From: Simo Sorce <simo@redhat.com>
Date: Mon, 8 Dec 2025 17:44:56 +0000 (-0500)
Subject: Relax PBKDF2 iteration check for FIPS self-test
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ca0ebe300ca331aa1de94c7e5c1c9322ecc9bc75;p=thirdparty%2Fopenssl.git

Relax PBKDF2 iteration check for FIPS self-test

FIPS 140-3 IG 10.3.A.8 requires known-answer tests for KDFs. Some of these
tests for PBKDF2 use a low iteration count (e.g., 2) which is below the normal
security threshold and would otherwise fail.

This change checks if a PBKDF2 self-test is in progress and, if so, lowers the
minimum accepted iteration count to 2. This allows the required self-tests to
pass while maintaining the security check for normal operations.

Signed-off-by: Simo Sorce <simo@redhat.com>

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/29222)
---

diff --git a/providers/implementations/kdfs/pbkdf2.c b/providers/implementations/kdfs/pbkdf2.c
index 4a300ac022e..10f6c7e169f 100644
--- a/providers/implementations/kdfs/pbkdf2.c
+++ b/providers/implementations/kdfs/pbkdf2.c
@@ -57,6 +57,7 @@
 #ifndef KDF_PBKDF2_MIN_PASSWORD_LEN
 #ifdef FIPS_MODULE
 #define KDF_PBKDF2_MIN_PASSWORD_LEN (8)
+#define KDF_PBKDF2_FIPS_SELF_TEST_ITERATIONS 2
 #else
 #define KDF_PBKDF2_MIN_PASSWORD_LEN (1)
 #endif
@@ -217,6 +218,8 @@ static int pbkdf2_lower_bound_check_passed(int saltlen, uint64_t iter,
     size_t keylen, size_t passlen,
     int *error, const char **desc)
 {
+    uint64_t min_iter = KDF_PBKDF2_MIN_ITERATIONS;
+
     if (passlen < KDF_PBKDF2_MIN_PASSWORD_LEN) {
         *error = PROV_R_PASSWORD_STRENGTH_TOO_WEAK;
         if (desc != NULL)
@@ -235,7 +238,13 @@ static int pbkdf2_lower_bound_check_passed(int saltlen, uint64_t iter,
             *desc = "Salt size";
         return 0;
     }
-    if (iter < KDF_PBKDF2_MIN_ITERATIONS) {
+#ifdef FIPS_MODULE
+    /* Modify this check during self-test. See FIPS 140-3 IG 10.3.A.8 */
+    if (ossl_self_test_in_progress(ST_ID_KDF_PBKDF2)) {
+        min_iter = KDF_PBKDF2_FIPS_SELF_TEST_ITERATIONS;
+    }
+#endif
+    if (iter < min_iter) {
         *error = PROV_R_INVALID_ITERATION_COUNT;
         if (desc != NULL)
             *desc = "Iteration count";