OpenSSL: CMAC using the OpenSSL library for non-FIPS cases as well
Commit 0b5e98557e ("FIPS: Use OpenSSL CMAC implementation instead of
aes-omac1.c") added this implementation initially only for the FIPS
builds. However, there does not seem to be any remaining need to avoid
depending on the OpenSSL library implementation for builds, so move to
that implementation unconditionally to reduce the binary size a bit.
Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen
parent
0c61f6234f
commit
ae0f6ee97e
5 changed files with 8 additions and 13 deletions
|
|
@ -825,7 +825,9 @@ endif
|
|||
ifdef NEED_AES_ENCBLOCK
|
||||
AESOBJS += src/crypto/aes-encblock.c
|
||||
endif
|
||||
ifneq ($(CONFIG_TLS), openssl)
|
||||
AESOBJS += src/crypto/aes-omac1.c
|
||||
endif
|
||||
ifdef NEED_AES_UNWRAP
|
||||
ifneq ($(CONFIG_TLS), openssl)
|
||||
NEED_AES_DEC=y
|
||||
|
|
|
|||
|
|
@ -932,11 +932,13 @@ endif
|
|||
ifdef NEED_AES_ENCBLOCK
|
||||
AESOBJS += ../src/crypto/aes-encblock.o
|
||||
endif
|
||||
ifneq ($(CONFIG_TLS), openssl)
|
||||
ifneq ($(CONFIG_TLS), linux)
|
||||
ifneq ($(CONFIG_TLS), wolfssl)
|
||||
AESOBJS += ../src/crypto/aes-omac1.o
|
||||
endif
|
||||
endif
|
||||
endif
|
||||
ifdef NEED_AES_UNWRAP
|
||||
ifneq ($(CONFIG_TLS), openssl)
|
||||
ifneq ($(CONFIG_TLS), linux)
|
||||
|
|
|
|||
|
|
@ -16,9 +16,6 @@
|
|||
#include <openssl/dh.h>
|
||||
#include <openssl/hmac.h>
|
||||
#include <openssl/rand.h>
|
||||
#ifdef CONFIG_OPENSSL_CMAC
|
||||
#include <openssl/cmac.h>
|
||||
#endif /* CONFIG_OPENSSL_CMAC */
|
||||
#ifdef CONFIG_ECC
|
||||
#include <openssl/ec.h>
|
||||
#include <openssl/x509.h>
|
||||
|
|
@ -28,6 +25,8 @@
|
|||
#include <openssl/provider.h>
|
||||
#include <openssl/core_names.h>
|
||||
#include <openssl/param_build.h>
|
||||
#else /* OpenSSL version >= 3.0 */
|
||||
#include <openssl/cmac.h>
|
||||
#endif /* OpenSSL version >= 3.0 */
|
||||
|
||||
#include "common.h"
|
||||
|
|
@ -1739,7 +1738,6 @@ int crypto_get_random(void *buf, size_t len)
|
|||
}
|
||||
|
||||
|
||||
#ifdef CONFIG_OPENSSL_CMAC
|
||||
int omac1_aes_vector(const u8 *key, size_t key_len, size_t num_elem,
|
||||
const u8 *addr[], const size_t *len, u8 *mac)
|
||||
{
|
||||
|
|
@ -1838,7 +1836,6 @@ int omac1_aes_256(const u8 *key, const u8 *data, size_t data_len, u8 *mac)
|
|||
{
|
||||
return omac1_aes_vector(key, 32, 1, &data, &data_len, mac);
|
||||
}
|
||||
#endif /* CONFIG_OPENSSL_CMAC */
|
||||
|
||||
|
||||
struct crypto_bignum * crypto_bignum_init(void)
|
||||
|
|
|
|||
|
|
@ -86,7 +86,6 @@ endif
|
|||
|
||||
ifdef CONFIG_FIPS
|
||||
CONFIG_NO_RANDOM_POOL=
|
||||
CONFIG_OPENSSL_CMAC=y
|
||||
endif
|
||||
|
||||
OBJS = config.c
|
||||
|
|
@ -1268,9 +1267,7 @@ ifdef NEED_AES_ENCBLOCK
|
|||
AESOBJS += src/crypto/aes-encblock.c
|
||||
endif
|
||||
NEED_AES_ENC=y
|
||||
ifdef CONFIG_OPENSSL_CMAC
|
||||
L_CFLAGS += -DCONFIG_OPENSSL_CMAC
|
||||
else
|
||||
ifneq ($(CONFIG_TLS), openssl)
|
||||
AESOBJS += src/crypto/aes-omac1.c
|
||||
endif
|
||||
ifdef NEED_AES_WRAP
|
||||
|
|
|
|||
|
|
@ -84,7 +84,6 @@ endif
|
|||
|
||||
ifdef CONFIG_FIPS
|
||||
CONFIG_NO_RANDOM_POOL=
|
||||
CONFIG_OPENSSL_CMAC=y
|
||||
endif
|
||||
|
||||
OBJS = config.o
|
||||
|
|
@ -1362,9 +1361,7 @@ ifdef NEED_AES_ENCBLOCK
|
|||
AESOBJS += ../src/crypto/aes-encblock.o
|
||||
endif
|
||||
NEED_AES_ENC=y
|
||||
ifdef CONFIG_OPENSSL_CMAC
|
||||
CFLAGS += -DCONFIG_OPENSSL_CMAC
|
||||
else
|
||||
ifneq ($(CONFIG_TLS), openssl)
|
||||
ifneq ($(CONFIG_TLS), linux)
|
||||
ifneq ($(CONFIG_TLS), wolfssl)
|
||||
AESOBJS += ../src/crypto/aes-omac1.o
|
||||
|
|
|
|||
Loading…
Reference in a new issue