diff --git a/hostapd/Android.mk b/hostapd/Android.mk index 17674f72f..6fcefdd14 100644 --- a/hostapd/Android.mk +++ b/hostapd/Android.mk @@ -675,7 +675,9 @@ ifdef CONFIG_INTERNAL_AES AESOBJS += src/crypto/aes-internal.c src/crypto/aes-internal-enc.c endif +ifneq ($(CONFIG_TLS), openssl) AESOBJS += src/crypto/aes-wrap.c +endif ifdef NEED_AES_EAX AESOBJS += src/crypto/aes-eax.c NEED_AES_CTR=y @@ -690,9 +692,11 @@ ifdef NEED_AES_OMAC1 AESOBJS += src/crypto/aes-omac1.c endif ifdef NEED_AES_UNWRAP +ifneq ($(CONFIG_TLS), openssl) NEED_AES_DEC=y AESOBJS += src/crypto/aes-unwrap.c endif +endif ifdef NEED_AES_CBC NEED_AES_DEC=y AESOBJS += src/crypto/aes-cbc.c diff --git a/hostapd/Makefile b/hostapd/Makefile index 513eb95a5..f30a35d54 100644 --- a/hostapd/Makefile +++ b/hostapd/Makefile @@ -669,7 +669,9 @@ ifdef CONFIG_INTERNAL_AES AESOBJS += ../src/crypto/aes-internal.o ../src/crypto/aes-internal-enc.o endif +ifneq ($(CONFIG_TLS), openssl) AESOBJS += ../src/crypto/aes-wrap.o +endif ifdef NEED_AES_EAX AESOBJS += ../src/crypto/aes-eax.o NEED_AES_CTR=y @@ -684,9 +686,11 @@ ifdef NEED_AES_OMAC1 AESOBJS += ../src/crypto/aes-omac1.o endif ifdef NEED_AES_UNWRAP +ifneq ($(CONFIG_TLS), openssl) NEED_AES_DEC=y AESOBJS += ../src/crypto/aes-unwrap.o endif +endif ifdef NEED_AES_CBC NEED_AES_DEC=y AESOBJS += ../src/crypto/aes-cbc.o diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c index ca4438615..f158ef43a 100644 --- a/src/crypto/crypto_openssl.c +++ b/src/crypto/crypto_openssl.c @@ -297,6 +297,33 @@ void aes_decrypt_deinit(void *ctx) } +int aes_wrap(const u8 *kek, size_t kek_len, int n, const u8 *plain, u8 *cipher) +{ + AES_KEY actx; + int res; + + if (AES_set_encrypt_key(kek, kek_len << 3, &actx)) + return -1; + res = AES_wrap_key(&actx, NULL, cipher, plain, n * 8); + OPENSSL_cleanse(&actx, sizeof(actx)); + return res <= 0 ? -1 : 0; +} + + +int aes_unwrap(const u8 *kek, size_t kek_len, int n, const u8 *cipher, + u8 *plain) +{ + AES_KEY actx; + int res; + + if (AES_set_decrypt_key(kek, kek_len << 3, &actx)) + return -1; + res = AES_unwrap_key(&actx, NULL, plain, cipher, (n + 1) * 8); + OPENSSL_cleanse(&actx, sizeof(actx)); + return res <= 0 ? -1 : 0; +} + + int crypto_mod_exp(const u8 *base, size_t base_len, const u8 *power, size_t power_len, const u8 *modulus, size_t modulus_len, diff --git a/wpa_supplicant/Android.mk b/wpa_supplicant/Android.mk index 38041b6ec..579582b63 100644 --- a/wpa_supplicant/Android.mk +++ b/wpa_supplicant/Android.mk @@ -1127,7 +1127,9 @@ ifdef CONFIG_INTERNAL_AES AESOBJS += src/crypto/aes-internal.c src/crypto/aes-internal-dec.c endif +ifneq ($(CONFIG_TLS), openssl) AESOBJS += src/crypto/aes-unwrap.c +endif ifdef NEED_AES_EAX AESOBJS += src/crypto/aes-eax.c NEED_AES_CTR=y @@ -1148,8 +1150,10 @@ endif endif ifdef NEED_AES_WRAP NEED_AES_ENC=y +ifneq ($(CONFIG_TLS), openssl) AESOBJS += src/crypto/aes-wrap.c endif +endif ifdef NEED_AES_CBC NEED_AES_ENC=y AESOBJS += src/crypto/aes-cbc.c diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile index 2ffb00d44..35e5d7345 100644 --- a/wpa_supplicant/Makefile +++ b/wpa_supplicant/Makefile @@ -1142,7 +1142,9 @@ ifdef CONFIG_INTERNAL_AES AESOBJS += ../src/crypto/aes-internal.o ../src/crypto/aes-internal-dec.o endif +ifneq ($(CONFIG_TLS), openssl) AESOBJS += ../src/crypto/aes-unwrap.o +endif ifdef NEED_AES_EAX AESOBJS += ../src/crypto/aes-eax.o NEED_AES_CTR=y @@ -1166,8 +1168,10 @@ AESOBJS += ../src/crypto/aes-siv.o endif ifdef NEED_AES_WRAP NEED_AES_ENC=y +ifneq ($(CONFIG_TLS), openssl) AESOBJS += ../src/crypto/aes-wrap.o endif +endif ifdef NEED_AES_CBC NEED_AES_ENC=y AESOBJS += ../src/crypto/aes-cbc.o