wolfSSL: Check for the too-short-password error in pbkdf2_sha1()

This may fail with FIPS builds because the FIPS requirement is that the
password must be at least 14 characters.

Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>

diff --git a/src/crypto/crypto_wolfssl.c b/src/crypto/crypto_wolfssl.c
index 15c368e42677e1bfeb742ef94d866516887372af..f47beebebf3157f1159f63bdb787bdf0399da5ad 100644 (file)
--- a/src/crypto/crypto_wolfssl.c
+++ b/src/crypto/crypto_wolfssl.c
@@ -27,6 +27,7 @@
 #include <wolfssl/wolfcrypt/cmac.h>
 #include <wolfssl/wolfcrypt/ecc.h>
 #include <wolfssl/wolfcrypt/asn_public.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/openssl/bn.h>
 
 
@@ -282,9 +283,18 @@ int hmac_sha512(const u8 *key, size_t key_len, const u8 *data,
 int pbkdf2_sha1(const char *passphrase, const u8 *ssid, size_t ssid_len,
                int iterations, u8 *buf, size_t buflen)
 {
-       if (wc_PBKDF2(buf, (const byte*)passphrase, os_strlen(passphrase), ssid,
-                     ssid_len, iterations, buflen, WC_SHA) != 0)
+       int ret;
+
+       ret = wc_PBKDF2(buf, (const byte *) passphrase, os_strlen(passphrase),
+                       ssid, ssid_len, iterations, buflen, WC_SHA);
+       if (ret != 0) {
+               if (ret == HMAC_MIN_KEYLEN_E) {
+                       wpa_printf(MSG_ERROR,
+                                  "wolfSSL: Password is too short. Make sure your password is at least %d characters long. This is a requirement for FIPS builds.",
+                                  HMAC_FIPS_MIN_KEY);
+               }
                return -1;
+       }
        return 0;
 }