From 1404a4a6a3c1b959b38b14aadfdf86ea0c2ca08b Mon Sep 17 00:00:00 2001 From: tb <> Date: Sat, 24 May 2025 02:57:14 +0000 Subject: Crank default salt length of PBE2 to 16 octets FIPS is currently revising their PBKDF2 recommendations and apparently they want to require 16 octets. https://github.com/pyca/cryptography/issues/12949 https://github.com/libressl/portable/issues/1168 ok kenjiro joshua jsing --- src/lib/libcrypto/asn1/p5_pbe.c | 7 +++++-- src/lib/libcrypto/asn1/p5_pbev2.c | 10 ++++++++-- 2 files changed, 13 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/lib/libcrypto/asn1/p5_pbe.c b/src/lib/libcrypto/asn1/p5_pbe.c index 815d6b82b6..668bf5d7c1 100644 --- a/src/lib/libcrypto/asn1/p5_pbe.c +++ b/src/lib/libcrypto/asn1/p5_pbe.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p5_pbe.c,v 1.29 2025/05/10 05:54:38 tb Exp $ */ +/* $OpenBSD: p5_pbe.c,v 1.30 2025/05/24 02:57:14 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -66,6 +66,9 @@ #include "err_local.h" #include "x509_local.h" +/* RFC 8018, section 6.1 specifies an eight-octet salt for PBES1. */ +#define PKCS5_PBE1_SALT_LEN 8 + /* PKCS#5 password based encryption structure */ static const ASN1_TEMPLATE PBEPARAM_seq_tt[] = { @@ -139,7 +142,7 @@ PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, goto err; } if (!saltlen) - saltlen = PKCS5_SALT_LEN; + saltlen = PKCS5_PBE1_SALT_LEN; if (!ASN1_STRING_set(pbe->salt, NULL, saltlen)) { ASN1error(ERR_R_MALLOC_FAILURE); goto err; diff --git a/src/lib/libcrypto/asn1/p5_pbev2.c b/src/lib/libcrypto/asn1/p5_pbev2.c index 4c096ac5b9..64924d9b38 100644 --- a/src/lib/libcrypto/asn1/p5_pbev2.c +++ b/src/lib/libcrypto/asn1/p5_pbev2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p5_pbev2.c,v 1.37 2025/05/24 02:54:09 tb Exp $ */ +/* $OpenBSD: p5_pbev2.c,v 1.38 2025/05/24 02:57:14 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999-2004. */ @@ -67,6 +67,12 @@ #include "evp_local.h" #include "x509_local.h" +/* + * RFC 8018, sections 6.2 and 4 specify at least 64 bits for PBES2, apparently + * FIPS will require at least 128 bits in the future, OpenSSL does that. + */ +#define PKCS5_PBE2_SALT_LEN 16 + /* PKCS#5 v2.0 password based encryption structures */ static const ASN1_TEMPLATE PBE2PARAM_seq_tt[] = { @@ -292,7 +298,7 @@ PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, int prf_nid, kdf->salt->type = V_ASN1_OCTET_STRING; if (!saltlen) - saltlen = PKCS5_SALT_LEN; + saltlen = PKCS5_PBE2_SALT_LEN; if (!(osalt->data = malloc (saltlen))) goto merr; -- cgit v1.2.3-55-g6feb