From d0f630df58abad993d660fe05904329afd962089 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Sat, 10 May 2025 19:01:16 +0000
Subject: Increase default PKCS12_SALT_LEN from 8 to 16 bytes

Currently PKCS12_setup_mac() function uses salt length of 8 bytes / 64
bits when no salt length is specified. Increase this fallback default
to 16 bytes / 128 bits, as recommended by NIST SP 800-132.

Note this is for interoperability purposes. Some FIPS implementations
enforce minimum salt length of 16 bytes. Examples of such FIPS
implemenations are Bouncycastle FIPS Java API and Chainguard FIPS
Provider for OpenSSL. Also future v3.6 release of OpenSSL will also
increase the default salt length to 16 bytes.

From Dimitri John Ledkov, thanks
---
 src/lib/libcrypto/pkcs12/pkcs12.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src/lib/libcrypto/pkcs12/pkcs12.h')

diff --git a/src/lib/libcrypto/pkcs12/pkcs12.h b/src/lib/libcrypto/pkcs12/pkcs12.h
index 200712039b..aec0362806 100644
--- a/src/lib/libcrypto/pkcs12/pkcs12.h
+++ b/src/lib/libcrypto/pkcs12/pkcs12.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: pkcs12.h,v 1.29 2025/03/09 15:45:52 tb Exp $ */
+/* $OpenBSD: pkcs12.h,v 1.30 2025/05/10 19:01:16 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -77,7 +77,7 @@ extern "C" {
 
 #define PKCS12_MAC_KEY_LENGTH 20
 
-#define PKCS12_SALT_LEN	8
+#define PKCS12_SALT_LEN	16
 
 /* Uncomment out next line for unicode password and names, otherwise ASCII */
 
-- 
cgit v1.2.3-55-g6feb