Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: sonic-net/sonic-wpa-supplicant
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: d41110905e10201e938058505cf33a170b68522d
Choose a base ref
...
head repository: sonic-net/sonic-wpa-supplicant
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 413704a6ccef8321667712c518e595878ff02251
Choose a head ref
  • 3 commits
  • 1 file changed
  • 2 contributors

Commits on Mar 12, 2024

  1. Provide CMAC high level API replacement

    @wumiaont
    wumiaont committed Mar 12, 2024
    Loading
    Loading status checks…

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    GPG key ID: B5690EEEBB952194
    Verified
    Learn about vigilant mode
    Copy the full SHA
    01a3904 View commit details

Commits on Mar 13, 2024

  1. Fix a port issue

    @wumiaont
    wumiaont committed Mar 13, 2024
    Loading
    Loading status checks…
    Copy the full SHA
    8521d4a View commit details

Commits on Mar 14, 2024

  1. Provide CMAC high level API replacement #81 

    Replace wpa-supplicant openssl CMAC wrapper API to use high level EVP APIs. With this change CMAC handlings for openssl will be taken over by symcrypt provider in FIPs mode.

Test: Tested against whole macsec testing suites and all passed with the change.

This is porting from hostap wpa_supplicant for CMAC Openssl hihe level API replacement.
https://w1.fi/cgit/hostap/commit/?id=0c61f6234fd27c43b46d9bdb8ecf72be2e85cc38
    @xumia
    xumia authored Mar 14, 2024
    Loading
    Loading status checks…
    Copy the full SHA
    413704a View commit details
Showing with 38 additions and 0 deletions.
  1. +38 −0 src/crypto/crypto_openssl.c
38 changes: 38 additions & 0 deletions src/crypto/crypto_openssl.c
View file
Original file line number Diff line number Diff line change
@@ -1218,6 +1218,43 @@ int crypto_get_random(void *buf, size_t len)
int omac1_aes_vector(const u8 *key, size_t key_len, size_t num_elem,
const u8 *addr[], const size_t *len, u8 *mac)
{
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
EVP_MAC_CTX *ctx = NULL;
EVP_MAC *emac;
int ret = -1;
size_t outlen, i;
OSSL_PARAM params[2];
char *cipher = NULL;
if (TEST_FAIL())
return -1;
emac = EVP_MAC_fetch(NULL, "CMAC", NULL);

if (key_len == 32)
cipher = "aes-256-cbc";
else if (key_len == 24)
cipher = "aes-192-cbc";
else if (key_len == 16)
cipher = "aes-128-cbc";

params[0] = OSSL_PARAM_construct_utf8_string("cipher", cipher, 0);
params[1] = OSSL_PARAM_construct_end();

if (!emac || !cipher ||
!(ctx = EVP_MAC_CTX_new(emac)) ||
EVP_MAC_init(ctx, key, key_len, params) != 1)
goto fail;

for (i = 0; i < num_elem; i++) {
if (!EVP_MAC_update(ctx, addr[i], len[i]))
goto fail;
}
if (EVP_MAC_final(ctx, mac, &outlen, 16) != 1 || outlen != 16)
goto fail;
ret = 0;
fail:
EVP_MAC_CTX_free(ctx);
return ret;
#else /* OpenSSL version >= 3.0 */
CMAC_CTX *ctx;
int ret = -1;
size_t outlen, i;
@@ -1249,6 +1286,7 @@ int omac1_aes_vector(const u8 *key, size_t key_len, size_t num_elem,
fail:
CMAC_CTX_free(ctx);
return ret;
#endif /* OpenSSL version >= 3.0 */
}