| Message ID | 20240404181630.2431991-8-juliusz@wolfssl.com |
|---|---|
| State | New |
| Headers | show
Return-Path:
<hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
dkim=pass (2048-bit key;
secure) header.d=lists.infradead.org header.i=@lists.infradead.org
header.a=rsa-sha256 header.s=bombadil.20210309 header.b=YanKpUoB;
dkim=fail reason="signature verification failed" (2048-bit key;
unprotected) header.d=wolfssl-com.20230601.gappssmtp.com
header.i=@wolfssl-com.20230601.gappssmtp.com header.a=rsa-sha256
header.s=20230601 header.b=qKn0fpnc;
dkim-atps=neutral
Authentication-Results: legolas.ozlabs.org;
spf=none (no SPF record) smtp.mailfrom=lists.infradead.org
(client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org;
envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;
receiver=patchwork.ozlabs.org)
Received: from bombadil.infradead.org (bombadil.infradead.org
[IPv6:2607:7c80:54:3::133])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384)
(No client certificate requested)
by legolas.ozlabs.org (Postfix) with ESMTPS id 4V9VGj6kn5z1yYf
for <incoming@patchwork.ozlabs.org>; Fri, 5 Apr 2024 05:18:05 +1100 (AEDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=lists.infradead.org; s=bombadil.20210309; h=Sender:
Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:
Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description:
Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
List-Owner; bh=4mFycL/cwL7UeaDDIzh3fB6cVSbETvYVnlYmt50jCCs=; b=YanKpUoB4Df2IP
xxba3lyGbYqQ0VBjARurufWSaMVKV96uFrrfChcYxyZNLLbcPsbmyO8rsLXM8i1M3oRytlsSraOcf
Y6xNVITpOMQCDO+Dm9lmTHB0u2tugrrD2F+awvd7qfafwHFStKdR+1bKmgBakjthuqX+PF85f1DJW
qwyM5llyTA5eKkb4QT7R0vSt7uuBnLaWkmrPj/24wnzSh3TQ/FWv4x+ilvtj8yyRHzKJislwiMdpv
7jqW4wR9XT0TiWnL5ChYdIgxQgmyJj0jBxFHiXWxIFyn7MwnngxA6/foNVF4XGL5UWmQLjlDbAfzv
WK6jbEd0X55xedWU6PUQ==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux))
id 1rsRec-00000003n4r-2w4j;
Thu, 04 Apr 2024 18:17:38 +0000
Received: from mail-ed1-x529.google.com ([2a00:1450:4864:20::529])
by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux))
id 1rsRe6-00000003mgl-19oa
for hostap@lists.infradead.org;
Thu, 04 Apr 2024 18:17:08 +0000
Received: by mail-ed1-x529.google.com with SMTP id
4fb4d7f45d1cf-56e1baf0380so1455343a12.3
for <hostap@lists.infradead.org>;
Thu, 04 Apr 2024 11:17:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=wolfssl-com.20230601.gappssmtp.com; s=20230601; t=1712254623;
x=1712859423; darn=lists.infradead.org;
h=content-transfer-encoding:mime-version:references:in-reply-to
:message-id:date:subject:cc:to:from:from:to:cc:subject:date
:message-id:reply-to;
bh=V2oNYip7g1sxe0YE6t+9jq6aG19ikKadHPxKFR5IGGs=;
b=qKn0fpnciCe8P+1oe3HsOuLwbTpqEPh2jtt18hxVta+WRgnR9Qpoh06ZvuzEvsZmIE
eWz5za7OgodMCPhrdrgFALS4Msyugr0gH0ctqzZkaJEJzc2qnA8hTVIi4qROMZPGDj51
QKtpXIl0W6PxIi5k1M0fDWS7JKgN3eObKiJ0z+dFimnZQ+F+s+ut6YJSGROtoNPyhy42
HJmVtdu850c+lcD3CDlxeIzT3K+uY+uYf1XvdmlRmgopFt21ZkYC+6yPWw6gFqGDvdiE
0YGLNpR0HraVwAL/XEgEAV41ePOc8mocpQDI+7R92Os5ReR44Nu+JxZX7nxvicJmoPQJ
WQ9Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1712254623; x=1712859423;
h=content-transfer-encoding:mime-version:references:in-reply-to
:message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
:subject:date:message-id:reply-to;
bh=V2oNYip7g1sxe0YE6t+9jq6aG19ikKadHPxKFR5IGGs=;
b=g3ozpRWezGWkpEO203ugz/YDcGTZ6gyO9W6iDWaTqpG0kI4tkV5ix8JxtKdvnKeKR2
8AEwa27v1IZCkokfEhB/sEPrcHPEtxKGrDnsY+tUiOS70jR1kzSdypYfYRg/jDNhtjwm
OiY10xLFDUM2dMjhLMcM52sK0tAJa8UT81xbNzPvU1iFLVzStarLv3AhEniWs/AEThz/
LxuGRDWFkin5ST6b9bu6rIUCsILHE7mM6p3TJ/iONdEYtnKmnzXdaeEHEPECKkdmKGPr
v+9E+g/YJVVgANRpUgVFMFBo3PJrb6sJrB9tnLob5w+5KcANuavWZ8N/22Y/145y9gzK
u6fw==
X-Gm-Message-State: AOJu0YwgDCoGJW1JGuyQqAl9ps2SSRGx6SMGizcS21ZfBaSgiRYmlOlV
