Commit graph

178 commits

Author SHA1 Message Date
Jouni Malinen
e6804fef93 OpenSSL: Update to match the modified DH_get0_key() API
OpenSSL 1.1.0 (master branch) apparently ended up modifying the API
after the beta 2 release that was supposed to complete the work. Mark
the variables const to fix the compilation with the modified OpenSSL
API.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-25 00:35:17 +03:00
Jouni Malinen
3787c91da0 OpenSSL: Pull in header files to check function prototypes
Since crypto_openssl.c is now implementing couple of functions
internally, pull in the relevant header files md5.h and aes_wrap.h to
make sure the function declaration are consistent.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-06-23 13:35:26 +03:00
Jouni Malinen
6a9681e90c OpenSSL: Make dh5_init() match the generic implementation
Commit 4104267e81 ('Fix memory leak on NFC
DH generation error path') modified the generic (non-OpenSSL)
implementation of dh5_init() to free the previously assigned public key,
if any. However, that commit did not modify the OpenSSL specific version
of this function. Add the same change there to maintain consistent
behavior between these two implementations of the same function.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-05-13 18:25:57 +03:00
Jouni Malinen
49fe2ada20 OpenSSL: Support OpenSSL 1.1.0 DH opacity
The OpenSSL 1.1.0 Beta 2 release made DH opaque and that broke
compilation of crypto_openssl.c. Fix this by using the new accessor
functions when building against OpenSSL 1.1.0 or newer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-04-20 01:20:00 +03:00
Jouni Malinen
f73b167c69 tests: Add TEST_FAIL() calls into OpenSSL bignum operations
This makes it easier to test error paths in bignum operations in SAE.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-28 01:10:31 +03:00
Jouni Malinen
03e3ddf84e OpenSSL: Fix memory leak in HMAC_CTX compatibility wrapper function
Commit 5c9a33702f ('OpenSSL: Clean up
crypto_hash_*() to use a single implementation') added a wrapper
function to allow the new OpenSSL API to be used with older OpenSSL
versions. However, the HMAC_CTX_free() wrapper was incorrectly skipping
the call to HMAC_CTX_cleanup() which is still needed to free the
resources OpenSSL allocated internally.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-02-16 13:13:36 +02:00
Jouni Malinen
6014890bfb OpenSSL: Fix memory leak with EVP_CIPHER_CTX_new()
Commit 1eb87ae48d ('OpenSSL: Use
EVP_CIPHER_CTX_new() to work with OpenSSL 1.1.0') started using
EVP_CIPHER_CTX_new() to allocate EVP_CIPHER_CTX from heap instead of
using stack memory. This commit used incorrect EVP_CIPHER_CTX_reset()
function in number of cases when the allocated memory was supposed to be
freed instead of just reset for reuse. Fix this by using
EVP_CIPHER_CTX_free() properly.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-02-16 00:30:43 +02:00
Jouni Malinen
ac2053b103 OpenSSL: Clean up openssl_digest_vector() to use a single implementation
Use compatibility wrapper functions to allow a single implementation
based on the latest OpenSSL API to be used to implement these functions
instead of having to maintain two conditional implementation based on
the library version.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-15 14:17:16 +02:00
Jouni Malinen
5c9a33702f OpenSSL: Clean up crypto_hash_*() to use a single implementation
Use compatibility wrapper functions to allow a single implementation
based on the latest OpenSSL API to be used to implement these functions
instead of having to maintain two conditional implementation based on
the library version.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-15 14:14:07 +02:00
Jouni Malinen
587b0457e0 LibreSSL: Fix build with LibreSSL
The changes needed for OpenSSL 1.1.0 had broken this since LibreSSL is
defining OPENSSL_VERSION_NUMBER in a manner that claims it to be newer
than the current OpenSSL version even though it does not support the
current OpenSSL API.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-15 14:06:46 +02:00
Jouni Malinen
465196ebd2 tests: aes_encrypt_init() and aes_decrypt_init() to use TEST_FAIL
Now the these functions cannot be made to fail by forcing the memory
allocation fail since the OpenSSL-internal version is used, add
TEST_FAIL check to allow OOM test cases to be converted to use the
