diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-06-17 10:52:33 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-06-17 10:52:33 +0000 |
| commit | 2c3307fb903f427be3d021c5780b75cac9af2ce8 (patch) | |
| tree | 65cf431f40b7481d81ae2dfce9576342686448f7 /upstream/debian-unstable/man3/PKCS5_PBE_keyivgen.3ssl | |
| parent | Releasing progress-linux version 4.22.0-1~progress7.99u1. (diff) | |
| download | manpages-l10n-2c3307fb903f427be3d021c5780b75cac9af2ce8.tar.xz manpages-l10n-2c3307fb903f427be3d021c5780b75cac9af2ce8.zip | |
Merging upstream version 4.23.0.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'upstream/debian-unstable/man3/PKCS5_PBE_keyivgen.3ssl')
| -rw-r--r-- | upstream/debian-unstable/man3/PKCS5_PBE_keyivgen.3ssl | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/upstream/debian-unstable/man3/PKCS5_PBE_keyivgen.3ssl b/upstream/debian-unstable/man3/PKCS5_PBE_keyivgen.3ssl index 6140c507..0afe4d67 100644 --- a/upstream/debian-unstable/man3/PKCS5_PBE_keyivgen.3ssl +++ b/upstream/debian-unstable/man3/PKCS5_PBE_keyivgen.3ssl @@ -55,7 +55,7 @@ .\" ======================================================================== .\" .IX Title "PKCS5_PBE_KEYIVGEN 3SSL" -.TH PKCS5_PBE_KEYIVGEN 3SSL 2024-02-03 3.1.5 OpenSSL +.TH PKCS5_PBE_KEYIVGEN 3SSL 2024-04-04 3.2.2-dev OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -184,6 +184,12 @@ associated parameters for the PBKDF2 algorithm. .PP \&\fBPKCS5_pbe_set0_algor()\fR and \fBPKCS5_pbe_set0_algor_ex()\fR set the PBE algorithm OID and parameters into the supplied \fBX509_ALGOR\fR. +.PP +If \fIsalt\fR is NULL, then \fIsaltlen\fR specifies the size in bytes of the random salt to +generate. If \fIsaltlen\fR is 0 then a default size is used. +For PBE related functions such as \fBPKCS5_pbe_set_ex()\fR the default salt length is 8 bytes. +For PBE2 related functions that use PBKDF2 such as \fBPKCS5_pbkdf2_set()\fR, +\&\fBPKCS5_pbe2_set_scrypt()\fR and \fBPKCS5_pbe2_set()\fR the default salt length is 16 bytes. .SH NOTES .IX Header "NOTES" The *\fB_keyivgen()\fR functions are typically used in PKCS#12 to encrypt objects. @@ -217,9 +223,13 @@ IETF RFC 8018 (<https://tools.ietf.org/html/rfc8018>) .PP From OpenSSL 3.0 the PBKDF1 algorithm used in \fBPKCS5_PBE_keyivgen()\fR and \&\fBPKCS5_PBE_keyivgen_ex()\fR has been moved to the legacy provider as an EVP_KDF. +.PP +In OpenSSL 3.2 the default salt length changed from 8 bytes to 16 bytes for PBE2 +related functions such as \fBPKCS5_pbe2_set()\fR. +This is required for PBKDF2 FIPS compliance. .SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2021\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy |