aboutsummaryrefslogtreecommitdiffstats
path: root/src/crypto
diff options
context:
space:
mode:
authorDmitry Shmidt <dimitrysh@google.com>2015-03-30 13:16:51 -0700
committerDmitry Shmidt <dimitrysh@google.com>2015-03-30 14:01:30 -0700
commit912c6ecf72fb2c84fbf17dbd0666492778dbd9fc (patch)
treec82fafae71f2017e211192fd70bfe3c13712676a /src/crypto
parentdda10c2afb8378747491ea5d329a1de635d6d58e (diff)
downloadandroid_external_wpa_supplicant_8-912c6ecf72fb2c84fbf17dbd0666492778dbd9fc.tar.gz
android_external_wpa_supplicant_8-912c6ecf72fb2c84fbf17dbd0666492778dbd9fc.tar.bz2
android_external_wpa_supplicant_8-912c6ecf72fb2c84fbf17dbd0666492778dbd9fc.zip
Cumulative patch from commit 989e784601887734e696b3fac0ad6d101badd7ea
989e784 P2P: Optimize scan frequencies list when re-joining a persistent group 154a1d5 hostapd: Fix some compilation errors ce18c10 Add support for CONFIG_NO_ROAMING to Makefile 65a7b21 OpenSSL: Implement AES-128 CBC using EVP API 22ba05c Explicitly clear temporary stack buffers in tls_prf_sha1_md5() 940a4db Explicitly clear temporary stack buffer in sha1_t_prf() eccca10 Explicitly clear temporary stack buffer in hmac_sha256_kdf() e8e365d wext: Add support for renamed Host AP driver ifname fc48d33 Improve error messages related to EAP DB c469d62 Error out if user configures SQLite DB without CONFIG_SQLITE 270427e HS 2.0R2: Add more logging for hs20-osu-client icon matching 8e31cd2 OSU server: Improve logging for SPP schema validation failures 23dd15a http-curl: Improve log messages e7d285c OSU server: Print out signup ID if there is some problem with it 1b45006 HS 2.0R2: Remove unused argument identifier from hs20-osu-client 2e7a228 HS 2.0R2: Allow custom libcurl linkage for hs20-osu-client a52410c Allow PSK/passphrase to be set only when needed 3e808b8 EAP-pwd peer: Add support for hashed password e4840b3 EAP-pwd server: Add support for hashed password 2bd2ed2 EAP-pwd: Mark helper function arguments const when appropriate 9ccc10f wpa_cli: Use tab as only word separator for networks 5a997b2 wpa_cli: Completion routine for dup_network command 1ca6c0f wpa_cli: Completion for remove, select, disable, enable network 7e6cc90 wpa_cli: Implement completion routine for get_network/set_network 32a097f wpa_cli: Keep track of available networks 94dc0e9 wpa_cli: Allow tab as alternative separator for cli_txt_list words efa232f Add support for virtual interface creation/deletion ba87329 wpa_cli: Use .wpa_cli_history under Android 0f8385e Show OSEN key management properly in scan results e7b4cd0 wpa_gui: Add tray icon based signal strength meter 54d3dc9 AP: Unset HT capabilities for an HT association request without WMM Change-Id: I71425b8e20fe1dfdb777592257dc4e4063da8d85 Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Diffstat (limited to 'src/crypto')
-rw-r--r--src/crypto/crypto_openssl.c50
-rw-r--r--src/crypto/sha1-tlsprf.c5
-rw-r--r--src/crypto/sha1-tprf.c2
-rw-r--r--src/crypto/sha256-kdf.c3
