PBKDF2 updates to conform to SP800-132
The existing code used PKCS5 specifications. SP800-132 adds the following additional constraints for: - the range of the key length. - the minimum iteration count (1000 recommended). - salt length (at least 128 bits). These additional constraints may cause errors (in scrypt, and some PKCS5 related test vectors). To disable the new constraints use the new ctrl string "pkcs5". For backwards compatability, the checks are only enabled by default for fips mode. Reviewed-by:Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8868)
Please register or sign in to comment