4mzup3+GoxhE6dbpqfmgFVEznyxG/wTLslfWwv0JXuqEZZcre+ow6YNLALZS6ihLgL501HviMzJ
WImI=
X-Google-Smtp-Source:
AGHT+IHy9hVJY4Aza+u+w1EMnubmEyvvl7k12B6Qz0cmG9upWRhggAy9X5CwcdCmy7Kcer0rlu6sBQ==
X-Received: by 2002:a50:8718:0:b0:56d:f405:9a42 with SMTP id
i24-20020a508718000000b0056df4059a42mr2355213edb.2.1712254623324;
Thu, 04 Apr 2024 11:17:03 -0700 (PDT)
Received: from localhost.localdomain ([82.118.30.15])
by smtp.gmail.com with ESMTPSA id
dh26-20020a0564021d3a00b0056e0b358e86sm1976349edb.97.2024.04.04.11.17.02
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Thu, 04 Apr 2024 11:17:02 -0700 (PDT)
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
To: hostap@lists.infradead.org
Cc: Juliusz Sosinowicz <juliusz@wolfssl.com>
Subject: [PATCH 08/24] wolfssl: Set additional sigalgs when using anon cipher
Date: Thu, 4 Apr 2024 20:16:14 +0200
Message-Id: <20240404181630.2431991-8-juliusz@wolfssl.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20240404181630.2431991-1-juliusz@wolfssl.com>
References: <20240404181630.2431991-1-juliusz@wolfssl.com>
MIME-Version: 1.0
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3
X-CRM114-CacheID: sfid-20240404_111706_395883_A52F37F3
X-CRM114-Status: GOOD ( 11.14 )
X-Spam-Score: 0.0 (/)
X-Spam-Report: Spam detection software,
running on the system "bombadil.infradead.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: When setting an anonymous cipher,
wolfSSL would only set the
anonymous signature algorithm. This sets some better defaults.
Signed-off-by:
Juliusz Sosinowicz <juliusz@wolfssl.com> --- src/crypto/tls_wolfssl.c | 8
++++++++ 1 file changed, 8 insertions(+)
Content analysis details: (0.0 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no
trust
[2a00:1450:4864:20:0:0:0:529 listed in]
[list.dnswl.org]
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
-0.1 DKIM_VALID Message has at least one valid DKIM or DK
signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
X-BeenThere: hostap@lists.infradead.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: <hostap.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/hostap>,
<mailto:hostap-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/hostap/>
List-Post: <mailto:hostap@lists.infradead.org>
List-Help: <mailto:hostap-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/hostap>,
<mailto:hostap-request@lists.infradead.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "Hostap" <hostap-bounces@lists.infradead.org>
Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org
|
| Series |
[01/24] wolfssl: simplify tls_get_cipher
|
expand
|
diff --git a/src/crypto/tls_wolfssl.c b/src/crypto/tls_wolfssl.c index 38575375de..a58e1f7607 100644 --- a/src/crypto/tls_wolfssl.c +++ b/src/crypto/tls_wolfssl.c @@ -2004,6 +2004,7 @@ int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn, char buf[128], *pos, *end; u8 *c; int ret; + int setSigAlgs = 0; if (!conn || !conn->ssl || !ciphers) return -1; @@ -2028,6 +2029,7 @@ int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn, break; case TLS_CIPHER_ANON_DH_AES128_SHA: suite = "ADH-AES128-SHA"; + setSigAlgs = 1; break; case TLS_CIPHER_RSA_DHE_AES256_SHA: suite = "DHE-RSA-AES256-SHA"; @@ -2054,6 +2056,12 @@ int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn, return -1; } + if (setSigAlgs && + wolfSSL_set1_sigalgs_list(conn->ssl, SUITEB_TLS_128_SIGALGS) != 1) { + wpa_printf(MSG_DEBUG, "Sigalg configuration failed"); + return -1; + } + return 0; }
When setting an anonymous cipher, wolfSSL would only set the anonymous signature algorithm. This sets some better defaults. Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com> --- src/crypto/tls_wolfssl.c | 8 ++++++++ 1 file changed, 8 insertions(+)