From 42c1c447ddb95124b495936df9bb57565f5b15d4 Mon Sep 17 00:00:00 2001
From: Ze Gan <ganze718@gmail.com>
Date: Tue, 19 Mar 2024 20:38:33 +0800
Subject: [PATCH] enable fips

Signed-off-by: Ze Gan <ganze718@gmail.com>
---
 debian/config/wpasupplicant/linux | 3 +++
 src/crypto/crypto_openssl.c       | 1 +
 2 files changed, 4 insertions(+)

diff --git a/debian/config/wpasupplicant/linux b/debian/config/wpasupplicant/linux
index 55c8ee570..b16282f32 100644
--- a/debian/config/wpasupplicant/linux
+++ b/debian/config/wpasupplicant/linux
@@ -603,3 +603,6 @@ CONFIG_OWE=y
 # This requires CONFIG_IEEE80211W=y to be enabled, too. (see
 # wpa_supplicant/README-DPP for details)
 CONFIG_DPP=y
+
+CONFIG_FIPS=y
+CONFIG_OPENSSL_CMAC=y
diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
index 8c3484abe..68adda153 100644
--- a/src/crypto/crypto_openssl.c
+++ b/src/crypto/crypto_openssl.c
@@ -1218,6 +1218,7 @@ int crypto_get_random(void *buf, size_t len)
 int omac1_aes_vector(const u8 *key, size_t key_len, size_t num_elem,
 		     const u8 *addr[], const size_t *len, u8 *mac)
 {
+	wpa_printf(MSG_ERROR, "Openssl  CMAC: omac1_aes_vector");
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
 	EVP_MAC_CTX *ctx = NULL;
 	EVP_MAC *emac;