Skip to content
Commit f0efeea2 authored by Shane Lontis's avatar Shane Lontis
Browse files

PBKDF2 updates to conform to SP800-132



The existing code used PKCS5 specifications.
SP800-132 adds the following additional constraints for:
  - the range of the key length.
  - the minimum iteration count (1000 recommended).
  - salt length (at least 128 bits).
These additional constraints may cause errors (in scrypt, and
some PKCS5 related test vectors). To disable the new
constraints use the new ctrl string "pkcs5".
For backwards compatability, the checks are only enabled by
default for fips mode.

Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8868)
parent 83b4a243
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment