feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Log when iterations LT 1000 but take no action

Browse Source
This commit is contained in:
kaleb-himes
2024-05-08 17:43:08 -04:00
parent a9511e118a
commit 7047991cda
1 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
wolfcrypt/src/pwdbased.c
View File

@@ -219,6 +219,15 @@ int wc_PBKDF2_ex(byte* output, const byte* passwd, int pLen, const byte* salt,
return BAD_LENGTH_E; return BAD_LENGTH_E;
#endif #endif
#if FIPS_VERSION3_GE(6,0,0) && defined(DEBUG_WOLFSSL)
/* SP800-132 §5.2 recommends an iteration count of 1000 but this is not
* strictly enforceable and is listed in Appendix B Table 1 as a
* non-testable requirement. wolfCrypt will log it when appropriate but
* take no action */
if (iterations < 1000) {
WOLFSSL_MSG("WARNING: Iteration < 1,000, see SP800-132 §5.2");
}
#endif
if (iterations <= 0) if (iterations <= 0)
iterations = 1; iterations = 1;