diff --git a/components/wpa_supplicant/src/fast_crypto/fast_crypto_internal-cipher.c b/components/wpa_supplicant/src/fast_crypto/fast_crypto_internal-cipher.c index 472e17326..826d365e8 100644 --- a/components/wpa_supplicant/src/fast_crypto/fast_crypto_internal-cipher.c +++ b/components/wpa_supplicant/src/fast_crypto/fast_crypto_internal-cipher.c @@ -77,9 +77,9 @@ struct crypto_cipher * fast_crypto_cipher_init(enum crypto_cipher_alg alg, break; case CRYPTO_CIPHER_ALG_AES: mbedtls_aes_init(&(ctx->u.aes.ctx_enc)); - mbedtls_aes_setkey_enc(&(ctx->u.aes.ctx_enc), key, 256); + mbedtls_aes_setkey_enc(&(ctx->u.aes.ctx_enc), key, key_len * 8); mbedtls_aes_init(&(ctx->u.aes.ctx_dec)); - mbedtls_aes_setkey_dec(&(ctx->u.aes.ctx_dec), key, 256); + mbedtls_aes_setkey_dec(&(ctx->u.aes.ctx_dec), key, key_len * 8); os_memcpy(ctx->u.aes.cbc, iv, AES_BLOCK_SIZE); break; #ifdef CONFIG_DES3 diff --git a/components/wpa_supplicant/src/wpa2/tls/tlsv1_client.c b/components/wpa_supplicant/src/wpa2/tls/tlsv1_client.c index 5283af2c4..62753b3b5 100644 --- a/components/wpa_supplicant/src/wpa2/tls/tlsv1_client.c +++ b/components/wpa_supplicant/src/wpa2/tls/tlsv1_client.c @@ -463,7 +463,9 @@ struct tlsv1_client * tlsv1_client_init(void) suites[count++] = TLS_RSA_WITH_AES_256_CBC_SHA; suites[count++] = TLS_RSA_WITH_AES_128_CBC_SHA256; suites[count++] = TLS_RSA_WITH_AES_128_CBC_SHA; +#ifdef CONFIG_DES3 suites[count++] = TLS_RSA_WITH_3DES_EDE_CBC_SHA; +#endif suites[count++] = TLS_RSA_WITH_RC4_128_SHA; suites[count++] = TLS_RSA_WITH_RC4_128_MD5; conn->num_cipher_suites = count; @@ -560,12 +562,16 @@ int tlsv1_client_get_cipher(struct tlsv1_client *conn, char *buf, case TLS_RSA_WITH_RC4_128_SHA: cipher = "RC4-SHA"; break; +#ifdef CONFIG_DES case TLS_RSA_WITH_DES_CBC_SHA: cipher = "DES-CBC-SHA"; break; +#endif +#ifdef CONFIG_DES3 case TLS_RSA_WITH_3DES_EDE_CBC_SHA: cipher = "DES-CBC3-SHA"; break; +#endif case TLS_DH_anon_WITH_AES_128_CBC_SHA256: cipher = "ADH-AES-128-SHA256"; break; @@ -601,12 +607,16 @@ int tlsv1_client_get_cipher(struct tlsv1_client *conn, char *buf, case TLS_RSA_WITH_RC4_128_SHA: strcpy(cipher, "RC4-SHA"); break; +#ifdef CONFIG_DES case TLS_RSA_WITH_DES_CBC_SHA: strcpy(cipher, "DES-CBC-SHA"); break; +#endif +#ifdef CONFIG_DES3 case TLS_RSA_WITH_3DES_EDE_CBC_SHA: strcpy(cipher, "DES-CBC3-SHA"); break; +#endif case TLS_DH_anon_WITH_AES_128_CBC_SHA256: strcpy(cipher, "ADH-AES-128-SHA256"); break; @@ -780,9 +790,13 @@ int tlsv1_client_set_cipher_list(struct tlsv1_client *conn, u8 *ciphers) suites[count++] = TLS_DH_anon_WITH_AES_256_CBC_SHA; suites[count++] = TLS_DH_anon_WITH_AES_128_CBC_SHA256; suites[count++] = TLS_DH_anon_WITH_AES_128_CBC_SHA; +#ifdef CONFIG_DES3 suites[count++] = TLS_DH_anon_WITH_3DES_EDE_CBC_SHA; +#endif suites[count++] = TLS_DH_anon_WITH_RC4_128_MD5; +#ifdef CONFIG_DES suites[count++] = TLS_DH_anon_WITH_DES_CBC_SHA; +#endif /* * Cisco AP (at least 