Skip to content

Fix PBKDF vector test in FIPS mode.

Milan Broz requested to merge fix-fips-centos9 into main

Another example of FIPS theatre is that some vendors implements hard limits for PBKDF attributes (minimal password length, salt, etc).

This should be set by policy on another layer, unfortunately someone apparently thinks it is a good idea to harcode it to low-level crypto library directly.

This of course breaks some older test vectors that use shorter attributes.

Just mark these and ignore possible API error in FIPS mode.

Merge request reports