From patchwork Thu Apr 4 18:16:29 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Juliusz Sosinowicz X-Patchwork-Id: 1919914 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=i4zAAxAx; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=wolfssl-com.20230601.gappssmtp.com header.i=@wolfssl-com.20230601.gappssmtp.com header.a=rsa-sha256 header.s=20230601 header.b=uco/vbyy; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=patchwork.ozlabs.org) Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4V9VJK3jGMz1yYf for ; Fri, 5 Apr 2024 05:19:29 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=1qWUMDGtV1qGTILwYDmdZj9s/ubme+pUDFPGGmccxWM=; b=i4zAAxAxINQ4/Z LJGmxmK6sxl7ZT28gOu0afoKcx0d4ATLfiSLsS4u3dikNi9JyB3A6VYSRDlrAiwDtmh1Z0bRohvDJ eqw8bBESi028CKVJkwdwTvO5k9CO3W66cnbjQooIwDoX+K6237b27Is53NZnJoKVkzhYReo0DMkqn UKvsxbL9c8eTJX1P/hF6qa1PMpvd3NAODrqibDNuAxVElb8RlCR2mRbt/+gzuIDKtN7M4dO0Dz248 xbSy262zM2rnYKxAzfDfRKL9hWOaslMAZKS+qPLL0lMH1Ka8e9owXknMYkGoYM9zKX7ELtQ04syFR t4Xqi4Lt5jrRg4D2SG3A==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux)) id 1rsRg8-00000003oAD-098n; Thu, 04 Apr 2024 18:19:12 +0000 Received: from mail-lf1-x12f.google.com ([2a00:1450:4864:20::12f]) by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux)) id 1rsReN-00000003mr6-09HL for hostap@lists.infradead.org; Thu, 04 Apr 2024 18:17:27 +0000 Received: by mail-lf1-x12f.google.com with SMTP id 2adb3069b0e04-516cbf3fd3dso1307321e87.2 for ; Thu, 04 Apr 2024 11:17:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wolfssl-com.20230601.gappssmtp.com; s=20230601; t=1712254639; x=1712859439; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=qstqQw+c3YcxalyArdUTrRCNTyqMX09Fq8b/xlI3l4Q=; b=uco/vbyyCvM8M2gsMzX+AO0ON+KKvvzaNd4xU9r1nnQtzG/mY/8IclgnOH7SQ+iCj9 /BE2y4E/+GT/qphcwaYvPN8Lozln2V7bzYb6moVTrQf1jnDgKB2QqEsmTzRmoTs0Bh5o HJ8UPFKKcZJJ6BWoghe4gQ9abUKN1iCpY9gvSJ8pWA704PzeRJolR8vMLNNZglMlBHKN rfSOhI5lkJRNMGsWZpSCJmWPwZrdeyduqnEQyl+jXMJ+XUi3hB6ZvDz1WTmzs9/lMeTA 4NBTwmovpEpveylIQaXvCDNXimwqEnJlNQDXeWAbRCZF9v2wJ9n/tDNWwDAPNJHLzwBg xMKQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712254639; x=1712859439; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=qstqQw+c3YcxalyArdUTrRCNTyqMX09Fq8b/xlI3l4Q=; b=BqH+DQs3VQxPhCqhIYqy+JX/lcENXxCSBXw8Mw0dXdWDYnlfr4zXCvL3hpyX45I79D wpmetCe2iAOL4yXTIKRaUIB5oxMOa6yx2NRf8aP8326zkyyHyMVCN7ZzGgcGzUzdhLlQ 2Ej563YNZJXNsDpXBOOux0Y6VytgJzEWzJSGyQ3FZmmSxIpMXIMdETbVOaOk9tZNRKj1 As7F4tcDTqDPsGsNMEmATNcHpoS3S/ZYcxtbwr0JGBBq1GwuBDPAjeWUyBAvPZ6Z+IYP 4ZYi3TSdQWRhbzc+BX50aoBCKC3BdqMWq8CeBKKtLGxVnHSFOjv/18ZJFox4GaReK4yH tcxw== X-Gm-Message-State: AOJu0YwTvipz5sOgJMJ0Frz0jWNJjYhjPPsBHS1BSZ5x2oyVYFHESnj3 S5N4ui/apWU+yTjBi6LZ9iueGgpxWMHdDSDxcpxjmP2VbCwbxHDCuy9XIYqi8f+yfBjtwXx+BNZ SynU= X-Google-Smtp-Source: AGHT+IEaiH2b4bFemnrHRjWZI2E6Oi/ZfQyLT/Ej5szfdUi6OLj9CeoX7xUWbcNPHBSQdooGXUtBQw== X-Received: by 2002:a05:6512:49a:b0:516:be61:7688 with SMTP id v26-20020a056512049a00b00516be617688mr170295lfq.22.1712254639289; Thu, 04 Apr 2024 11:17:19 -0700 (PDT) Received: from localhost.localdomain ([82.118.30.15]) by smtp.gmail.com with ESMTPSA id dh26-20020a0564021d3a00b0056e0b358e86sm1976349edb.97.2024.04.04.11.17.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 04 Apr 2024 11:17:18 -0700 (PDT) From: Juliusz Sosinowicz To: hostap@lists.infradead.org Cc: Juliusz Sosinowicz Subject: [PATCH 23/24] wolfSSL: Implement openssl_ecdh_curves Date: Thu, 4 Apr 2024 20:16:29 +0200 Message-Id: <20240404181630.2431991-23-juliusz@wolfssl.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240404181630.2431991-1-juliusz@wolfssl.com> References: <20240404181630.2431991-1-juliusz@wolfssl.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20240404_111723_702676_2F012E49 X-CRM114-Status: GOOD ( 10.48 ) X-Spam-Score: 0.0 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Signed-off-by: Juliusz Sosinowicz --- src/crypto/tls_wolfssl.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/src/crypto/tls_wolfssl.c b/src/crypto/tls_wolfssl.c index 8940de98d4..224940a402 100644 --- a/src/crypto/tls_wolfssl.c +++ b/src/crypto/tls_wolfssl.c @@ -1628,6 +1628,15 @@ int tls_connec [...] Content analysis details: (0.0 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2a00:1450:4864:20:0:0:0:12f listed in] [list.dnswl.org] -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Signed-off-by: Juliusz Sosinowicz --- src/crypto/tls_wolfssl.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/src/crypto/tls_wolfssl.c b/src/crypto/tls_wolfssl.c index 8940de98d4..224940a402 100644 --- a/src/crypto/tls_wolfssl.c +++ b/src/crypto/tls_wolfssl.c @@ -1628,6 +1628,15 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn, return -1; } + if (params->openssl_ecdh_curves) { + if (wolfSSL_set1_curves_list(conn->ssl, params->openssl_ecdh_curves) + != 1) { + wpa_printf(MSG_ERROR, "wolfSSL: Failed to set ECDH curves '%s'", + params->openssl_ecdh_curves); + return -1; + } + } + tls_set_conn_flags(conn->ssl, params->flags); #ifdef HAVE_CERTIFICATE_STATUS_REQUEST @@ -1871,9 +1880,12 @@ int tls_global_set_params(void *tls_ctx, } if (params->openssl_ecdh_curves) { - wpa_printf(MSG_ERROR, - "wolfSSL: openssl_ecdh_curves not supported"); - return -1; + if (wolfSSL_CTX_set1_curves_list((WOLFSSL_CTX*)tls_ctx, + params->openssl_ecdh_curves) != 1) { + wpa_printf(MSG_ERROR, "wolfSSL: Failed to set ECDH curves '%s'", + params->openssl_ecdh_curves); + return -1; + } } #ifdef HAVE_SESSION_TICKET