wolfssl: wc_PBKDF2() in FIPS requires unlocking the private key

author Juliusz Sosinowicz <juliusz@wolfssl.com>

Wed, 8 Jan 2025 18:41:06 +0000 (19:41 +0100)

committer Jouni Malinen <j@w1.fi>

Sun, 2 Feb 2025 17:51:02 +0000 (19:51 +0200)
author Juliusz Sosinowicz <juliusz@wolfssl.com>
Wed, 8 Jan 2025 18:41:06 +0000 (19:41 +0100)
committer Jouni Malinen <j@w1.fi>
Sun, 2 Feb 2025 17:51:02 +0000 (19:51 +0200)
diff --git a/src/crypto/crypto_wolfssl.c b/src/crypto/crypto_wolfssl.c

index 3543100c3e416a135354bf3cc1ed42b2de6098eb..e1e9155480a23d9ebc7d4faa3aa407d674d7ebba 100644 (file)
--- a/src/crypto/crypto_wolfssl.c
+++ b/src/crypto/crypto_wolfssl.c
@@ -515,8 +515,10 @@ int pbkdf2_sha1(const char *passphrase, const u8 *ssid, size_t ssid_len,
  {
         int ret;
  
+       PRIVATE_KEY_UNLOCK();
         ret = wc_PBKDF2(buf, (const byte *) passphrase, os_strlen(passphrase),
                         ssid, ssid_len, iterations, buflen, WC_SHA);
+       PRIVATE_KEY_LOCK();
         if (ret != 0) {
                 if (ret == HMAC_MIN_KEYLEN_E) {
                         LOG_WOLF_ERROR_VA("wolfSSL: Password is too short. Make sure your password is at least %d characters long. This is a requirement for FIPS builds.",
author	Juliusz Sosinowicz <juliusz@wolfssl.com>
	Wed, 8 Jan 2025 18:41:06 +0000 (19:41 +0100)
committer	Jouni Malinen <j@w1.fi>
	Sun, 2 Feb 2025 17:51:02 +0000 (19:51 +0200)