| Message ID | 20250108184106.85958-1-juliusz@wolfssl.com |
|---|---|
| State | Accepted |
| Headers | show
Return-Path:
<hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
dkim=pass (2048-bit key;
secure) header.d=lists.infradead.org header.i=@lists.infradead.org
header.a=rsa-sha256 header.s=bombadil.20210309 header.b=nPdCVKrY;
dkim=fail reason="signature verification failed" (2048-bit key;
unprotected) header.d=wolfssl-com.20230601.gappssmtp.com
header.i=@wolfssl-com.20230601.gappssmtp.com header.a=rsa-sha256
header.s=20230601 header.b=cnkBdWp0;
dkim-atps=neutral
Authentication-Results: legolas.ozlabs.org;
spf=none (no SPF record) smtp.mailfrom=lists.infradead.org
(client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org;
envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;
receiver=patchwork.ozlabs.org)
Received: from bombadil.infradead.org (bombadil.infradead.org
[IPv6:2607:7c80:54:3::133])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384)
(No client certificate requested)
by legolas.ozlabs.org (Postfix) with ESMTPS id 4YSxbf3DQFz1yPH
for <incoming@patchwork.ozlabs.org>; Thu, 9 Jan 2025 05:42:06 +1100 (AEDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=lists.infradead.org; s=bombadil.20210309; h=Sender:
Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:Cc
:To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:
Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:
List-Owner; bh=VM5DOC8Ba0jpNhhnWpoAllPuMS+3BOVMusxOx4ru4Vk=; b=nPdCVKrY0F261m
oqX3YD8JAQqpUGYO/q69A5Fb21n2/bn2KBczgqa0+3AAezWAiOdFjBBKydWydriq11Z1/Tpmuj3Cb
AiThDWEd8cZ1Cs+3Nl4Tqf+oj0uAsUGU8HOfsy1K+Ny7goHNPjonfYlFM7tZfAq2VB8lXf8fQ537v
10ymD2swhAxdfqiQIF4x5Ee71N1fyzGc6KTBD5eV3pGskJet2IkL9WldzWBvcHn+iqJwz2qbwHfOV
vuVcJYd0gz+eUigNSGJi5cma11DEl9qC4RB7hClDdehAp7iZhbCaQMLJPSul5/Wqt0EuLppGJI6Xh
8q9Mwee7KGn+YT4CrcIg==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux))
id 1tVazo-00000009ZcS-06Hl;
Wed, 08 Jan 2025 18:41:36 +0000
Received: from mail-ej1-x635.google.com ([2a00:1450:4864:20::635])
by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux))
id 1tVazZ-00000009Zas-1DwZ
for hostap@lists.infradead.org;
Wed, 08 Jan 2025 18:41:22 +0000
Received: by mail-ej1-x635.google.com with SMTP id
a640c23a62f3a-aafc9d75f8bso28117766b.2
for <hostap@lists.infradead.org>;
Wed, 08 Jan 2025 10:41:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=wolfssl-com.20230601.gappssmtp.com; s=20230601; t=1736361679;
x=1736966479; darn=lists.infradead.org;
h=content-transfer-encoding:mime-version:message-id:date:subject:cc
:to:from:from:to:cc:subject:date:message-id:reply-to;
bh=QnbQg7F4EQ6PgBZMZ5sw8ljcLoUbrAhJFz7xVnwVW1s=;
b=cnkBdWp0SGCvPg6YJ7glCH+x3tPub2M7eQmmzazh5JoJTB1eqB9bSJOmKr2ONXkESo
lXWCXpDJ3D0sTqgx5O1rV0ChQx0JNo9tozBq+jz0Rxb1+GAFT93tzwqK7ycuUyZ9K1j+
B4RwL04VdZ3C61U2lBxO/pJRhUTsdHHqWMFkMjLws1C1GCahe0gjslVfiA/SCIEknw2u
Gt4uMwNRFE1oAXyfrFJR7L13CfGW0trgja8TVuaDD/iTyu6IiVY9WrmrGf95eYxZHueN
hNDhQACtUgkXW15w3yNKITbjFr5JevDrBYbEo0vogRt83O9JgZ+pOVWqef7Htr4cO7GS
dqkA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1736361679; x=1736966479;
h=content-transfer-encoding:mime-version:message-id:date:subject:cc
:to:from:x-gm-message-state:from:to:cc:subject:date:message-id
:reply-to;
bh=QnbQg7F4EQ6PgBZMZ5sw8ljcLoUbrAhJFz7xVnwVW1s=;
b=LEmODXmyS0eL8+brBCWSTWA+EmlmmMFc19xFqXcL3SmjgB3MGbj97vMU7noqe3p4El
hFJyS1y8beLMWpAFcdYDNZN0v+SUfFDQC/Axt4ZHis24eGE6FJQFU3fuDsaulYKBucRe
zCjqkCHXLER4VPuKAsnyIcojjPCeEnV9UnK7PSpnlwrZcRSLTaAMK1MDTIxfqigm61C3
vU0ucTOw3QxyBzmuP2QrnIbbX04E/RR6t/ehtJ9+W95Af7qUf3NyP6cEMRawHcUsvZaU
OPG+GL8MsjKVMrBJQaQmlg2Ev2Pufansmsic4e2yZUPnEX3s3gjNQPQrvvgIzKESgKBY
8UPg==
X-Gm-Message-State: AOJu0YxSMLu1v5thIbNbqrHJz61peOgRaKwqg3AZHbNx7Fg0VcAKSx4+