TEST_FAIL mechanism without reducing coverage.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-14 19:44:47 +02:00
Jouni Malinen
1eb87ae48d OpenSSL: Use EVP_CIPHER_CTX_new() to work with OpenSSL 1.1.0
The EVP_CIPHER_CTX structure will be made opaque in OpenSSL 1.1.0, so
need to use EVP_CIPHER_CTX_new() with it instead of stack memory. The
design here moves the older OpenSSL versions to use that dynamic
allocation design as well to minimize maintenance effort.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-14 19:30:24 +02:00
Jouni Malinen
de213e84e0 OpenSSL: Drop support for OpenSSL 0.9.8
The OpenSSL project will not support version 0.9.8 anymore. As there
won't be even security fixes for this branch, it is not really safe to
continue using 0.9.8 and we might as well drop support for it to allow
cleaning up the conditional source code blocks.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-31 18:01:59 +02:00
Jouni Malinen
36478a16e6 OpenSSL: Support new API for HMAC/EVP_MD_CTX in OpenSSL 1.1.x-pre1
The EVP_MD_CTX and HMAC_CTX definitions are now hidden from applications
using OpenSSL. Fix compilation issues with OpenSSL 1.1.x-pre1 by using
the new API for allocating these structures.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-10 18:11:39 +02:00
Jouni Malinen
11c9ddb766 Add TEST_FAIL() condition to aes_128_cbc_encrypt/decrypt()
This enables more error path testing.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-28 20:46:36 +02:00
Jouni Malinen
cc4f3d6ea7 tests: Add TEST_FAIL() condition to omac1_aes_vector()
This enables more error path testing.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-17 20:40:36 +03:00
Jouni Malinen
8fd1d6236d OpenSSL: Add TEST_FAIL() checks to allow error path testing
This makes it easier to test various error paths related to key
derivation and authentication steps.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-12 01:04:22 +03:00
Jouni Malinen
812f28b79c BoringSSL: Allow internal AES key wrap to be used with "OpenSSL" build
It looks like BoringSSL has removed the AES_wrap_key(), AES_unwrap_key()
API. This broke wpa_supplicant/hostapd build since those functions from
OpenSSL were used to replace the internal AES key wrap implementation.
Add a new build configuration option
(CONFIG_OPENSSL_INTERNAL_AES_WRAP=y) to allow the internal
implementation to be used with CONFIG_OPENSSL=y build to allow build
against the latest BoringSSL version.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-18 01:56:02 +03:00
Jouni Malinen
7cb53ded11 Add build option to remove all internal RC4 uses
The new CONFIG_NO_RC4=y build option can be used to remove all internal
hostapd and wpa_supplicant uses of RC4. It should be noted that external
uses (e.g., within a TLS library) do not get disabled when doing this.

This removes capability of supporting WPA/TKIP, dynamic WEP keys with
IEEE 802.1X, WEP shared key authentication, and MSCHAPv2 password
changes.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-02 16:52:56 +03:00
Jouni Malinen
e234c7c010 OpenSSL: Remove md4_vector() from CONFIG_FIPS=y builds
MD4 is not allowed in such builds, so comment out md4_vector() from the
build to force compile time failures for cases that cannot be supported
instead of failing the MD¤ operations at runtime. This makes it easier
to detect and fix accidental cases where MD4 could still be used in some
older protocols.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-02 16:52:56 +03:00
Jouni Malinen
4a26972dfc OpenSSL: Remove md5_vector() from CONFIG_FIPS=y builds
MD5 is not allowed in such builds, so comment out md5_vector() from the
build to force compile time failures for cases that cannot be supported
instead of failing the MD5 operations at runtime. This makes it easier
to detect and fix accidental cases where MD5 could still be used in some
older protocols.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-01 21:08:06 +03:00
Jouni Malinen
276a3c44dd OpenSSL: Implement aes_wrap/aes_unwrap through EVP for CONFIG_FIPS=y
The OpenSSL internal AES_wrap_key() and AES_unwrap_key() functions are
unfortunately not available in FIPS mode. Trying to use them results in
"aes_misc.c(83): OpenSSL internal error, assertion failed: Low level API
call to cipher AES forbidden in FIPS mode!" and process termination.
