From 276a3c44dd5ecf41ce586da2d9024d7f3e9665f9 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sat, 1 Aug 2015 16:31:45 +0300 Subject: [PATCH] OpenSSL: Implement aes_wrap/aes_unwrap through EVP for CONFIG_FIPS=y The OpenSSL internal AES_wrap_key() and AES_unwrap_key() functions are unfortunately not available in FIPS mode. Trying to use them results in "aes_misc.c(83): OpenSSL internal error, assertion failed: Low level API call to cipher AES forbidden in FIPS mode!" and process termination. Work around this by reverting commit f19c907822ad0dec3480b1435b615ae22c5533a1 ('OpenSSL: Implement aes_wrap() and aes_unwrap()') changes for CONFIG_FIPS=y case. In practice, this ends up using the internal AES key wrap/unwrap implementation through the OpenSSL EVP API which is available in FIPS mode. When CONFIG_FIPS=y is not used, the OpenSSL AES_wrap_key()/AES_unwrap_key() API continues to be used to minimize code size. Signed-off-by: Jouni Malinen --- src/crypto/crypto_openssl.c | 4 ++++ wpa_supplicant/Android.mk | 11 ++++++++++- wpa_supplicant/Makefile | 11 ++++++++++- 3 files changed, 24 insertions(+), 2 deletions(-) diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c index 3703b9360..bf38e11c1 100644 --- a/src/crypto/crypto_openssl.c +++ b/src/crypto/crypto_openssl.c @@ -297,6 +297,8 @@ void aes_decrypt_deinit(void *ctx) } +#ifndef CONFIG_FIPS + int aes_wrap(const u8 *kek, size_t kek_len, int n, const u8 *plain, u8 *cipher) { AES_KEY actx; @@ -323,6 +325,8 @@ int aes_unwrap(const u8 *kek, size_t kek_len, int n, const u8 *cipher, return res <= 0 ? -1 : 0; } +#endif /* CONFIG_FIPS */ + int aes_128_cbc_encrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len) { diff --git a/wpa_supplicant/Android.mk b/wpa_supplicant/Android.mk index 92b175f6e..5070d1469 100644 --- a/wpa_supplicant/Android.mk +++ b/wpa_supplicant/Android.mk @@ -1136,6 +1136,15 @@ AESOBJS += src/crypto/aes-internal.c src/crypto/aes-internal-dec.c endif ifneq ($(CONFIG_TLS), openssl) +NEED_INTERNAL_AES_WRAP=y +endif +ifdef CONFIG_FIPS +# Have to use internal AES key wrap routines to use OpenSSL EVP since the +# OpenSSL AES_wrap_key()/AES_unwrap_key() API is not available in FIPS mode. +NEED_INTERNAL_AES_WRAP=y +endif + +ifdef NEED_INTERNAL_AES_WRAP AESOBJS += src/crypto/aes-unwrap.c endif ifdef NEED_AES_EAX @@ -1158,7 +1167,7 @@ endif endif ifdef NEED_AES_WRAP NEED_AES_ENC=y -ifneq ($(CONFIG_TLS), openssl) +ifdef NEED_INTERNAL_AES_WRAP AESOBJS += src/crypto/aes-wrap.c endif endif diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile index a006256f3..8b2d6799f 100644 --- a/wpa_supplicant/Makefile +++ b/wpa_supplicant/Makefile @@ -1148,6 +1148,15 @@ AESOBJS += ../src/crypto/aes-internal.o ../src/crypto/aes-internal-dec.o endif ifneq ($(CONFIG_TLS), openssl) +NEED_INTERNAL_AES_WRAP=y +endif +ifdef CONFIG_FIPS +# Have to use internal AES key wrap routines to use OpenSSL EVP since the +# OpenSSL AES_wrap_key()/AES_unwrap_key() API is not available in FIPS mode. +NEED_INTERNAL_AES_WRAP=y +endif + +ifdef NEED_INTERNAL_AES_WRAP AESOBJS += ../src/crypto/aes-unwrap.o endif ifdef NEED_AES_EAX @@ -1173,7 +1182,7 @@ AESOBJS += ../src/crypto/aes-siv.o endif ifdef NEED_AES_WRAP NEED_AES_ENC=y -ifneq ($(CONFIG_TLS), openssl) +ifdef NEED_INTERNAL_AES_WRAP AESOBJS += ../src/crypto/aes-wrap.o endif endif