From: Dimitri John Ledkov <dimitri.ledkov@surgut.co.uk>
Subject: [PATCH] Increase default PKCS12_SALT_LEN from 8 to 16 bytes
To: tech@openbsd.org
Date: Sat, 10 May 2025 18:49:18 +0100

Currently PKCS12_setup_mac() function uses salt length of 8 bytes / 64
bits when no salt length is specified. Increase this fallback default
to 16 bytes / 128 bits, as recommended by NIST SP 800-132.

Note this is for interoperability purposes. Some FIPS implementations
enforce minimum salt length of 16 bytes. Examples of such FIPS
implemenations are Bouncycastle FIPS Java API and Chainguard FIPS
Provider for OpenSSL. Also future v3.6 release of OpenSSL will also
increase the default salt length to 16 bytes.
---
 lib/libcrypto/pkcs12/pkcs12.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/libcrypto/pkcs12/pkcs12.h b/lib/libcrypto/pkcs12/pkcs12.h
index 200712039bf..7071ce6be91 100644
--- a/lib/libcrypto/pkcs12/pkcs12.h
+++ b/lib/libcrypto/pkcs12/pkcs12.h
@@ -77,7 +77,7 @@ extern "C" {
 
 #define PKCS12_MAC_KEY_LENGTH 20
 
-#define PKCS12_SALT_LEN	8
+#define PKCS12_SALT_LEN	16
 
 /* Uncomment out next line for unicode password and names, otherwise ASCII */
 
-- 
2.43.0