diff --git a/cryptsetup-fips140-3.patch b/cryptsetup-fips140-3.patch
new file mode 100644
index 0000000..541ddb7
--- /dev/null
+++ b/cryptsetup-fips140-3.patch
@@ -0,0 +1,22 @@
+Index: cryptsetup-2.7.0/lib/utils_benchmark.c
+===================================================================
+--- cryptsetup-2.7.0.orig/lib/utils_benchmark.c
++++ cryptsetup-2.7.0/lib/utils_benchmark.c
+@@ -196,7 +196,7 @@ int crypt_benchmark_pbkdf_internal(struc
+ 		pbkdf->parallel_threads = 0; /* N/A in PBKDF2 */
+ 		pbkdf->max_memory_kb = 0; /* N/A in PBKDF2 */
+ 
+-		r = crypt_benchmark_pbkdf(cd, pbkdf, "foobarfo", 8, "01234567890abcdef", 16,
++		r = crypt_benchmark_pbkdf(cd, pbkdf, "foobarfofoobarfofoobarfo", 24, "01234567890abcdef", 16,
+ 					volume_key_size, &benchmark_callback, &u);
+ 		pbkdf->time_ms = ms_tmp;
+ 		if (r < 0) {
+@@ -216,7 +216,7 @@ int crypt_benchmark_pbkdf_internal(struc
+ 			return 0;
+ 		}
+ 
+-		r = crypt_benchmark_pbkdf(cd, pbkdf, "foobarfo", 8,
++		r = crypt_benchmark_pbkdf(cd, pbkdf, "foobarfofoobarfofoobarfo", 24,
+ 			"0123456789abcdef0123456789abcdef", 32,
+ 			volume_key_size, &benchmark_callback, &u);
+ 		if (r < 0)
diff --git a/cryptsetup.changes b/cryptsetup.changes
index 5c9931a..96a9f28 100644
--- a/cryptsetup.changes
+++ b/cryptsetup.changes
@@ -14,6 +14,12 @@ Fri Sep 13 07:36:26 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
     was not defined.
   * Fix crypto backend initialization in crypt_format_luks2_opal API call.
 
+-------------------------------------------------------------------
+Fri Aug 30 15:07:28 UTC 2024 - Marcus Meissner <meissner@suse.com>
+
+- cryptsetup-fips140-3.patch: extend the password for PBKDF2 benchmarking
+  to be more than 20 chars to meet FIPS 140-3 requirements (bsc#1229975)
+
 -------------------------------------------------------------------
 Wed Jul 31 06:27:18 UTC 2024 - Martin Schreiner <martin.schreiner@suse.com>
 
diff --git a/cryptsetup.spec b/cryptsetup.spec
index 1e73402..f920f83 100644
--- a/cryptsetup.spec
+++ b/cryptsetup.spec
@@ -31,6 +31,7 @@ Source2:        baselibs.conf
 Source3:        cryptsetup.keyring
 # FAQ.md is CC-BY-SA-4.0
 Source4:        https://creativecommons.org/licenses/by-sa/4.0/legalcode.txt#/cc-by-sa-4.0.txt
+Patch0:         cryptsetup-fips140-3.patch
 # 2.6.38 has the required if_alg.h
 BuildRequires:  linux-glibc-devel >= 2.6.38
 BuildRequires:  fdupes