From 72d5e8dcd2977234e47e840d2173917daa8bb0fa Mon Sep 17 00:00:00 2001
From: Jun Aruga <jaruga@redhat.com>
Date: Mon, 30 Mar 2026 18:21:18 +0100
Subject: [PATCH] Improve PBKDF2 password strength too weak error message with
 arguments

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
MergeDate: Wed Apr  8 10:34:20 2026
(Merged from https://github.com/openssl/openssl/pull/30628)
---
 providers/implementations/kdfs/pbkdf2.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/providers/implementations/kdfs/pbkdf2.c b/providers/implementations/kdfs/pbkdf2.c
index 88cb8c73dff..e1f67cecbc6 100644
--- a/providers/implementations/kdfs/pbkdf2.c
+++ b/providers/implementations/kdfs/pbkdf2.c
@@ -366,7 +366,9 @@ static int kdf_pbkdf2_set_ctx_params(void *vctx, const OSSL_PARAM params[])
     if (p.pw != NULL) {
         if (ctx->lower_bound_checks != 0
             && p.pw->data_size < KDF_PBKDF2_MIN_PASSWORD_LEN) {
-            ERR_raise(ERR_LIB_PROV, PROV_R_PASSWORD_STRENGTH_TOO_WEAK);
+            ERR_raise_data(ERR_LIB_PROV, PROV_R_PASSWORD_STRENGTH_TOO_WEAK,
+                "password length %zu should be at least %d",
+                p.pw->data_size, KDF_PBKDF2_MIN_PASSWORD_LEN);
             return 0;
         }
         if (!pbkdf2_set_membuf(&ctx->pass, &ctx->pass_len, p.pw))
-- 
2.47.3