Work around this by reverting commit
f19c907822 ('OpenSSL: Implement aes_wrap()
and aes_unwrap()') changes for CONFIG_FIPS=y case. In practice, this
ends up using the internal AES key wrap/unwrap implementation through
the OpenSSL EVP API which is available in FIPS mode. When CONFIG_FIPS=y
is not used, the OpenSSL AES_wrap_key()/AES_unwrap_key() API continues
to be used to minimize code size.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-01 16:56:59 +03:00
Jouni Malinen
f826fb1de1 OpenSSL: Handle EC_POINT_is_on_curve() error case
Even though this OpenSSL function is documented as returning "1 if point
if on the curve and 0 otherwise", it can apparently return -1 on some
error cases. Be prepared for that and check explicitly against 1 instead
of non-zero.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-26 22:41:51 +03:00
Jouni Malinen
16841ab246 crypto: Add functions for computing the Legendre symbol and EC y^2
These are needed to implement side-channel protection for SAE PWE
derivation for ECC.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-26 22:41:51 +03:00
Jouni Malinen
c4a13b424b OpenSSL: Add support for Brainpool Elliptic Curves
This allows the IKE groups 27-30 (RFC 6932) to be used with OpenSSL
1.0.2 and newer. For now, these get enabled for SAE as configurable
groups (sae_groups parameter), but the new groups are not enabled by
default.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-26 22:41:51 +03:00
Jouni Malinen
4e7e68890a Add crypto_ec_point_cmp()
This is needed to allow SAE to check whether ECC elements are identical.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-23 22:29:23 +03:00
Jouni Malinen
65a7b21f5e OpenSSL: Implement AES-128 CBC using EVP API
This replaces the internal CBC mode implementation in
aes_128_cbc_encrypt() and aes_128_cbc_decrypt() with the OpenSSL
implementation for CONFIG_TLS=openssl builds.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-03-29 20:30:58 +03:00
Jouni Malinen
f19c907822 OpenSSL: Implement aes_wrap() and aes_unwrap()
This replaces the implementation in aes-wrap.c and aes-unwrap.c with
OpenSSL AES_wrap_key() and AES_unwrap_key() functions when building
hostapd or wpa_supplicant with OpenSSL.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-28 13:09:31 +02:00
Jouni Malinen
fee31f76cd OpenSSL: Remove support for versions older than 0.9.8
These have reached out-of-life status in the OpenSSL project and there
is no need to maintain support for them in hostapd/wpa_supplicant
either.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-28 13:09:31 +02:00
Jouni Malinen
8bf3030af6 OpenSSL: Use a common helper function for HMAC
There is no need to duplicate this construction for each hash algorithm.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-28 13:09:31 +02:00
Jouni Malinen
983c6a606b OpenSSL: Replace internal HMAC-MD5 implementation
Use OpenSSL HMAC_* functions to implement HMAC-MD5 instead of depending
on the src/crypto/md5.c implementation.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-28 13:09:31 +02:00
Jouni Malinen
97ae35a848 Add HMAC-SHA384
For now, this is only implemented with OpenSSL.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-27 01:26:51 +02:00
Jouni Malinen
30bff1d0f4 Extend AES-CMAC routines to support 256-bit keys
omac1_aes_256() and omac1_aes_vector() can now be used to perform
256-bit CMAC operations similarly to the previously supported 128-bit
cases.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-24 19:37:42 +02:00
Jouni Malinen
77a2c3941e crypto: Clear temporary heap allocations before freeing
This reduces the time private keys may remain in heap memory after use.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-06 02:49:13 +02:00
Jouni Malinen
a90c7d91a0 OpenSSL: Fix pbkdf2_sha1() wrapper
This was supposed to use the iterations parameter from the caller
instead of the hardcoded 4096. In practice, this did not have problems
for normal uses since that 4096 value was used in all cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-05 17:27:08 +02:00
Adam Langley
a8572960a9 Support building with BoringSSL
BoringSSL is Google's cleanup of OpenSSL and an attempt to unify
Chromium, Android and internal codebases around a single OpenSSL.

