# Use Android specific directory for control interface sockets
L_CFLAGS += -DCONFIG_CTRL_IFACE_CLIENT_DIR=\"/data/misc/wifi/sockets\"
-L_CFLAGS += -DCONFIG_CTRL_IFACE_DIR=\"/data/system/wpa_supplicant\"
+L_CFLAGS += -DCONFIG_CTRL_IFACE_DIR=\"/data/misc/wifi/sockets\"
# Use Android specific directory for wpa_cli command completion history
L_CFLAGS += -DCONFIG_WPA_CLI_HISTORY_DIR=\"/data/misc/wifi\"
OBJS += src/eap_peer/eap_ttls.c
OBJS_h += src/eap_server/eap_server_ttls.c
endif
-MS_FUNCS=y
TLS_FUNCS=y
+ifndef CONFIG_FIPS
+MS_FUNCS=y
CHAP=y
+endif
CONFIG_IEEE8021X_EAPOL=y
endif
NEED_DH_GROUPS=y
NEED_DH_GROUPS_ALL=y
NEED_SHA256=y
+NEED_AES_CBC=y
endif
ifdef CONFIG_WPS
ifdef NEED_FIPS186_2_PRF
OBJS += src/crypto/fips_prf_openssl.c
endif
+NEED_SHA256=y
+NEED_TLS_PRF_SHA256=y
LIBS += -lcrypto
LIBS_p += -lcrypto
ifdef CONFIG_TLS_ADD_DL
endif
ifneq ($(CONFIG_TLS), openssl)
+NEED_INTERNAL_AES_WRAP=y
+endif
+ifdef CONFIG_OPENSSL_INTERNAL_AES_WRAP
+# Seems to be needed at least with BoringSSL
+NEED_INTERNAL_AES_WRAP=y
+L_CFLAGS += -DCONFIG_OPENSSL_INTERNAL_AES_WRAP
+endif
+ifdef CONFIG_FIPS
+# Have to use internal AES key wrap routines to use OpenSSL EVP since the
+# OpenSSL AES_wrap_key()/AES_unwrap_key() API is not available in FIPS mode.
+NEED_INTERNAL_AES_WRAP=y
+endif
+
+ifdef NEED_INTERNAL_AES_WRAP
AESOBJS += src/crypto/aes-unwrap.c
endif
ifdef NEED_AES_EAX
endif
ifdef NEED_AES_WRAP
NEED_AES_ENC=y
-ifneq ($(CONFIG_TLS), openssl)
+ifdef NEED_INTERNAL_AES_WRAP
AESOBJS += src/crypto/aes-wrap.c
endif
endif
endif
endif
+ifdef CONFIG_NO_RC4
+L_CFLAGS += -DCONFIG_NO_RC4
+endif
+
ifdef NEED_RC4
ifdef CONFIG_INTERNAL_RC4
+ifndef CONFIG_NO_RC4
OBJS += src/crypto/rc4.c
endif
endif
+endif
SHA256OBJS = # none by default
ifdef NEED_SHA256
endif
ifdef NEED_SHA384
L_CFLAGS += -DCONFIG_SHA384
+OBJS += src/crypto/sha384-prf.c
endif
ifdef NEED_DH_GROUPS