From 030d062facf3acb490c442033b437aa99aa31aca Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Thu, 16 Aug 2012 20:38:25 +0300 Subject: [PATCH] OpenSSL: Implement SHA1 HMAC functions using HMAC API Use the OpenSSL HMAC implementation instead of the internal sha1.c implementation of HMAC with SHA1. Signed-hostap: Jouni Malinen --- hostapd/Android.mk | 2 ++ hostapd/Makefile | 2 ++ src/crypto/crypto_openssl.c | 39 +++++++++++++++++++++++++++++++++++++ wpa_supplicant/Android.mk | 2 ++ wpa_supplicant/Makefile | 2 ++ 5 files changed, 47 insertions(+) diff --git a/hostapd/Android.mk b/hostapd/Android.mk index bc6d689b6..5a0136b17 100644 --- a/hostapd/Android.mk +++ b/hostapd/Android.mk @@ -669,7 +669,9 @@ endif SHA1OBJS = ifdef NEED_SHA1 +ifneq ($(CONFIG_TLS), openssl) SHA1OBJS += src/crypto/sha1.c +endif SHA1OBJS += src/crypto/sha1-prf.c ifdef CONFIG_INTERNAL_SHA1 SHA1OBJS += src/crypto/sha1-internal.c diff --git a/hostapd/Makefile b/hostapd/Makefile index da1517de4..120eca638 100644 --- a/hostapd/Makefile +++ b/hostapd/Makefile @@ -660,7 +660,9 @@ OBJS += $(AESOBJS) endif ifdef NEED_SHA1 +ifneq ($(CONFIG_TLS), openssl) SHA1OBJS += ../src/crypto/sha1.o +endif SHA1OBJS += ../src/crypto/sha1-prf.o ifdef CONFIG_INTERNAL_SHA1 SHA1OBJS += ../src/crypto/sha1-internal.o diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c index 66cf84084..791f588f7 100644 --- a/src/crypto/crypto_openssl.c +++ b/src/crypto/crypto_openssl.c @@ -698,3 +698,42 @@ int pbkdf2_sha1(const char *passphrase, const u8 *ssid, size_t ssid_len, return -1; return 0; } + + +int hmac_sha1_vector(const u8 *key, size_t key_len, size_t num_elem, + const u8 *addr[], const size_t *len, u8 *mac) +{ + HMAC_CTX ctx; + size_t i; + unsigned int mdlen; + int res; + + HMAC_CTX_init(&ctx); +#if OPENSSL_VERSION_NUMBER < 0x00909000 + HMAC_Init_ex(&ctx, key, key_len, EVP_sha1(), NULL); +#else /* openssl < 0.9.9 */ + if (HMAC_Init_ex(&ctx, key, key_len, EVP_sha1(), NULL) != 1) + return -1; +#endif /* openssl < 0.9.9 */ + + for (i = 0; i < num_elem; i++) + HMAC_Update(&ctx, addr[i], len[i]); + + mdlen = 20; +#if OPENSSL_VERSION_NUMBER < 0x00909000 + HMAC_Final(&ctx, mac, &mdlen); + res = 1; +#else /* openssl < 0.9.9 */ + res = HMAC_Final(&ctx, mac, &mdlen); +#endif /* openssl < 0.9.9 */ + HMAC_CTX_cleanup(&ctx); + + return res == 1 ? 0 : -1; +} + + +int hmac_sha1(const u8 *key, size_t key_len, const u8 *data, size_t data_len, + u8 *mac) +{ + return hmac_sha1_vector(key, key_len, 1, &data, &data_len, mac); +} diff --git a/wpa_supplicant/Android.mk b/wpa_supplicant/Android.mk index 5ad2d678e..7ed7fc0a3 100644 --- a/wpa_supplicant/Android.mk +++ b/wpa_supplicant/Android.mk @@ -1054,7 +1054,9 @@ endif SHA1OBJS = ifdef NEED_SHA1 +ifneq ($(CONFIG_TLS), openssl) SHA1OBJS += src/crypto/sha1.c +endif SHA1OBJS += src/crypto/sha1-prf.c ifdef CONFIG_INTERNAL_SHA1 SHA1OBJS += src/crypto/sha1-internal.c diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile index 63cff71b6..8ea615016 100644 --- a/wpa_supplicant/Makefile +++ b/wpa_supplicant/Makefile @@ -1081,7 +1081,9 @@ OBJS += $(AESOBJS) endif ifdef NEED_SHA1 +ifneq ($(CONFIG_TLS), openssl) SHA1OBJS += ../src/crypto/sha1.o +endif SHA1OBJS += ../src/crypto/sha1-prf.o ifdef CONFIG_INTERNAL_SHA1 SHA1OBJS += ../src/crypto/sha1-internal.o