YpyIRCPxmPXGUyA2lGOAE40rrbkCDv6ceXYLhDX/djr8Mf9eEyuB9uHzvg9eAuKTW9jIuRUSPMX
EFiQ=
X-Gm-Gg: ASbGncsbVWjDBuBYtQsZReBOZZM4+RSXjeChuTmEdb1kpT/9b6gBdYLfUAIcwX+Wm/P
RzoSQqgzakKzVJCZzxDCoit5WNkBVCrzfZhkP2UpHvrLhTZmmwAp1s2hPqU73rsBYRlCm0f0uWh
hUdxwho/8pBKsJK60izUJecGx6Mzx0+IZpBw2GoqtEJMAUcPc+m7lBoZR228mLwjP++xaPm+Oa4
nmo1P/Mk97ujIw9MWhseT7++fZ16b1mlBy1LOua7fr8FOPefMKvcc87rWdLkalR2eo=
X-Google-Smtp-Source:
AGHT+IFV1QG5UKddARbxA1A5FyISG+rJGu56GpLCw9GJYac3hV3cwQ2E/iqoSafLlXBYN5VZbsdiEQ==
X-Received: by 2002:a17:906:6a18:b0:aa6:256a:40a7 with SMTP id
a640c23a62f3a-ab2ab70a168mr330736566b.22.1736361678655;
Wed, 08 Jan 2025 10:41:18 -0800 (PST)
Received: from localhost.localdomain ([82.118.30.79])
by smtp.gmail.com with ESMTPSA id
a640c23a62f3a-aaf5d43429bsm1182531966b.154.2025.01.08.10.41.17
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Wed, 08 Jan 2025 10:41:18 -0800 (PST)
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
To: hostap@lists.infradead.org
Cc: Juliusz Sosinowicz <juliusz@wolfssl.com>
Subject: [PATCH] crypto_wolfssl: wc_PBKDF2 in FIPS requires unlocking the
private key
Date: Wed, 8 Jan 2025 19:41:06 +0100
Message-Id: <20250108184106.85958-1-juliusz@wolfssl.com>
X-Mailer: git-send-email 2.34.1
MIME-Version: 1.0
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3
X-CRM114-CacheID: sfid-20250108_104121_486772_02DCC9C0
X-CRM114-Status: GOOD ( 10.08 )
X-Spam-Score: -1.9 (-)
X-Spam-Report: Spam detection software,
running on the system "bombadil.infradead.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com> ---
src/crypto/crypto_wolfssl.c | 2 ++ 1 file changed,
2 insertions(+) diff --git
a/src/crypto/crypto_wolfssl.c b/src/crypto/crypto_wolfssl.c index
269174321b..2e253e2a91
100644 --- a/src/crypto/crypto_wolfssl.c +++ b/src/crypto/crypto_wolfssl.c
@@ -514,8 +514,10 @@ int [...]
Content analysis details: (-1.9 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no
trust
[2a00:1450:4864:20:0:0:0:635 listed in]
[list.dnswl.org]
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
-0.0 SPF_PASS SPF: sender matches SPF record
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK
signature
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
X-BeenThere: hostap@lists.infradead.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: <hostap.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/hostap>,
<mailto:hostap-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/hostap/>
List-Post: <mailto:hostap@lists.infradead.org>
List-Help: <mailto:hostap-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/hostap>,
<mailto:hostap-request@lists.infradead.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "Hostap" <hostap-bounces@lists.infradead.org>
Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org
|
| Series |
crypto_wolfssl: wc_PBKDF2 in FIPS requires unlocking the private key
|
expand
|
Thanks, applied.
diff --git a/src/crypto/crypto_wolfssl.c b/src/crypto/crypto_wolfssl.c index 269174321b..2e253e2a91 100644 --- a/src/crypto/crypto_wolfssl.c +++ b/src/crypto/crypto_wolfssl.c @@ -514,8 +514,10 @@ int pbkdf2_sha1(const char *passphrase, const u8 *ssid, size_t ssid_len, { int ret; + PRIVATE_KEY_UNLOCK(); ret = wc_PBKDF2(buf, (const byte *) passphrase, os_strlen(passphrase), ssid, ssid_len, iterations, buflen, WC_SHA); + PRIVATE_KEY_LOCK(); if (ret != 0) { if (ret == HMAC_MIN_KEYLEN_E) { LOG_WOLF_ERROR_VA("wolfSSL: Password is too short. Make sure your password is at least %d characters long. This is a requirement for FIPS builds.",
Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com> --- src/crypto/crypto_wolfssl.c | 2 ++ 1 file changed, 2 insertions(+)