wpa_supplicant in FIPS 140-2 mode
Jouni Malinen
j
Sat Jul 25 09:14:15 PDT 2015
On Fri, Jul 24, 2015 at 05:54:27PM -0400, Jate Sujjavanich wrote:
> Anybody have any information about running wpa_supplicant in FIPS mode?
>
> I have been trying to run wpa_supplicant 2.0 with OpenSSL 1.0.0 with a FIPS
> certified cryptographic module. I patched wpa_supplicant so that it puts
> itself into FIPS mode.
>
> I received a warning about use of the md5 algorithm within
> tls_prf_sha1_md5. The code generates a pseudorandom key from an xor of a
> sha1 and md5 sum of the key. I have come across some discussion whether it
> is valid to use md5. That may have been 2009.
>
> I moved from version 2.0 to 2.4 of wpa_supplicant after I noticed changes
> that could improve FIPS mode operation.
>
> I am still receiving the warning which I believe has to do with
> tls_prf_sha1_md5. I have not yet traced the call.
Are you setting CONFIG_FIPS=y in the build configuration
(wpa_supplicant/.config)?
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list