diff --git a/libgcrypt-1.10.0-fips-kdf.patch b/libgcrypt-1.10.0-fips-kdf.patch
index 021476a..e9d3565 100644
--- a/libgcrypt-1.10.0-fips-kdf.patch
+++ b/libgcrypt-1.10.0-fips-kdf.patch
@@ -127,3 +127,61 @@ index d22584da..823c744e 100644
 -- 
 2.39.0
 
+From f5fe94810f3099c9ccc2ca3a5891502922ab0576 Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Tue, 28 Feb 2023 12:53:28 +0100
+Subject: [PATCH] kdf: Update tests in regards to the allowed parameters in
+ FIPS mode.
+
+* cipher/kdf.c (check_one): run selftests for more approved parameters
+and check that wrong parameters correctly fail in FIPS mode.
+
+--
+
+Fixes-commit: 535a4d345872aa2cd2ab3a5f9c4411d0a0313328
+GnuPG-bug-id: 5512
+Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+---
+ cipher/kdf.c | 22 +++++++++++++++-------
+ 1 file changed, 15 insertions(+), 7 deletions(-)
+
+diff --git a/cipher/kdf.c b/cipher/kdf.c
+index 823c744e..12beec56 100644
+--- a/cipher/kdf.c
++++ b/cipher/kdf.c
+@@ -2059,17 +2059,25 @@ check_one (int algo, int hash_algo,
+ {
+   unsigned char key[512]; /* hardcoded to avoid allocation */
+   size_t keysize = expectlen;
+-
+-  /* Skip test with shoter passphrase in FIPS mode.  */
+-  if (fips_mode () && passphraselen < 14)
+-    return NULL;
++  int rv;
+ 
+   if (keysize > sizeof(key))
+     return "invalid tests data";
+ 
+-  if (_gcry_kdf_derive (passphrase, passphraselen, algo,
+-                        hash_algo, salt, saltlen, iterations,
+-                        keysize, key))
++  rv = _gcry_kdf_derive (passphrase, passphraselen, algo,
++                         hash_algo, salt, saltlen, iterations,
++                         keysize, key);
++  /* In fips mode we have special requirements for the input and
++   * output parameters */
++  if (fips_mode ())
++    {
++      if (rv && (passphraselen < 8 || saltlen < 16 ||
++                 iterations < 1000 || expectlen < 14))
++        return NULL;
++      else if (rv)
++        return "gcry_kdf_derive unexpectedly failed in FIPS Mode";
++    }
++  else if (rv)
+     return "gcry_kdf_derive failed";
+ 
+   if (memcmp (key, expect, expectlen))
+-- 
+2.39.2
+