add test-crypto_module.c to run crypto_module_tests()
adjust some tests/hwsim/*.py for mbed TLS (work in progress)
option to build and run-tests with CONFIG_TLS=internal # (default)
$ cd tests; make clean
$ make run-tests
option to build and run-tests with CONFIG_TLS=gnutls
$ cd tests; make clean CONFIG_TLS=gnutls
$ make run-tests CONFIG_TLS=gnutls
option to build and run-tests with CONFIG_TLS=mbedtls
$ cd tests; make clean CONFIG_TLS=mbedtls
$ make run-tests CONFIG_TLS=mbedtls
option to build and run-tests with CONFIG_TLS=openssl
$ cd tests; make clean CONFIG_TLS=openssl
$ make run-tests CONFIG_TLS=openssl
option to build and run-tests with CONFIG_TLS=wolfssl
$ cd tests; make clean CONFIG_TLS=wolfssl
$ make run-tests CONFIG_TLS=wolfssl
RFE: Makefile logic for crypto objects should be centralized
instead of being duplicated in hostapd/Makefile,
wpa_supplicant/Makefile, src/crypto/Makefile,
tests/Makefile, ...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
The code for hostapd-mbedtls did not work when used for OWE association.
When handling association requests, the buffer offsets and length
assumptions were incorrect, leading to never calculating the y point,
thus denying association.
Also when crafting the association response, the buffer contained the
trailing key-type.
Fix up both issues to adhere to the specification and make
hostapd-mbedtls work with the OWE security type.
The OpenSSL 3.0 (or newer) version of omac1_aes_vector() did not free
the EVP_MAC. This resulted in a memory leak that shows up in a bit
strange way in valgrind reports and because of that, was not caught
during automated testing.
Fixes: 0c61f6234f ("OpenSSL: Implement CMAC using the EVP_MAC API")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
OpenSSL 3.2 added support for HPKE. Use that implementation when
possible. At least for now, the internal version needs to be included as
well to be able to cover the special DPP use case with brainpool curves.
Signed-off-by: Jouni Malinen <j@w1.fi>
peerkey from EVP_PKEY_new() needs to be freed on all error paths.
Fixes: b062507670 ("OpenSSL: Implement crypto_ecdh routines without EC_KEY for OpenSSL 3.0")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The OpenSSL 3.x version of crypto_ec_key_parse_priv using
OSSL_DECODER_CTX missed the call to free the context. Fix it to avoid a
memory leak.
Fixes: 4f4479ef9e ("OpenSSL: crypto_ec_key_parse_{priv,pub}() without EC_KEY API")
Signed-off-by: Jouni Malinen <j@w1.fi>
Smartcard support uses the ENGINE API of OpenSSL, which has been
deprecated as of OpenSSL 3. Rather than migrating the code to the new API
or pretending that we do not support OpenSSL 3, accept that we use
deprecated functionality.
Signed-off-by: Jouke Witteveen <j.witteveen@gmail.com>
There are multiple redundant MIN macro declarations, some of which are
not protecting against side effects. Move it to common.h instead.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Even though this function is documented to always return 1, be more
consistent in checking that to avoid warnings from static analyzers.
Signed-off-by: Jouni Malinen <j@w1.fi>
The openssl_ciphers parameter is a global data entry on the server
instead of the per-connection design on client. As such, hostapd needs
to make a local copy of the global value and use that whenever setting
per-connection parameters. This is needed particularly when testing
Suite B functionality where the Suite B specific parameters might end up
overriding the cipher list.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Prevent loading arbitrary executable code based on config at runtime,
while allowing libraries to be specified at compile time when they are
known in advance.
Add the ability to configure libraries to load at compile time.
* CONFIG_PKCS11_ENGINE_PATH - pkcs11_engine library location.
* CONFIG_PKCS11_MODULE_PATH - pkcs11_module library location.
* CONFIG_OPENSC_ENGINE_PATH - opensc_engine library location.
Add flags with the ability to set each of the libraries to NULL and
prevent loading them at runtime.
* CONFIG_NO_PKCS11_ENGINE_PATH - prevents loading pkcs11_engine
library.
* CONFIG_NO_PKCS11_MODULE_PATH - prevents loading pkcs11_module
library.
* CONFIG_NO_OPENSC_ENGINE_PATH - prevents loading opensc_engine
library.
* CONFIG_NO_LOAD_DYNAMIC_EAP - prevents loading EAP libraries at
runtime.
Signed-off-by: David Ruth <druth@chromium.org>
Fix the calls to wc_AesEncryptDirect(). Old versions of wolfCrypt FIPS
had wc_AesEncryptDirect() return void instead of int. Fix this build
issue.
Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
This replaces the earlier commit 4c079dcc64 ("Increment
hmac_sha*_vector() maximum num_elem value to 25") with a smaller
increment of just one extra element since the updated FTE MIC
calculation design does not use separate elements. This reduces stack
memory need. In addition, this starts using a define value for the
maximum number of vector elements to make this easier to change and to
make the code more readable.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This is needed for FTE MIC calculation for Reassociation Request frmae
when using MLO which could add 15 link addresses into the input data.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
These are needed to allow the Suite B 192-bit negotiation to succeed
when using TLS 1.3 (which is still disabled by default).
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Return value of crypto_bignum_to_bin() wasn't always checked, resulting
in potential access to uninitialized values. Fix it, as some analyzers
complain about it.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Signed-off-by: Micha Hashkes <micha.hashkes@intel.com>
k_pad and tk were not cleared in internal HMAC-SHA256 implementation.
Clear them to avoid leaving secret material in temporary stack
variables.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
The arguments were swapped. Apparently all the calls to this function
use the same value for both input and output parameters, so it went
unnoticed. Fix it.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
This is needed to be able to drop the OpenSSL security level, if
necessary, for cases where old certificates (e.g., something using SHA-1
signatures) are still needed. openssl_ciphers="DEFAULT@SECLEVEL=0" can
achieve this, but only if applied before attempting to load the
certificates.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The default provider is being loaded here explicitly only because
OSSL_PROVIDER_load() disables the fallback provider loading (on either
success or failure). If the legacy provider fails to load, which it may
in some configurations, it will never load the default provider.
Just use the formulation which attempts to load without changing the
fallback behavior.
"default" will still be/only be loaded if no other provider (notably
FIPS) is loaded to provide algorithms.
Signed-off-by: Norman Hamer <nhamer@absolute.com>
DES and RC4 are not allowed in such builds, so comment out des_encrypt()
and rc4_skip() from the build to force compile time failures for cases
that cannot be supported instead of failing the operations at runtime.
This makes it easier to detect and fix accidental cases where DES/RC4
could still be used in some older protocols.
Signed-off-by: Norman Hamer <nhamer@absolute.com>
This new value was added to verify peer certificate if it is provided,
but not reject the TLS handshake if no peer certificate is provided.
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
Commit 820211245b ("OpenSSL: Fix HPKE in some corner cases") increased
the buffer size for EVP_PKEY_derive() by 16 octets, but it turns out
that OpenSSL might need significantly more room in some cases. Replace a
fixed length buffer with dynamic query for the maximum size and
allocated buffer to cover that need.
This showed up using the following test case sequence:
dbus_pkcs11 module_wpa_supplicant
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The length of labeled_info is determined separately, so there is no need
to increment the pos pointer after the final entry has been added.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
