Commit 72d5e8dcd2 for openssl.org

commit 72d5e8dcd2977234e47e840d2173917daa8bb0fa
Author: Jun Aruga <jaruga@redhat.com>
Date:   Mon Mar 30 18:21:18 2026 +0100

    Improve PBKDF2 password strength too weak error message with arguments

    Reviewed-by: Paul Dale <paul.dale@oracle.com>
    Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
    Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
    MergeDate: Wed Apr  8 10:34:20 2026
    (Merged from https://github.com/openssl/openssl/pull/30628)

diff --git a/providers/implementations/kdfs/pbkdf2.c b/providers/implementations/kdfs/pbkdf2.c
index 88cb8c73df..e1f67cecbc 100644
--- a/providers/implementations/kdfs/pbkdf2.c
+++ b/providers/implementations/kdfs/pbkdf2.c
@@ -366,7 +366,9 @@ static int kdf_pbkdf2_set_ctx_params(void *vctx, const OSSL_PARAM params[])
     if (p.pw != NULL) {
         if (ctx->lower_bound_checks != 0
             && p.pw->data_size < KDF_PBKDF2_MIN_PASSWORD_LEN) {
-            ERR_raise(ERR_LIB_PROV, PROV_R_PASSWORD_STRENGTH_TOO_WEAK);
+            ERR_raise_data(ERR_LIB_PROV, PROV_R_PASSWORD_STRENGTH_TOO_WEAK,
+                "password length %zu should be at least %d",
+                p.pw->data_size, KDF_PBKDF2_MIN_PASSWORD_LEN);
             return 0;
         }
         if (!pbkdf2_set_membuf(&ctx->pass, &ctx->pass_len, p.pw))