Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: sonic-net/sonic-wpa-supplicant
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: d41110905e10201e938058505cf33a170b68522d
Choose a base ref
...
head repository: sonic-net/sonic-wpa-supplicant
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 413704a6ccef8321667712c518e595878ff02251
Choose a head ref
  • 3 commits
  • 1 file changed
  • 2 contributors

Commits on Mar 12, 2024

  1. Provide CMAC high level API replacement

    wumiaont committed Mar 12, 2024

    Verified

    This commit was signed with the committer’s verified signature. The key has expired.
    charlyx Charles-Henri GUERIN
    Copy the full SHA
    01a3904 View commit details

Commits on Mar 13, 2024

  1. Fix a port issue

    wumiaont committed Mar 13, 2024
    Copy the full SHA
    8521d4a View commit details

Commits on Mar 14, 2024

  1. Provide CMAC high level API replacement #81

    Replace wpa-supplicant openssl CMAC wrapper API to use high level EVP APIs. With this change CMAC handlings for openssl will be taken over by symcrypt provider in FIPs mode.
    
    Test: Tested against whole macsec testing suites and all passed with the change.
    
    This is porting from hostap wpa_supplicant for CMAC Openssl hihe level API replacement.
    https://w1.fi/cgit/hostap/commit/?id=0c61f6234fd27c43b46d9bdb8ecf72be2e85cc38
    xumia authored Mar 14, 2024
    Copy the full SHA
    413704a View commit details
Showing with 38 additions and 0 deletions.
  1. +38 −0 src/crypto/crypto_openssl.c
38 changes: 38 additions & 0 deletions src/crypto/crypto_openssl.c
Original file line number Diff line number Diff line change
@@ -1218,6 +1218,43 @@ int crypto_get_random(void *buf, size_t len)
int omac1_aes_vector(const u8 *key, size_t key_len, size_t num_elem,
const u8 *addr[], const size_t *len, u8 *mac)
{
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
EVP_MAC_CTX *ctx = NULL;
EVP_MAC *emac;
int ret = -1;
size_t outlen, i;
OSSL_PARAM params[2];
char *cipher = NULL;
if (TEST_FAIL())
return -1;
emac = EVP_MAC_fetch(NULL, "CMAC", NULL);

if (key_len == 32)
cipher = "aes-256-cbc";
else if (key_len == 24)
cipher = "aes-192-cbc";
else if (key_len == 16)
cipher = "aes-128-cbc";

params[0] = OSSL_PARAM_construct_utf8_string("cipher", cipher, 0);
params[1] = OSSL_PARAM_construct_end();

if (!emac || !cipher ||
!(ctx = EVP_MAC_CTX_new(emac)) ||
EVP_MAC_init(ctx, key, key_len, params) != 1)
goto fail;

for (i = 0; i < num_elem; i++) {
if (!EVP_MAC_update(ctx, addr[i], len[i]))
goto fail;
}
if (EVP_MAC_final(ctx, mac, &outlen, 16) != 1 || outlen != 16)
goto fail;
ret = 0;
fail:
EVP_MAC_CTX_free(ctx);
return ret;
#else /* OpenSSL version >= 3.0 */
CMAC_CTX *ctx;
int ret = -1;
size_t outlen, i;
@@ -1249,6 +1286,7 @@ int omac1_aes_vector(const u8 *key, size_t key_len, size_t num_elem,
fail:
CMAC_CTX_free(ctx);
return ret;
#endif /* OpenSSL version >= 3.0 */
}