350 and 1200 series) local authentication diff --git a/components/wpa_supplicant/src/wpa2/tls/tlsv1_common.c b/components/wpa_supplicant/src/wpa2/tls/tlsv1_common.c index 9d17928db..38d0b694d 100644 --- a/components/wpa_supplicant/src/wpa2/tls/tlsv1_common.c +++ b/components/wpa_supplicant/src/wpa2/tls/tlsv1_common.c @@ -31,16 +31,24 @@ static const struct tls_cipher_suite tls_cipher_suites[] = { TLS_HASH_MD5 }, { TLS_RSA_WITH_RC4_128_SHA, TLS_KEY_X_RSA, TLS_CIPHER_RC4_128, TLS_HASH_SHA }, +#ifdef CONFIG_DES { TLS_RSA_WITH_DES_CBC_SHA, TLS_KEY_X_RSA, TLS_CIPHER_DES_CBC, TLS_HASH_SHA }, +#endif +#ifdef CONFIG_DES3 { TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_KEY_X_RSA, TLS_CIPHER_3DES_EDE_CBC, TLS_HASH_SHA }, +#endif { TLS_DH_anon_WITH_RC4_128_MD5, TLS_KEY_X_DH_anon, TLS_CIPHER_RC4_128, TLS_HASH_MD5 }, +#ifdef CONFIG_DES { TLS_DH_anon_WITH_DES_CBC_SHA, TLS_KEY_X_DH_anon, TLS_CIPHER_DES_CBC, TLS_HASH_SHA }, +#endif +#ifdef CONFIG_DES3 { TLS_DH_anon_WITH_3DES_EDE_CBC_SHA, TLS_KEY_X_DH_anon, TLS_CIPHER_3DES_EDE_CBC, TLS_HASH_SHA }, +#endif { TLS_RSA_WITH_AES_128_CBC_SHA, TLS_KEY_X_RSA, TLS_CIPHER_AES_128_CBC, TLS_HASH_SHA }, { TLS_DH_anon_WITH_AES_128_CBC_SHA, TLS_KEY_X_DH_anon, @@ -74,12 +82,16 @@ static const struct tls_cipher_data tls_ciphers[] = { CRYPTO_CIPHER_ALG_RC4 }, { TLS_CIPHER_RC4_128, TLS_CIPHER_STREAM, 16, 16, 0, CRYPTO_CIPHER_ALG_RC4 }, +#ifdef CONFIG_DES { TLS_CIPHER_DES40_CBC, TLS_CIPHER_BLOCK, 5, 8, 8, CRYPTO_CIPHER_ALG_DES }, { TLS_CIPHER_DES_CBC, TLS_CIPHER_BLOCK, 8, 8, 8, CRYPTO_CIPHER_ALG_DES }, +#endif +#ifdef CONFIG_DES3 { TLS_CIPHER_3DES_EDE_CBC, TLS_CIPHER_BLOCK, 24, 24, 8, CRYPTO_CIPHER_ALG_3DES }, +#endif { TLS_CIPHER_AES_128_CBC, TLS_CIPHER_BLOCK, 16, 16, 16, CRYPTO_CIPHER_ALG_AES }, { TLS_CIPHER_AES_256_CBC, TLS_CIPHER_BLOCK, 32, 32, 16, diff --git a/components/wpa_supplicant/src/wpa2/tls/tlsv1_server.c b/components/wpa_supplicant/src/wpa2/tls/tlsv1_server.c index 642b09c7b..95118aa05 100644 --- a/components/wpa_supplicant/src/wpa2/tls/tlsv1_server.c +++ b/components/wpa_supplicant/src/wpa2/tls/tlsv1_server.c @@ -363,7 +363,9 @@ struct tlsv1_server * tlsv1_server_init(struct tlsv1_credentials *cred) suites = conn->cipher_suites; suites[count++] = TLS_RSA_WITH_AES_256_CBC_SHA; suites[count++] = TLS_RSA_WITH_AES_128_CBC_SHA; +#ifdef CONFIG_DES3 suites[count++] = TLS_RSA_WITH_3DES_EDE_CBC_SHA; +#endif suites[count++] = TLS_RSA_WITH_RC4_128_SHA; suites[count++] = TLS_RSA_WITH_RC4_128_MD5; conn->num_cipher_suites = count; @@ -471,12 +473,16 @@ int tlsv1_server_get_cipher(struct tlsv1_server *conn, char *buf, case TLS_RSA_WITH_RC4_128_SHA: cipher = "RC4-SHA"; break; +#ifdef CONFIG_DES case TLS_RSA_WITH_DES_CBC_SHA: cipher = "DES-CBC-SHA"; break; +#endif +#ifdef CONFIG_DES3 case TLS_RSA_WITH_3DES_EDE_CBC_SHA: cipher = "DES-CBC3-SHA"; break; +#endif case TLS_DH_anon_WITH_AES_128_CBC_SHA: cipher = "ADH-AES-128-SHA"; break;