DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

wolfSSL: Fixes for FIPS builds

Browse source 
Some API is not available when using FIPS. We need to allocate memory
and initialize the structs directly.

Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
This commit is contained in:
Juliusz Sosinowicz 2022-04-29 16:18:00 +02:00 committed by Jouni Malinen
parent 9d5f8168fc
commit 013cd694d9
2 changed files with 8 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/crypto/crypto_wolfssl.c
View file

@ -1727,11 +1727,11 @@ struct crypto_ecdh * crypto_ecdh_init(int group)
if (ret < 0) if (ret < 0)
goto fail; goto fail;
#ifdef ECC_TIMING_RESISTANT #if defined(ECC_TIMING_RESISTANT) && !defined(CONFIG_FIPS)
ret = wc_ecc_set_rng(&ecdh->ec->key, &ecdh->rng); ret = wc_ecc_set_rng(&ecdh->ec->key, &ecdh->rng);
if (ret < 0) if (ret < 0)
goto fail; goto fail;
#endif /* ECC_TIMING_RESISTANT */ #endif /* ECC_TIMING_RESISTANT && !CONFIG_FIPS */
done: done:
return ecdh; return ecdh;

6
src/crypto/tls_wolfssl.c
View file

@ -2082,9 +2082,15 @@ int tls_connection_get_eap_fast_key(void *tls_ctx, struct tls_connection *conn,
_out, skip + out_len); _out, skip + out_len);
ret = 0; ret = 0;
} else { } else {
#ifdef CONFIG_FIPS
wpa_printf(MSG_ERROR,
"wolfSSL: Can't use sha1_md5 in FIPS build");
ret = -1;
#else /* CONFIG_FIPS */
ret = tls_prf_sha1_md5(master_key, master_key_len, ret = tls_prf_sha1_md5(master_key, master_key_len,
"key expansion", seed, sizeof(seed), "key expansion", seed, sizeof(seed),
_out, skip + out_len); _out, skip + out_len);
#endif /* CONFIG_FIPS */
} }
forced_memzero(master_key, master_key_len); forced_memzero(master_key, master_key_len);