As part of moving Android to BoringSSL, the wpa_supplicant maintainers
in Android requested that I upstream the change. I've worked to reduce
the size of the patch a lot but I'm afraid that it still contains a
number of #ifdefs.

[1] https://www.imperialviolet.org/2014/06/20/boringssl.html

Signed-off-by: Adam Langley <agl@chromium.org>
2014-10-07 01:18:03 +03:00
Masashi Honma
5c61d214ad openssl: Fix memory leak in openssl ec deinit
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2014-09-07 19:14:18 +03:00
Florent Daigniere
26c10f797c OpenSSL: Use EC_POINT_clear_free instead of EC_POINT_free
This changes OpenSSL calls to explicitly clear the EC_POINT memory
allocations when freeing them. This adds an extra layer of security by
avoiding leaving potentially private keys into local memory after they
are not needed anymore. While some of these variables are not really
private (e.g., they are sent in clear anyway), the extra cost of
clearing them is not significant and it is simpler to just clear these
explicitly rather than review each possible code path to confirm where
this does not help.

Signed-off-by: Florent Daigniere <nextgens@freenetproject.org>
2014-07-24 19:35:07 +03:00
Florent Daigniere
3248071dc3 OpenSSL: Use BN_clear_free instead of BN_free
This changes OpenSSL calls to explicitly clear the bignum memory
allocations when freeing them. This adds an extra layer of security by
avoiding leaving potentially private keys into local memory after they
are not needed anymore. While some of these variables are not really
private (e.g., they are sent in clear anyway), the extra cost of
clearing them is not significant and it is simpler to just clear these
explicitly rather than review each possible code path to confirm where
this does not help.

Signed-off-by: Florent Daigniere <nextgens@freenetproject.org>
2014-07-24 19:28:39 +03:00
Jouni Malinen
a9b08adacf Remove unused crypto_bignum_rshift()
Commit bf4f5d6570 removed the only user of
this function.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-02-15 11:31:20 +02:00
Jouni Malinen
3cf06c9e2c OpenSSL: Include sha1/sha256 header files to verify declarations
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-31 19:58:16 +02:00
Jouni Malinen
75870c933f SAE: Replace comparison to one with crypto_bignum wrapper
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:54 +02:00
Jouni Malinen
b0f6124c1c SAE: Store commit scalars as bignum instead of octet string
This avoids unnecessary bignum initialization steps during the SAE
exchange.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:54 +02:00
Jouni Malinen
b1677c393b SAE: Use more generic random bignum generation
Move the bignum comparison part into the bignum library to allow a
single implementation of rand generation for both ECC and FCC based
groups.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:54 +02:00
Jouni Malinen
305fe835d4 Add more crypto_bignum_*() wrappers
These operations will be needed for SAE FCC group operations.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:54 +02:00
Jouni Malinen
cd9c2714e7 SAE: Add support for ECC group 21 (521-bit random ECP group)
In addition to the trivial change in adding the new group ientifier,
this required changes to KDF and random number generation to support
cases where the length of the prime in bits is not a multiple of eight.
The binary presentation of the value needs to be shifted so that the
unused most significant bits are the zero padding rather than the extra
bits in the end of the array.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
bf14657b9f SAE: Add support for additional ECC groups
In addition to the mandatory group 19 (256-bit random ECP group) add
support for groups 20 (384-bit), 25 (192-bit), and 26 (224-bit).