4 files changed, 60 insertions, 0 deletions
diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
index f158ef43..9834b25c 100644
--- a/src/crypto/crypto_openssl.c
+++ b/src/crypto/crypto_openssl.c
@@ -324,6 +324,56 @@ int aes_unwrap(const u8 *kek, size_t kek_len, int n, const u8 *cipher,
}
+int aes_128_cbc_encrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len)
+{
+ EVP_CIPHER_CTX ctx;
+ int clen, len;
+ u8 buf[16];
+
+ EVP_CIPHER_CTX_init(&ctx);
+ if (EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv) != 1)
+ return -1;
+ EVP_CIPHER_CTX_set_padding(&ctx, 0);
+
+ clen = data_len;
+ if (EVP_EncryptUpdate(&ctx, data, &clen, data, data_len) != 1 ||
+ clen != (int) data_len)
+ return -1;
+
+ len = sizeof(buf);
+ if (EVP_EncryptFinal_ex(&ctx, buf, &len) != 1 || len != 0)
+ return -1;
+ EVP_CIPHER_CTX_cleanup(&ctx);
+
+ return 0;
+}
+
+
+int aes_128_cbc_decrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len)
+{
+ EVP_CIPHER_CTX ctx;
+ int plen, len;
+ u8 buf[16];
+
+ EVP_CIPHER_CTX_init(&ctx);
+ if (EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv) != 1)
+ return -1;
+ EVP_CIPHER_CTX_set_padding(&ctx, 0);
+
+ plen = data_len;
+ if (EVP_DecryptUpdate(&ctx, data, &plen, data, data_len) != 1 ||
+ plen != (int) data_len)
+ return -1;
+
+ len = sizeof(buf);
+ if (EVP_DecryptFinal_ex(&ctx, buf, &len) != 1 || len != 0)
+ return -1;
+ EVP_CIPHER_CTX_cleanup(&ctx);
+
+ return 0;
+}
+
+
int crypto_mod_exp(const u8 *base, size_t base_len,
const u8 *power, size_t power_len,
const u8 *modulus, size_t modulus_len,
diff --git a/src/crypto/sha1-tlsprf.c b/src/crypto/sha1-tlsprf.c
index 0effd9b7..f9bc0ebf 100644
--- a/src/crypto/sha1-tlsprf.c
+++ b/src/crypto/sha1-tlsprf.c
@@ -95,5 +95,10 @@ int tls_prf_sha1_md5(const u8 *secret, size_t secret_len, const char *label,
SHA1_pos++;
}
+ os_memset(A_MD5, 0, MD5_MAC_LEN);
+ os_memset(P_MD5, 0, MD5_MAC_LEN);
+ os_memset(A_SHA1, 0, SHA1_MAC_LEN);
+ os_memset(P_SHA1, 0, SHA1_MAC_LEN);
+
return 0;
}
diff --git a/src/crypto/sha1-tprf.c b/src/crypto/sha1-tprf.c
index a5294946..562510f8 100644
--- a/src/crypto/sha1-tprf.c
+++ b/src/crypto/sha1-tprf.c
@@ -66,5 +66,7 @@ int sha1_t_prf(const u8 *key, size_t key_len, const char *label,
len[0] = SHA1_MAC_LEN;
}
+ os_memset(hash, 0, SHA1_MAC_LEN);
+
return 0;
}
diff --git a/src/crypto/sha256-kdf.c b/src/crypto/sha256-kdf.c
index d8a1beb3..e7509ce4 100644
--- a/src/crypto/sha256-kdf.c
+++ b/src/crypto/sha256-kdf.c
@@ -61,6 +61,7 @@ int hmac_sha256_kdf(const u8 *secret, size_t secret_len,
if (iter == 255) {
os_memset(out, 0, outlen);
+ os_memset(T, 0, SHA256_MAC_LEN);
return -1;
}
iter++;
@@ -68,9 +69,11 @@ int hmac_sha256_kdf(const u8 *secret, size_t secret_len,
if (hmac_sha256_vector(secret, secret_len, 4, addr, len, T) < 0)
{
os_memset(out, 0, outlen);
+ os_memset(T, 0, SHA256_MAC_LEN);
return -1;
}
}
+ os_memset(T, 0, SHA256_MAC_LEN);
return 0;
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-08 23:50:03 +0000