Fix PBKDF vector test in FIPS mode. (!505) · Merge requests · cryptsetup / cryptsetup

Milan Broz requested to merge fix-fips-centos9 into main Apr 20, 2023

Another example of FIPS theatre is that some vendors implements hard limits for PBKDF attributes (minimal password length, salt, etc).

This should be set by policy on another layer, unfortunately someone apparently thinks it is a good idea to harcode it to low-level crypto library directly.

This of course breaks some older test vectors that use shorter attributes.

Just mark these and ignore possible API error in FIPS mode.

Fix PBKDF vector test in FIPS mode.

Merge request reports