mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-28 10:18:21 -05:00
BoringSSL: Allow internal AES key wrap to be used with "OpenSSL" build
It looks like BoringSSL has removed the AES_wrap_key(), AES_unwrap_key() API. This broke wpa_supplicant/hostapd build since those functions from OpenSSL were used to replace the internal AES key wrap implementation. Add a new build configuration option (CONFIG_OPENSSL_INTERNAL_AES_WRAP=y) to allow the internal implementation to be used with CONFIG_OPENSSL=y build to allow build against the latest BoringSSL version. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
parent
c965ae034a
commit
812f28b79c
@ -304,6 +304,7 @@ void aes_decrypt_deinit(void *ctx)
|
||||
|
||||
|
||||
#ifndef CONFIG_FIPS
|
||||
#ifndef CONFIG_OPENSSL_INTERNAL_AES_WRAP
|
||||
|
||||
int aes_wrap(const u8 *kek, size_t kek_len, int n, const u8 *plain, u8 *cipher)
|
||||
{
|
||||
@ -331,6 +332,7 @@ int aes_unwrap(const u8 *kek, size_t kek_len, int n, const u8 *cipher,
|
||||
return res <= 0 ? -1 : 0;
|
||||
}
|
||||
|
||||
#endif /* CONFIG_OPENSSL_INTERNAL_AES_WRAP */
|
||||
#endif /* CONFIG_FIPS */
|
||||
|
||||
|
||||
|
@ -1140,6 +1140,11 @@ endif
|
||||
ifneq ($(CONFIG_TLS), openssl)
|
||||
NEED_INTERNAL_AES_WRAP=y
|
||||
endif
|
||||
ifdef CONFIG_OPENSSL_INTERNAL_AES_WRAP
|
||||
# Seems to be needed at least with BoringSSL
|
||||
NEED_INTERNAL_AES_WRAP=y
|
||||
L_CFLAGS += -DCONFIG_OPENSSL_INTERNAL_AES_WRAP
|
||||
endif
|
||||
ifdef CONFIG_FIPS
|
||||
# Have to use internal AES key wrap routines to use OpenSSL EVP since the
|
||||
# OpenSSL AES_wrap_key()/AES_unwrap_key() API is not available in FIPS mode.
|
||||
|
@ -1152,6 +1152,11 @@ endif
|
||||
ifneq ($(CONFIG_TLS), openssl)
|
||||
NEED_INTERNAL_AES_WRAP=y
|
||||
endif
|
||||
ifdef CONFIG_OPENSSL_INTERNAL_AES_WRAP
|
||||
# Seems to be needed at least with BoringSSL
|
||||
NEED_INTERNAL_AES_WRAP=y
|
||||
CFLAGS += -DCONFIG_OPENSSL_INTERNAL_AES_WRAP
|
||||
endif
|
||||
ifdef CONFIG_FIPS
|
||||
# Have to use internal AES key wrap routines to use OpenSSL EVP since the
|
||||
# OpenSSL AES_wrap_key()/AES_unwrap_key() API is not available in FIPS mode.
|
||||
|
Loading…
Reference in New Issue
Block a user