From: Juliusz Sosinowicz <juliusz@wolfssl.com>
Date: Wed, 8 Jan 2025 18:41:06 +0000 (+0100)
Subject: wolfssl: wc_PBKDF2() in FIPS requires unlocking the private key
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c12fc97e3b59742e0c5743fceae6a87a8b13a576;p=thirdparty%2Fhostap.git

wolfssl: wc_PBKDF2() in FIPS requires unlocking the private key

Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
---

diff --git a/src/crypto/crypto_wolfssl.c b/src/crypto/crypto_wolfssl.c
index 3543100c3..e1e915548 100644
--- a/src/crypto/crypto_wolfssl.c
+++ b/src/crypto/crypto_wolfssl.c
@@ -515,8 +515,10 @@ int pbkdf2_sha1(const char *passphrase, const u8 *ssid, size_t ssid_len,
 {
 	int ret;
 
+	PRIVATE_KEY_UNLOCK();
 	ret = wc_PBKDF2(buf, (const byte *) passphrase, os_strlen(passphrase),
 			ssid, ssid_len, iterations, buflen, WC_SHA);
+	PRIVATE_KEY_LOCK();
 	if (ret != 0) {
 		if (ret == HMAC_MIN_KEYLEN_E) {
 			LOG_WOLF_ERROR_VA("wolfSSL: Password is too short. Make sure your password is at least %d characters long. This is a requirement for FIPS builds.",