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
a55f2eef71 SAE: Use EC group context to get the group prime
Do not use the hardcoded group19_prime buffer for this to allow group
negotiation.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
ce46ec8df0 SAE: Store the group order in EC context data
This makes the SAE implementation a bit simpler by not having to build
the bignum for group order during execution.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
619c70a0b2 crypto: Add wrappers for OpenSSL BIGNUM and EC_POINT
These new crypto wrappers can be used to implement bignum and EC
operations using various crypto libraries.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
44ec48ebfd FIPS: Remove md5-non-fips.c
Commit c9e08af24f removed the only user of
the special case MD5 use that would be allowed in FIPS mode in
tls_prf_sha1_md5(). Commit 271dbf1594
removed the file from the build, but left the implementation into the
repository. To clean things up even further, remove this functionality
completely since it is not expected to be needed for FIPS mode anymore.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-19 16:53:15 +03:00
Jouni Malinen
adb9b8edc4 OpenSSL: Silence a compiler warning with OpenSSL 0.9.7
The PKCS5_PBKDF2_HMAC_SHA1() function in OpenSSL 0.9.7 did not mark
the salt parameter const even though it was not modified. Hide the
compiler warning with a type cast when an old OpenSSL version is
used.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-16 22:56:19 +03:00
Jouni Malinen
26a379224c OpenSSL: Implement SHA256 HMAC functions using HMAC API
Use the OpenSSL HMAC implementation instead of the internal sha256.c
implementation of HMAC with SHA256.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-16 22:34:35 +03:00
Jouni Malinen
0b5e98557e FIPS: Use OpenSSL CMAC implementation instead of aes-omac1.c
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-16 22:19:53 +03:00
Jouni Malinen
982bafedaf FIPS: Mix in OpenSSL RAND_bytes() into random_get_bytes()
Make sure that the OpenSSL DRBG gets used when generating
random numbers in FIPS mode.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-16 21:49:41 +03:00
Jouni Malinen
105f5881d5 OpenSSL: Fix crypto_hash_init() to initialize HMAC context
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-16 20:39:46 +03:00
Jouni Malinen
030d062fac OpenSSL: Implement SHA1 HMAC functions using HMAC API
Use the OpenSSL HMAC implementation instead of the internal sha1.c
implementation of HMAC with SHA1.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-16 20:38:25 +03:00
Jouni Malinen
e40c86ad27 OpenSSL: Use library function for PBKDF2 passphrase-to-PSK
Use the OpenSSL PKCS5_PBKDF2_HMAC_SHA1() function instead of the
internal implementation in sha1-pbkdf2.c.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-16 20:26:16 +03:00
Jouni Malinen
860a93d5f7 OpenSSL: Convert low level AES API use to EVP
This allows the AES operations to be used in OpenSSL FIPS mode.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-16 18:27:23 +03:00
Jouni Malinen
895cb1683d OpenSSL: Add support for HMAC functions with 0.9.8 and older
Commit d9cc4646eb added
crypto_hash_{init,update,finish}() wrappers for OpenSSL, but it
assumed the current HMAC API in OpenSSL. This was changed in 0.9.9
to return error codes from the functions while older versions used
void functions. Add support for the older versions, too.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-07-07 10:58:32 +03:00
Jouni Malinen
d9cc4646eb OpenSSL: Add support for crypto_hash_{init,update,finish}()
This adds initial support for HMAC operations using the
crypto_hash_{init,update,finish}() wrappers.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-07-02 22:04:25 +03:00
Jouni Malinen
a0d0c560c3 Add dh5_init_fixed() to allow fixed DH parameters to be used
This allows pre-configured private and public key to be used when
initializing DH for group 5.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 21:22:12 +03:00
Jouni Malinen
0f3d578efc Remove the GPL notification from files contributed by Jouni Malinen
Remove the GPL notification text from the files that were
initially contributed by myself.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-02-11 19:39:36 +02:00
Jouni Malinen
cc91e07e57 OpenSSL: Fix public key length in DH group 5 operations
The length of the prime was used incorrectly and this resulted
in WPS DH operation failing whenever the public key ended up having
leading zeros (i.e., about every 1/256th time).
