wpa_supplicant in FIPS 140-2 mode

Jouni Malinen j
Sat Aug 1 07:17:05 PDT 2015

On Fri, Jul 31, 2015 at 03:16:24PM -0400, Jate Sujjavanich wrote:
> In this post on openssl-users -
> http://marc.info/?l=openssl-users&m=140075543711643&w=2 - one of the
> maintainers of OpenSSL provides an example of how to use the allowed higher
> level EVP_* calls to implement FIPS mode-compatible AES key wrapping. The
> code in the example very closely matches the code within aes-wrap.c and
> aes-unwrap.c. I suggested re-adding that code to avoid code duplication
> without realizing that it's a revert of f19c907
> Would putting the aes_wrap and aes_unwrap calls from aes-[un]wrap.c into
> crypto_openssl.c work?

I don't think it makes much of a difference where this functionality is
as far as the source code files are concerned, so we may as well share
the existing aes-{,un}wrap.c implementation. I have number of
CONFIG_FIPS=y related regression fixes in the pending branch in
hostap.git including a change that does this with a partial revert of
f19c907 (i.e., revert it for the CONFIG_FIPS=y case only). I'm also
replacing the MD5-based EAP workaround with SHA1 and removing MD5
completely from the build to force the issues to show up at build time
rather than as failures during runtime. There are still number of older
protocols that require MD5, so those must not be included in build
configuration when CONFIG_FIPS=y is used.

With those changes, it is now again possible to build wpa_supplicant for
OpenSSL FIPS mode and complete WPA2-Enterprise connection with EAP-TLS.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list