kdf:pkdf2: Require longer input when FIPS mode.
* cipher/kdf.c (_gcry_kdf_pkdf2): Add length check.
- GnuPG-bug-id: T6039
- Fixes-commit: 58c92098d053aae7c78cc42bdd7c80c13efc89bb
- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
kdf:pkdf2: Require longer input when FIPS mode.
Description
Details
Event TimelineComment Actions This causes ACVP tests to fail, so apparently the assumption that passphrases must be at least 14 bytes was incorrect. ACVP testing tests values larger than 8 bytes. I'll try to clarify whether that's a limit we need to enforce, or just what NIST wants to test. In any case, we will probably have to revert this. |