From 44ec48ebfd19c1828c26880d7f32f6e658477e30 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sun, 19 Aug 2012 16:53:15 +0300 Subject: [PATCH] FIPS: Remove md5-non-fips.c Commit c9e08af24fd7dda3f21674cdc744579b8c38fa28 removed the only user of the special case MD5 use that would be allowed in FIPS mode in tls_prf_sha1_md5(). Commit 271dbf1594bea461ea2ea7946a773a30bfa254aa removed the file from the build, but left the implementation into the repository. To clean things up even further, remove this functionality completely since it is not expected to be needed for FIPS mode anymore. Signed-hostap: Jouni Malinen --- src/crypto/Makefile | 1 - src/crypto/crypto.h | 15 ----- src/crypto/crypto_openssl.c | 29 ++-------- src/crypto/md5-non-fips.c | 107 ------------------------------------ src/crypto/md5.h | 10 ---- src/crypto/sha1-tlsprf.c | 9 +-- wpa_supplicant/Android.mk | 3 - wpa_supplicant/Makefile | 5 -- 8 files changed, 9 insertions(+), 170 deletions(-) delete mode 100644 src/crypto/md5-non-fips.c diff --git a/src/crypto/Makefile b/src/crypto/Makefile index 33d0c3434..34e9ac7e9 100644 --- a/src/crypto/Makefile +++ b/src/crypto/Makefile @@ -31,7 +31,6 @@ LIB_OBJS= \ md4-internal.o \ md5.o \ md5-internal.o \ - md5-non-fips.o \ milenage.o \ ms_funcs.o \ rc4.o \ diff --git a/src/crypto/crypto.h b/src/crypto/crypto.h index 3edb7ca24..26b9acf2f 100644 --- a/src/crypto/crypto.h +++ b/src/crypto/crypto.h @@ -41,21 +41,6 @@ int md4_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac); */ int md5_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac); -#ifdef CONFIG_FIPS -/** - * md5_vector_non_fips_allow - MD5 hash for data vector (non-FIPS use allowed) - * @num_elem: Number of elements in the data vector - * @addr: Pointers to the data areas - * @len: Lengths of the data blocks - * @mac: Buffer for the hash - * Returns: 0 on success, -1 on failure - */ -int md5_vector_non_fips_allow(size_t num_elem, const u8 *addr[], - const size_t *len, u8 *mac); -#else /* CONFIG_FIPS */ -#define md5_vector_non_fips_allow md5_vector -#endif /* CONFIG_FIPS */ - /** * sha1_vector - SHA-1 hash for data vector diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c index 5cc32d165..711e312d0 100644 --- a/src/crypto/crypto_openssl.c +++ b/src/crypto/crypto_openssl.c @@ -73,21 +73,14 @@ static BIGNUM * get_group5_prime(void) #define NO_SHA256_WRAPPER #endif -static int openssl_digest_vector(const EVP_MD *type, int non_fips, - size_t num_elem, const u8 *addr[], - const size_t *len, u8 *mac) +static int openssl_digest_vector(const EVP_MD *type, size_t num_elem, + const u8 *addr[], const size_t *len, u8 *mac) { EVP_MD_CTX ctx; size_t i; unsigned int mac_len; EVP_MD_CTX_init(&ctx); -#ifdef CONFIG_FIPS -#ifdef OPENSSL_FIPS - if (non_fips) - EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); -#endif /* OPENSSL_FIPS */ -#endif /* CONFIG_FIPS */ if (!EVP_DigestInit_ex(&ctx, type, NULL)) { wpa_printf(MSG_ERROR, "OpenSSL: EVP_DigestInit_ex failed: %s", ERR_error_string(ERR_get_error(), NULL)); @@ -113,7 +106,7 @@ static int openssl_digest_vector(const EVP_MD *type, int non_fips, int md4_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) { - return openssl_digest_vector(EVP_md4(), 0, num_elem, addr, len, mac); + return