<div dir="ltr"><blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex" class="gmail_quote">Hmm.. That would be somewhat of an unfortunate direction.. My goal has<br>
been more to reduce externally required crypto implementation than<br>
adding it, i.e., this change would be reverting an earlier cleanup. It's<br>
a bit unfortunate if OpenSSL does not provide a FIPS mode compatible<br>
mechanism for AES key wrapping. <br></blockquote><div><br></div>In this post on openssl-users - <a href="http://marc.info/?l=openssl-users&m=140075543711643&w=2" target="_blank">http://marc.info/?l=openssl-users&m=140075543711643&w=2</a> - one of the maintainers of OpenSSL provides an example of how to use the allowed higher level EVP_* calls to implement FIPS mode-compatible AES key wrapping. The code in the example very closely matches the code within aes-wrap.c and aes-unwrap.c. I suggested re-adding that code to avoid code duplication without realizing that it's a revert of f19c907<br><br><div>Would putting the aes_wrap and aes_unwrap calls from aes-[un]wrap.c into crypto_openssl.c work?<br></div><div class="gmail_extra"><br></div><div class="gmail_extra">- Jate S.<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Jul 30, 2015 at 5:09 AM, Jouni Malinen <span dir="ltr"><<a href="mailto:j@w1.fi" target="_blank">j@w1.fi</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>On Wed, Jul 29, 2015 at 05:20:06PM -0400, Jate Sujjavanich wrote:<br>
> I replaced the calls within to aes_wrap/aes_unwrap in crypto_openssl.c with<br>
> the callbacks in aes_wrap.c/aes_unwrap.c. They actually lead down to EVP_*<br>
> functions within OpenSSL which is valid in FIPS mode. The callbacks to<br>
> aes_encrypt_* lead to higher level EVP_* calls which are allowed in FIPS<br>
> mode.<br>
><br>
> Do you see anything wrong with this algorithmically as far as encryption is<br>
> concerned?<br>
<br>
</span>No, the changes here are just reverting back to the older design. In<br>
fact, all you would have needed to do for this is "git revert<br>
f19c907822ad0dec3480b1435b615ae22c5533a1" (i.e., revert the "OpenSSL:<br>
Implement aes_wrap() and aes_unwrap()" commit).. Like I said, this is<br>
not the direction I want to go to, so I hope that there is a better<br>
solution for AES key wrap than this as far as hostap.git is concerned.<br>
<span><br>
--<br>
Jouni Malinen PGP id EFC895FA<br>
_______________________________________________<br>
HostAP mailing list<br>
</span><a href="mailto:HostAP@lists.shmoo.com" target="_blank">HostAP@lists.shmoo.com</a><br>
<a href="http://lists.shmoo.com/mailman/listinfo/hostap" rel="noreferrer" target="_blank">http://lists.shmoo.com/mailman/listinfo/hostap</a><br>
</blockquote></div><br></div></div>