wpa_supplicant in FIPS 140-2 mode

Jouni Malinen j
Sat Jul 25 09:14:15 PDT 2015


On Fri, Jul 24, 2015 at 05:54:27PM -0400, Jate Sujjavanich wrote:
> Anybody have any information about running wpa_supplicant in FIPS mode?
> 
> I have been trying to run wpa_supplicant 2.0 with OpenSSL 1.0.0 with a FIPS
> certified cryptographic module. I patched wpa_supplicant so that it puts
> itself into FIPS mode.
> 
> I received a warning about use of the md5 algorithm within
> tls_prf_sha1_md5. The code generates a pseudorandom key from an xor of a
> sha1 and md5 sum of the key. I have come across some discussion whether it
> is valid to use md5. That may have been 2009.
> 
> I moved from version 2.0 to 2.4 of wpa_supplicant after I noticed changes
> that could improve FIPS mode operation.
> 
> I am still receiving the warning which I believe has to do with
> tls_prf_sha1_md5. I have not yet traced the call.

Are you setting CONFIG_FIPS=y in the build configuration
(wpa_supplicant/.config)?

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the Hostap mailing list