openssl_digest_vector(EVP_md4(), num_elem, addr, len, mac); } @@ -177,22 +170,13 @@ out: int md5_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) { - return openssl_digest_vector(EVP_md5(), 0, num_elem, addr, len, mac); + return openssl_digest_vector(EVP_md5(), num_elem, addr, len, mac); } -#ifdef CONFIG_FIPS -int md5_vector_non_fips_allow(size_t num_elem, const u8 *addr[], - const size_t *len, u8 *mac) -{ - return openssl_digest_vector(EVP_md5(), 1, num_elem, addr, len, mac); -} -#endif /* CONFIG_FIPS */ - - int sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) { - return openssl_digest_vector(EVP_sha1(), 0, num_elem, addr, len, mac); + return openssl_digest_vector(EVP_sha1(), num_elem, addr, len, mac); } @@ -200,8 +184,7 @@ int sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) int sha256_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) { - return openssl_digest_vector(EVP_sha256(), 0, num_elem, addr, len, - mac); + return openssl_digest_vector(EVP_sha256(), num_elem, addr, len, mac); } #endif /* NO_SHA256_WRAPPER */ diff --git a/src/crypto/md5-non-fips.c b/src/crypto/md5-non-fips.c deleted file mode 100644 index 418f7828e..000000000 --- a/src/crypto/md5-non-fips.c +++ /dev/null @@ -1,107 +0,0 @@ -/* - * MD5 hash implementation and interface functions (non-FIPS allowed cases) - * Copyright (c) 2003-2009, Jouni Malinen - * - * This software may be distributed under the terms of the BSD license. - * See README for more details. - */ - -#include "includes.h" - -#include "common.h" -#include "md5.h" -#include "crypto.h" - - -/** - * hmac_md5_vector_non_fips_allow - HMAC-MD5 over data vector (RFC 2104) - * @key: Key for HMAC operations - * @key_len: Length of the key in bytes - * @num_elem: Number of elements in the data vector - * @addr: Pointers to the data areas - * @len: Lengths of the data blocks - * @mac: Buffer for the hash (16 bytes) - * Returns: 0 on success, -1 on failure - */ -int hmac_md5_vector_non_fips_allow(const u8 *key, size_t key_len, - size_t num_elem, const u8 *addr[], - const size_t *len, u8 *mac) -{ - u8 k_pad[64]; /* padding - key XORd with ipad/opad */ - u8 tk[16]; - const u8 *_addr[6]; - size_t i, _len[6]; - - if (num_elem > 5) { - /* - * Fixed limit on the number of fragments to avoid having to - * allocate memory (which could fail). - */ - return -1; - } - - /* if key is longer than 64 bytes reset it to key = MD5(key) */ - if (key_len > 64) { - if (md5_vector_non_fips_allow(1, &key, &key_len, tk)) - return -1; - key = tk; - key_len = 16; - } - - /* the HMAC_MD5 transform looks like: - * - * MD5(K XOR opad, MD5(K XOR ipad, text)) - * - * where K is an n byte key - * ipad is the byte 0x36 repeated 64 times - * opad is the byte 0x5c repeated 64 times - * and text is the data being protected */ - - /* start out by storing key in ipad */ - os_memset(k_pad, 0, sizeof(k_pad)); - os_memcpy(k_pad, key, key_len); - - /* XOR key with ipad values */ - for (i = 0; i < 64; i++) - k_pad[i] ^= 0x36; - - /* perform inner MD5 */ - _addr[0] = k_pad; - _len[0] = 64; - for (i = 0; i < num_elem; i++) { - _addr[i + 1] = addr[i]; - _len[i + 1] = len[i]; - } - if (md5_vector_non_fips_allow(1 + num_elem, _addr, _len, mac)) - return -1; - - os_memset(k_pad, 0, sizeof(k_pad)); - os_memcpy(k_pad, key, key_len); - /* XOR