[PATCH] crypto_wolfssl: wc_PBKDF2 in FIPS requires unlocking the private key
Juliusz Sosinowicz
juliusz at wolfssl.com
Wed Jan 8 10:41:06 PST 2025
Signed-off-by: Juliusz Sosinowicz <juliusz at wolfssl.com>
---
src/crypto/crypto_wolfssl.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/crypto/crypto_wolfssl.c b/src/crypto/crypto_wolfssl.c
index 269174321b..2e253e2a91 100644
--- a/src/crypto/crypto_wolfssl.c
+++ b/src/crypto/crypto_wolfssl.c
@@ -514,8 +514,10 @@ int pbkdf2_sha1(const char *passphrase, const u8 *ssid, size_t ssid_len,
{
int ret;
+ PRIVATE_KEY_UNLOCK();
ret = wc_PBKDF2(buf, (const byte *) passphrase, os_strlen(passphrase),
ssid, ssid_len, iterations, buflen, WC_SHA);
+ PRIVATE_KEY_LOCK();
if (ret != 0) {
if (ret == HMAC_MIN_KEYLEN_E) {
LOG_WOLF_ERROR_VA("wolfSSL: Password is too short. Make sure your password is at least %d characters long. This is a requirement for FIPS builds.",
--
2.34.1
More information about the Hostap
mailing list