DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

wolfSSL: Check for the too-short-password error in pbkdf2_sha1()

Browse source 
This may fail with FIPS builds because the FIPS requirement is that the
password must be at least 14 characters.

Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
This commit is contained in:
Juliusz Sosinowicz 2022-04-29 16:11:54 +02:00 committed by Jouni Malinen
parent ca26224815
commit 0c3f68f2a0
1 changed files with 12 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
src/crypto/crypto_wolfssl.c
View file

@ -27,6 +27,7 @@
#include <wolfssl/wolfcrypt/cmac.h>
#include <wolfssl/wolfcrypt/ecc.h>
#include <wolfssl/wolfcrypt/asn_public.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/openssl/bn.h>
@ -282,9 +283,18 @@ int hmac_sha512(const u8 *key, size_t key_len, const u8 *data,
int pbkdf2_sha1(const char *passphrase, const u8 *ssid, size_t ssid_len,
int iterations, u8 *buf, size_t buflen)
{
if (wc_PBKDF2(buf, (const byte*)passphrase, os_strlen(passphrase), ssid,
ssid_len, iterations, buflen, WC_SHA) != 0)
int ret;
ret = wc_PBKDF2(buf, (const byte *) passphrase, os_strlen(passphrase),
ssid, ssid_len, iterations, buflen, WC_SHA);
if (ret != 0) {
if (ret == HMAC_MIN_KEYLEN_E) {
wpa_printf(MSG_ERROR,
"wolfSSL: Password is too short. Make sure your password is at least %d characters long. This is a requirement for FIPS builds.",
HMAC_FIPS_MIN_KEY);
}
return -1;
}
return 0;
}