2010-06-26 21:03:25 -07:00
Jouni Malinen
8e2c104fa1 Resolve some sparse warnings
Mainly, this is including header files to get definitions for functions
which is good to verify that the parameters match. None of these are
issues that would have shown as incorrect behavior of the program.
2009-11-25 00:57:00 +02:00
Jouni Malinen
278da1b52a openssl: Allow build with OpenSSL 0.9.7
OpenSSL 0.9.7 does not include get_rfc3526_prime_1536() function, so
provide that functionality internally if needed. In addition, make
sha256_vector() building depend on whether SHA256 support is included
in the OpenSSL library. This with CONFIG_INTERNAL_SHA256=y in .config
allows OpenSSL without SHA256 support to be used.
2009-10-16 15:57:17 +03:00
Jouni Malinen
d8130bdf13 openssl: Mark openssl_digest_vector() static 2009-10-16 15:54:52 +03:00
Jouni Malinen
f042122a57 Allow the internal DH implementation to be overridden
Crypto library wrappers can now override the internal DH (group 5)
implementation. As a starting point, this is done with OpenSSL. The
new mechanism is currently available only for WPS (i.e., IKEv2 still
depends on the internal DH implementation).
2009-10-11 19:17:22 +03:00
Jouni Malinen
108f9dd49b Fix crypto_cipher_init() EVP initialization
Better not specify EVP_CIPHER again for the second init call since that
will override key length with the default value. The previous version
was likely to work since most use cases would be likely to use the
default key length. Anyway, better make this handle variable length
ciphers (mainly, RC4), too, just in case it is needed in the future.
2009-08-16 22:26:59 +03:00
Jouni Malinen
7cba52d852 Use OpenSSL for RC4 instead of internal implementation 2009-08-16 22:26:13 +03:00
Jouni Malinen
1d5ed36e7c Fix build with non-FIPS capable OpenSSL 2009-08-16 19:56:33 +03:00
Jouni Malinen
ff916b9df7 Allow non-FIPS MD5 to be used with TLS PRF even in FIPS mode
This is allowed per FIPS1402IG.pdf since the TLS PRF depends fully on
both MD5 and SHA-1.
2009-08-16 18:56:48 +03:00
Jouni Malinen
1430ba9b7e OpenSSL: Use library version of SHA256
There is no need to use the internal SHA256 implementation when using
OpenSSL.
2009-08-16 14:15:36 +03:00
Jouni Malinen
4b77bf2a40 OpenSSL: Use EVP_Digest*() functions
Instead of using low level, digest-specific functions, use the generic
EVP interface for digest functions. In addition, report OpenSSL errors
in more detail.
2009-08-16 14:12:06 +03:00
Jouni Malinen
0a5d68aba5 Make hash functions return error value
Some crypto libraries can return in these functions (e.g., if a specific
hash function is disabled), so we better provide the caller a chance to
check whether the call failed. The return values are not yet used
anywhere, but they will be needed for future changes.
2009-08-16 14:06:00 +03:00
Johannes Berg
05edfe2994 Crypto build cleanup: remove NEED_FIPS186_2_PRF
Instead of using a define and conditional building of crypto wrapper
parts, move the FIPS 186-2 PRF implementation into separate files.
2009-08-11 20:06:23 +03:00
Jouni Malinen
7818ad2c8f Avoid memory leak on error path in crypto_cipher_init() 2009-02-07 12:07:06 +02:00
Jouni Malinen
6fc6879bd5 Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release 2008-02-27 17:34:43 -08:00