pbkdf2_sha1() may return errors and this should be checked in calls.
This is especially an issue with FIPS builds because the FIPS
requirement is that the password must be at least 14 characters.
Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
wpa_hexdump_ascii_key(MSG_DEBUG, "PSK (ASCII passphrase)",
(u8 *) ssid->wpa_passphrase,
os_strlen(ssid->wpa_passphrase));
- pbkdf2_sha1(ssid->wpa_passphrase,
- ssid->ssid, ssid->ssid_len,
- 4096, ssid->wpa_psk->psk, PMK_LEN);
+ if (pbkdf2_sha1(ssid->wpa_passphrase,
+ ssid->ssid, ssid->ssid_len,
+ 4096, ssid->wpa_psk->psk, PMK_LEN) != 0) {
+ wpa_printf(MSG_ERROR, "Error in pbkdf2_sha1()");
+ return -1;
+ }
wpa_hexdump_key(MSG_DEBUG, "PSK (from passphrase)",
ssid->wpa_psk->psk, PMK_LEN);
return 0;
psk = sta->psk->psk;
for (pos = sta->psk; pos; pos = pos->next) {
if (pos->is_passphrase) {
- pbkdf2_sha1(pos->passphrase,
- hapd->conf->ssid.ssid,
- hapd->conf->ssid.ssid_len, 4096,
- pos->psk, PMK_LEN);
+ if (pbkdf2_sha1(pos->passphrase,
+ hapd->conf->ssid.ssid,
+ hapd->conf->ssid.ssid_len, 4096,
+ pos->psk, PMK_LEN) != 0) {
+ wpa_printf(MSG_WARNING,
+ "Error in pbkdf2_sha1()");
+ continue;
+ }
pos->is_passphrase = 0;
}
if (pos->psk == prev_psk) {
void wpa_config_update_psk(struct wpa_ssid *ssid)
{
#ifndef CONFIG_NO_PBKDF2
- pbkdf2_sha1(ssid->passphrase, ssid->ssid, ssid->ssid_len, 4096,
- ssid->psk, PMK_LEN);
+ if (pbkdf2_sha1(ssid->passphrase, ssid->ssid, ssid->ssid_len, 4096,
+ ssid->psk, PMK_LEN) != 0) {
+ wpa_printf(MSG_ERROR, "Error in pbkdf2_sha1()");
+ return;
+ }
wpa_hexdump_key(MSG_MSGDUMP, "PSK (from passphrase)",
ssid->psk, PMK_LEN);
ssid->psk_set = 1;
return 1;
}
- pbkdf2_sha1(passphrase, (u8 *) ssid, os_strlen(ssid), 4096, psk, 32);
+ if (pbkdf2_sha1(passphrase, (u8 *) ssid, os_strlen(ssid), 4096, psk, 32)
+ != 0) {
+ fprintf(stderr, "Error in pbkdf2_sha1()\n");
+ return 1;
+ }
printf("network={\n");
printf("\tssid=\"%s\"\n", ssid);
if (bss && ssid->bssid_set && ssid->ssid_len == 0 &&
ssid->passphrase && !sae_only) {
u8 psk[PMK_LEN];
- pbkdf2_sha1(ssid->passphrase, bss->ssid, bss->ssid_len,
- 4096, psk, PMK_LEN);
- wpa_hexdump_key(MSG_MSGDUMP, "PSK (from passphrase)",
+
+ if (pbkdf2_sha1(ssid->passphrase, bss->ssid,
+ bss->ssid_len,
+ 4096, psk, PMK_LEN) != 0) {
+ wpa_msg(wpa_s, MSG_WARNING,
+ "Error in pbkdf2_sha1()");
+ return -1;
+ }
+ wpa_hexdump_key(MSG_MSGDUMP, "PSK (from passphrase)",
psk, PMK_LEN);
wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL, NULL);
psk_set = 1;
#ifndef CONFIG_NO_PBKDF2
if (wpabuf_len(pw) >= 8 && wpabuf_len(pw) < 64 && bss)
{
- pbkdf2_sha1(pw_str, bss->ssid, bss->ssid_len,
- 4096, psk, PMK_LEN);
+ if (pbkdf2_sha1(pw_str, bss->ssid,
+ bss->ssid_len,
+ 4096, psk, PMK_LEN) != 0) {
+ wpa_msg(wpa_s, MSG_WARNING,
+ "Error in pbkdf2_sha1()");
+ ext_password_free(pw);
+ return -1;
+ }
os_memset(pw_str, 0, sizeof(pw_str));
wpa_hexdump_key(MSG_MSGDUMP, "PSK (from "
"external passphrase)",
projects / thirdparty / hostap.git / commitdiff
