Log when iterations LT 1000 but take no action

Author: kaleb-himes

wolfcrypt/src/pwdbased.c

@@ -219,6 +219,15 @@ int wc_PBKDF2_ex(byte* output, const byte* passwd, int pLen, const byte* salt,
         return BAD_LENGTH_E;
 #endif
 
+#if FIPS_VERSION3_GE(6,0,0) && defined(DEBUG_WOLFSSL)
+    /* SP800-132 §5.2 recommends an iteration count of 1000 but this is not
+     * strictly enforceable and is listed in Appendix B Table 1 as a
+     * non-testable requirement. wolfCrypt will log it when appropriate but
+     * take no action */
+    if (iterations < 1000) {
+        WOLFSSL_MSG("WARNING: Iteration < 1,000, see SP800-132 §5.2");
+    }
+#endif
     if (iterations <= 0)
         iterations = 1;