wolfSSL: Check for the too-short-password error in pbkdf2_sha1()
This may fail with FIPS builds because the FIPS requirement is that the password must be at least 14 characters. Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
This commit is contained in:
parent
ca26224815
commit
0c3f68f2a0
1 changed files with 12 additions and 2 deletions
|
@ -27,6 +27,7 @@
|
||||||
#include <wolfssl/wolfcrypt/cmac.h>
|
#include <wolfssl/wolfcrypt/cmac.h>
|
||||||
#include <wolfssl/wolfcrypt/ecc.h>
|
#include <wolfssl/wolfcrypt/ecc.h>
|
||||||
#include <wolfssl/wolfcrypt/asn_public.h>
|
#include <wolfssl/wolfcrypt/asn_public.h>
|
||||||
|
#include <wolfssl/wolfcrypt/error-crypt.h>
|
||||||
#include <wolfssl/openssl/bn.h>
|
#include <wolfssl/openssl/bn.h>
|
||||||
|
|
||||||
|
|
||||||
|
@ -282,9 +283,18 @@ int hmac_sha512(const u8 *key, size_t key_len, const u8 *data,
|
||||||
int pbkdf2_sha1(const char *passphrase, const u8 *ssid, size_t ssid_len,
|
int pbkdf2_sha1(const char *passphrase, const u8 *ssid, size_t ssid_len,
|
||||||
int iterations, u8 *buf, size_t buflen)
|
int iterations, u8 *buf, size_t buflen)
|
||||||
{
|
{
|
||||||
if (wc_PBKDF2(buf, (const byte*)passphrase, os_strlen(passphrase), ssid,
|
int ret;
|
||||||
ssid_len, iterations, buflen, WC_SHA) != 0)
|
|
||||||
|
ret = wc_PBKDF2(buf, (const byte *) passphrase, os_strlen(passphrase),
|
||||||
|
ssid, ssid_len, iterations, buflen, WC_SHA);
|
||||||
|
if (ret != 0) {
|
||||||
|
if (ret == HMAC_MIN_KEYLEN_E) {
|
||||||
|
wpa_printf(MSG_ERROR,
|
||||||
|
"wolfSSL: Password is too short. Make sure your password is at least %d characters long. This is a requirement for FIPS builds.",
|
||||||
|
HMAC_FIPS_MIN_KEY);
|
||||||
|
}
|
||||||
return -1;
|
return -1;
|
||||||
|
}
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue