From e40c86ad27db8f9ea85814115841072c41453aea Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Thu, 16 Aug 2012 20:13:02 +0300 Subject: [PATCH] OpenSSL: Use library function for PBKDF2 passphrase-to-PSK Use the OpenSSL PKCS5_PBKDF2_HMAC_SHA1() function instead of the internal implementation in sha1-pbkdf2.c. Signed-hostap: Jouni Malinen --- hostapd/Android.mk | 2 ++ hostapd/Makefile | 2 ++ src/crypto/crypto_openssl.c | 10 ++++++++++ wpa_supplicant/Android.mk | 2 ++ wpa_supplicant/Makefile | 2 ++ 5 files changed, 18 insertions(+) diff --git a/hostapd/Android.mk b/hostapd/Android.mk index eee13e308..73caa88b6 100644 --- a/hostapd/Android.mk +++ b/hostapd/Android.mk @@ -676,7 +676,9 @@ ifdef NEED_FIPS186_2_PRF SHA1OBJS += src/crypto/fips_prf_internal.c endif endif +ifneq ($(CONFIG_TLS), openssl) SHA1OBJS += src/crypto/sha1-pbkdf2.c +endif ifdef NEED_T_PRF SHA1OBJS += src/crypto/sha1-tprf.c endif diff --git a/hostapd/Makefile b/hostapd/Makefile index f1154ab54..c58cc7935 100644 --- a/hostapd/Makefile +++ b/hostapd/Makefile @@ -667,7 +667,9 @@ ifdef NEED_FIPS186_2_PRF SHA1OBJS += ../src/crypto/fips_prf_internal.o endif endif +ifneq ($(CONFIG_TLS), openssl) SHA1OBJS += ../src/crypto/sha1-pbkdf2.o +endif ifdef NEED_T_PRF SHA1OBJS += ../src/crypto/sha1-tprf.o endif diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c index 77ea73586..66cf84084 100644 --- a/src/crypto/crypto_openssl.c +++ b/src/crypto/crypto_openssl.c @@ -688,3 +688,13 @@ int crypto_hash_finish(struct crypto_hash *ctx, u8 *mac, size_t *len) return -1; } + + +int pbkdf2_sha1(const char *passphrase, const u8 *ssid, size_t ssid_len, + int iterations, u8 *buf, size_t buflen) +{ + if (PKCS5_PBKDF2_HMAC_SHA1(passphrase, os_strlen(passphrase), ssid, + ssid_len, 4096, buflen, buf) != 1) + return -1; + return 0; +} diff --git a/wpa_supplicant/Android.mk b/wpa_supplicant/Android.mk index c45a51096..94a3d963d 100644 --- a/wpa_supplicant/Android.mk +++ b/wpa_supplicant/Android.mk @@ -1064,8 +1064,10 @@ endif ifdef CONFIG_NO_WPA_PASSPHRASE L_CFLAGS += -DCONFIG_NO_PBKDF2 else +ifneq ($(CONFIG_TLS), openssl) SHA1OBJS += src/crypto/sha1-pbkdf2.c endif +endif ifdef NEED_T_PRF SHA1OBJS += src/crypto/sha1-tprf.c endif diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile index cf525acf8..7a6d8a300 100644 --- a/wpa_supplicant/Makefile +++ b/wpa_supplicant/Makefile @@ -1091,8 +1091,10 @@ endif ifdef CONFIG_NO_WPA_PASSPHRASE CFLAGS += -DCONFIG_NO_PBKDF2 else +ifneq ($(CONFIG_TLS), openssl) SHA1OBJS += ../src/crypto/sha1-pbkdf2.o endif +endif ifdef NEED_T_PRF SHA1OBJS += ../src/crypto/sha1-tprf.o endif