key with opad values */ - for (i = 0; i < 64; i++) - k_pad[i] ^= 0x5c; - - /* perform outer MD5 */ - _addr[0] = k_pad; - _len[0] = 64; - _addr[1] = mac; - _len[1] = MD5_MAC_LEN; - return md5_vector_non_fips_allow(2, _addr, _len, mac); -} - - -/** - * hmac_md5_non_fips_allow - HMAC-MD5 over data buffer (RFC 2104) - * @key: Key for HMAC operations - * @key_len: Length of the key in bytes - * @data: Pointers to the data area - * @data_len: Length of the data area - * @mac: Buffer for the hash (16 bytes) - * Returns: 0 on success, -1 on failure - */ -int hmac_md5_non_fips_allow(const u8 *key, size_t key_len, const u8 *data, - size_t data_len, u8 *mac) -{ - return hmac_md5_vector_non_fips_allow(key, key_len, 1, &data, - &data_len, mac); -} diff --git a/src/crypto/md5.h b/src/crypto/md5.h index 4d6e9045a..33f8426c5 100644 --- a/src/crypto/md5.h +++ b/src/crypto/md5.h @@ -15,15 +15,5 @@ int hmac_md5_vector(const u8 *key, size_t key_len, size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac); int hmac_md5(const u8 *key, size_t key_len, const u8 *data, size_t data_len, u8 *mac); -#ifdef CONFIG_FIPS -int hmac_md5_vector_non_fips_allow(const u8 *key, size_t key_len, - size_t num_elem, const u8 *addr[], - const size_t *len, u8 *mac); -int hmac_md5_non_fips_allow(const u8 *key, size_t key_len, const u8 *data, - size_t data_len, u8 *mac); -#else /* CONFIG_FIPS */ -#define hmac_md5_vector_non_fips_allow hmac_md5_vector -#define hmac_md5_non_fips_allow hmac_md5 -#endif /* CONFIG_FIPS */ #endif /* MD5_H */ diff --git a/src/crypto/sha1-tlsprf.c b/src/crypto/sha1-tlsprf.c index e79265bad..0effd9b76 100644 --- a/src/crypto/sha1-tlsprf.c +++ b/src/crypto/sha1-tlsprf.c @@ -71,19 +71,16 @@ int tls_prf_sha1_md5(const u8 *secret, size_t secret_len, const char *label, S2--; } - hmac_md5_vector_non_fips_allow(S1, L_S1, 2, &MD5_addr[1], &MD5_len[1], - A_MD5); + hmac_md5_vector(S1, L_S1, 2, &MD5_addr[1], &MD5_len[1], A_MD5); hmac_sha1_vector(S2, L_S2, 2, &SHA1_addr[1], &SHA1_len[1], A_SHA1); MD5_pos = MD5_MAC_LEN; SHA1_pos = SHA1_MAC_LEN; for (i = 0; i < outlen; i++) { if (MD5_pos == MD5_MAC_LEN) { - hmac_md5_vector_non_fips_allow(S1, L_S1, 3, MD5_addr, - MD5_len, P_MD5); + hmac_md5_vector(S1, L_S1, 3, MD5_addr, MD5_len, P_MD5); MD5_pos = 0; - hmac_md5_non_fips_allow(S1, L_S1, A_MD5, MD5_MAC_LEN, - A_MD5); + hmac_md5(S1, L_S1, A_MD5, MD5_MAC_LEN, A_MD5); } if (SHA1_pos == SHA1_MAC_LEN) { hmac_sha1_vector(S2, L_S2, 3, SHA1_addr, SHA1_len, diff --git a/wpa_supplicant/Android.mk b/wpa_supplicant/Android.mk index a3b155077..f6676491e 100644 --- a/wpa_supplicant/Android.mk +++ b/wpa_supplicant/Android.mk @@ -1093,9 +1093,6 @@ ifdef NEED_MD5 ifdef CONFIG_INTERNAL_MD5 MD5OBJS += src/crypto/md5-internal.c endif -ifdef CONFIG_FIPS -MD5OBJS += src/crypto/md5-non-fips.c -endif OBJS += $(MD5OBJS) OBJS_p += $(MD5OBJS) endif diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile index 0aa6a9983..eb64725d9 100644 --- a/wpa_supplicant/Makefile +++ b/wpa_supplicant/Makefile @@ -1122,11 +1122,6 @@ ifdef NEED_MD5 ifdef CONFIG_INTERNAL_MD5 MD5OBJS += ../src/crypto/md5-internal.o endif -ifdef CONFIG_FIPS -ifdef NEED_TLS_PRF -MD5OBJS += ../src/crypto/md5-non-fips.o -endif -endif OBJS += $(MD5OBJS) OBJS_p += $(MD5OBJS) endif