password based encryption structures */ 76/* PKCS#5 v2.0 password based encryption structures */
71 77
72static const ASN1_TEMPLATE PBE2PARAM_seq_tt[] = { 78static const ASN1_TEMPLATE PBE2PARAM_seq_tt[] = {
@@ -292,7 +298,7 @@ PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, int prf_nid,
292 kdf->salt->type = V_ASN1_OCTET_STRING; 298 kdf->salt->type = V_ASN1_OCTET_STRING;
293 299
294 if (!saltlen) 300 if (!saltlen)
295 saltlen = PKCS5_SALT_LEN; 301 saltlen = PKCS5_PBE2_SALT_LEN;
296 if (!(osalt->data = malloc (saltlen))) 302 if (!(osalt->data = malloc (saltlen)))
297 goto merr; 303 goto merr;
298 304
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-28 07:21:18 +0000